Welcome to WebmasterWorld Guest from 35.172.217.40

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Access level control using PHP and mySQL

It doesn't work....

     
7:17 pm on Jun 3, 2004 (gmt 0)

New User

10+ Year Member

joined:Mar 12, 2004
posts:18
votes: 0


Hello,
I am setting up a login for my site, using a very simple table in mySQL and Dreamweaver's PHP behaviours. In my table thereis:
username
password
email
access_level

I just cannot get the access level to work at all. I have used the 'restrict access to page' on the pages in question, specifying my two levels of access - 'board' and 'user. It either lets everyone in regardless or lets no one in. I have followed two different tutorials on this and nothing seems to work. Where am I going wrong? It should be easy! Ha!

thanks

4:35 pm on June 4, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member ergophobe is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 25, 2002
posts:8639
votes: 287


jimbob,

I suspect most people reading here don't know much about Dreamweaver's PHP Behaviors. you might try either asking the question on the wysiwyg forum or telling a little bit more about how it's authenticating users.

Do you have it set up so that every page includes some sort of header that checks access privileges?

Are you then keeping track of the userid and access_level via sessions?

Tom

5:37 pm on June 4, 2004 (gmt 0)

New User

10+ Year Member

joined:Mar 12, 2004
posts:18
votes: 0


Hi Tom,
ok - the log-in page has this....

<?php require_once('Connections/myconnection.php');?><?php
// *** Validate request to login to this site.
session_start();

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {
$GLOBALS['PrevUrl'] = $accesscheck;
session_register('PrevUrl');
}

if (isset($_POST['username'])) {
$loginUsername=$_POST['username'];
$password=$_POST['password'];
$MM_fldUserAuthorization = "access_level";
$MM_redirectLoginSuccess = "board_area/index.php";
$MM_redirectLoginFailed = "login_failed.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_myconnection, $myconnection);

$LoginRS__query=sprintf("SELECT username, password, access_level FROM users WHERE username='%s' AND password='%s'",
get_magic_quotes_gpc()? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc()? $password : addslashes($password));

$LoginRS = mysql_query($LoginRS__query, $myconnection) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {

$loginStrGroup = mysql_result($LoginRS,0,'access_level');

//declare two session variables and assign them
$GLOBALS['MM_Username'] = $loginUsername;
$GLOBALS['MM_UserGroup'] = $loginStrGroup;

//register the session variables
session_register("MM_Username");
session_register("MM_UserAuthorization");

if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>

and each page has this:

<?php
// *** Restrict Access To Page: Grant or deny access to this page
$FF_authorizedUsers=" board";
$FF_authFailedURL="../fund_investors/fund_investors1.php";
$FF_grantAccess=0;
session_start();
if (isset($HTTP_SESSION_VARS["MM_Username"])) {
if (true ¦¦!(isset($HTTP_SESSION_VARS["MM_UserAuthorization"])) ¦¦ $HTTP_SESSION_VARS["MM_UserAuthorization"]=="" ¦¦ strpos($FF_authorizedUsers, $HTTP_SESSION_VARS["MM_UserAuthorization"])) {
$FF_grantAccess = 1;
}
}
if (!$FF_grantAccess) {
$FF_qsChar = "?";
if (strpos($FF_authFailedURL, "?")) $FF_qsChar = "&";
$FF_referrer = "Restricted Area";
$FF_authFailedURL = $FF_authFailedURL . $FF_qsChar . "accessdenied=" . urlencode($FF_referrer);
header("Location: $FF_authFailedURL");
exit;
}
?>

does this make any sense?

cheers
J

6:38 pm on June 4, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member ergophobe is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 25, 2002
posts:8639
votes: 287


That more or less makes sense, though it seems fairly convoluted. Obviously written by two different people or at two different times since one part uses $_SESSION and the other uses $HTTP_SESSION_VARS.

In any case, I can't see offhand why it's not working. What happens if you add the following to the bottom of a page

echo "<pre>";
echo<p>GLOBALS</p>
print_r($GLOBALS);

echo<p>SESSION</p>
print_r($_SESSION);

echo<p>POST</p>
print_r($_POST);

echo "\nFF_grantAccess = $FF_grantAccess \n";

echo "</pre>";

6:48 pm on June 4, 2004 (gmt 0)

New User

10+ Year Member

joined:Mar 12, 2004
posts:18
votes: 0


Sorry you'll have to bear with me - when you say the bottom of the page - you mean literall at the bottom, after the </html> tag? or do you mean at the end of the php bit at the top...?
7:07 pm on June 4, 2004 (gmt 0)

New User

10+ Year Member

joined:Mar 12, 2004
posts:18
votes: 0


ok - figured that out - and I can see where it's posting the results of the echo - but I'm none the wiser...

:-(

7:28 pm on June 4, 2004 (gmt 0)

New User

10+ Year Member

joined:Mar 12, 2004
posts:18
votes: 0


The 'user' / 'password' element of this is working, it's just the access level that isn't....
8:48 pm on June 4, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member ergophobe is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 25, 2002
posts:8639
votes: 287


So try it with a couple of different users (i.e. ones that should have different access levels) and see what it's giving you for variables like

$GLOBALS['MM_UserGroup']
$FF_grantAccess

The thing you want to see is whether or not it's setting the access level correctly, but ignoring the setting, or simply setting it the same for everyone.

Tom

9:09 pm on June 4, 2004 (gmt 0)

New User

10+ Year Member

joined:Mar 12, 2004
posts:18
votes: 0


Um...well, for a user that should NOT be able to get into this page it returns:

echoGLOBALS
print_r($GLOBALS);

echoSESSION
print_r($_SESSION);

echoPOST
print_r($_POST);

echo "\nFF_grantAccess = $FF_grantAccess \n";

for a user that SHOULD be allowed access it gives:

echoGLOBALS
print_r($GLOBALS);

echoSESSION
print_r($_SESSION);

echoPOST
print_r($_POST);

echo "\nFF_grantAccess = $FF_grantAccess \n";

exactly the same...what does this mean?

12:09 am on June 5, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member ergophobe is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 25, 2002
posts:8639
votes: 287


Your page is not parsing the PHP. It should not be printing "print_r" to the screen, but the output from print_r(), a list of variables and their values.

Tom

9:39 am on June 5, 2004 (gmt 0)

New User

10+ Year Member

joined:Mar 12, 2004
posts:18
votes: 0


I sorted it...well..cheated really. Used another set of login extensions which seem to work this time! Thanks for all your help though.

J

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members