Can security assist replace ADDT userlevels?

ie


1) Assign a user level to a user (via login and password)

2) Take you to a particular page depending on your user level at login

3) Show page content depending on user level?

tia

Paul

Yes... Security Assist allows you to define any number of rules and save any number of session variables from the user table at login. So you can easily store the access level as a session variable and create rules depending on the session variable values.

Those rules can then be used to redirect based on those rules and to hide and show content on any given page after login.

Hi! I have a related question to this.

I had set-up a website with ADDT (Adobe Developers Toolkit) - this software is not longer supported by Adobe and won't work with DW CS4 so I'm trying to find another solution.

Will Security Assist work with an existing ADDT created Log-in Security system? I'm now trying to create a store on my secure site and was hoping that I could use the Data Assist tools to do this while working with the existing User Log-in information as well as my existing user database.

Is this possible? And is there any documentation on how to do this anywhere on your site?

Yes I believe it would work with the existing login page. As long as you know the names of the session variables it stores.

Hi Ray Bordulin,
Have been following your response to questions posted by your clients. You are doing a great job. Keep it up.
Have a question regarding Security Assist. How can I use Security Assist such that when my client complete a registration form in my site, the client is sent an automatic email link requiring them to activate his registration by clicking on the link. In other words, can I use Security assist to set up a registration form similar to User Registration Solution Pack? I understand I will need Data Assist, but can you clue me on how to achive this?
Thanks
buonsen

You would need Security Assist, Data Assist, and Universal Email.

This is how the user registration starter pack was created. You need to add a boolean "emailVerified" field to your table as well as a "VerificationCode". You can use security assist to generate a random string that you can store in the user record when registering using the dataassist insert server behavior and set the emailVerifed field to false or zero.

Then use Universal Email to send an email to the user email address that just registered. Include in it a link back to your site that includes the email address and verificationCode as url parameters. The page that it links back to can just have the text "Thank you for verifying your email address". It would have a recordset on the top of the page that would filter by the email address and verification code included in the url and return the record ID of the verified user. Then use DataAssist to update that user record and mark it as verified on that page based on the trigger that checks to make sure that recordset is not empty.

Hi Ray,
Thanks for your prompt feedback. I have Security Assist and will be willing to purchase Data Assist and Universal Email if you can help me. I am not a php guru. Will you be willing to give me a step by step procedure to generate the script similar to User Registration Solution Pack?
Thanks
buonsen

I would suggest purchasing the products and the solution as a working example of what to do.

I think I have already described the steps, but I will still be here if you have questions when going through them.

Hi I'm just trying to follow your instuctions using security assist, Data assist and universal. Do you have to replace the the registration pages insert record behaviour created by security assist with one created by data assist to get the randomstring to store in the user record.

Yes. In the future we will be combining SecurityAssist to use DataAssist functionality by default. Currently it uses the Dreamweaver server behaviors in case you don't have dataassist installed.

Thanks one other problem I am having is getting Dreamweavers check user name to work with the data assists insert record server behaviour.

Can you check the code to see if theres anything i need to alter

<%
' *** Redirect if username exists
MM_flag = "MM_insert"
If (CStr(Request(MM_flag)) <> "") Then
Dim MM_rsKey
Dim MM_rsKey_cmd

MM_dupKeyRedirect = "test.asp"
MM_dupKeyUsernameValue = CStr(Request.Form("Email"))
Set MM_rsKey_cmd = Server.CreateObject ("ADODB.Command")
MM_rsKey_cmd.ActiveConnection = MM_hostspaced_STRING
MM_rsKey_cmd.CommandText = "SELECT Email FROM users WHERE Email = ?"
MM_rsKey_cmd.Prepared = true
MM_rsKey_cmd.Parameters.Append MM_rsKey_cmd.CreateParameter("param1", 200, 1, 50, MM_dupKeyUsernameValue) ' adVarChar
Set MM_rsKey = MM_rsKey_cmd.Execute
If Not MM_rsKey.EOF Or Not MM_rsKey.BOF Then
' the username was found - can not add the requested username
MM_qsChar = "?"
If (InStr(1, MM_dupKeyRedirect, "?") >= 1) Then MM_qsChar = "&"
MM_dupKeyRedirect = MM_dupKeyRedirect & MM_qsChar & "requsername=" & MM_dupKeyUsernameValue
Response.Redirect(MM_dupKeyRedirect)
End If
MM_rsKey.Close
End If
%>
<%
' WA Application Builder Insert
if (Request.ServerVariables("Request_Method") = "POST") then
WA_connection = MM_hostspaced_STRING
WA_table = "users"
WA_sessionName = "users_userID"
WA_redirectURL = ""
WA_keepQueryString = false
WA_indexField = "userID"
WA_fieldNamesStr = "Email"
WA_fieldValuesStr = "" & cStr(cStr(Request.Form("Email"))) & ""
WA_columnTypesStr = "',none,''"
WA_comparisonStr = " LIKE "
WA_fieldNames = Split(WA_fieldNamesStr,"|")
WA_fieldValues = Split(WA_fieldValuesStr,"|")
WA_columns = Split(WA_columnTypesStr,"|")
WA_comparisions = Split(WA_comparisonStr, "|")

insertParamsObj = WA_AB_generateInsertParams(WA_fieldNames, WA_columns, WA_fieldValues, -1)
set MM_editCmd = Server.CreateObject("ADODB.Command")
MM_editCmd.ActiveConnection = WA_connection
MM_editCmd.CommandText = "INSERT INTO " & WA_table & " (" & insertParamsObj(1) & ") VALUES (" & insertParamsObj(2) & ")"
MM_editCmd.Execute()
MM_editCmd.ActiveConnection.Close()
obj = WA_AB_generateWhereClause(WA_fieldNames, WA_columns, WA_fieldValues, WA_comparisions)
sqlstr = "SELECT " & WA_indexField & " FROM " & WA_table & " WHERE " & obj & " ORDER BY " & WA_indexField & " DESC"
set WA_AppBuilderRecordset = Server.CreateObject("ADODB.Recordset")
WA_AppBuilderRecordset.ActiveConnection = WA_connection
WA_AppBuilderRecordset.Source = sqlstr
WA_AppBuilderRecordset.CursorType = 0
WA_AppBuilderRecordset.CursorLocation = 2
WA_AppBuilderRecordset.LockType = 1
WA_AppBuilderRecordset.Open()
if (NOT WA_AppBuilderRecordset.EOF) then Session(WA_sessionName) = WA_AppBuilderRecordset.Fields.Item(WA_indexField). Value
WA_AppBuilderRecordset.Close()
if (WA_redirectURL <> "") then
if (WA_keepQueryString AND Request.QueryString <> "" AND Request.QueryString.Count > 0) then
if (inStr(WA_redirectURL,"?") > 0) then
WA_redirectURL = WA_redirectURL & "&"
else
WA_redirectURL = WA_redirectURL & "?"
end if
WA_redirectURL = WA_redirectURL & Request.QueryString
end if
Response.Redirect(WA_redirectURL)
end if
end if
%>

Update:
If (CStr(Request(MM_flag)) <> "") Then

to:
if (Request.ServerVariables("Request_Method") = "POST") then

Thanks Ray thats fixed it.

Sorry I'm still trying to work out how when somebody fills out a registration form they get an automatatic email activating their account. The email bit is easy but I'm not quite sure about the rest.
I created two new fields in my database table one for the verifiation code which I use dataassist insert record to store the random password in. I also created a tinyinteger and set defalut zero (Is that right for boolean )

When I edit the universal email body and click on the lightening thing and choose verfied email from the form, it comes back blank inthe email, but I guess it would because theres nothign entered so what should I choose.

I wonder if you can give me more detailed help on how to do this as I cant really work it out from your pevious post on this thread.

Thanks

I can try to help. Zero is a good default for boolean. Make sure you are chosing the email directly from the form not the "Validated" form. "Validated" is actually for repopulating a form after a failed server validation. Those will be blank when the validation succeeds, which may the be the whole source of yoru problem.

No it is from the form and although the database field is being populated the email is blank

That makes no sense... do they use the same trigger?

Maybe post the code where the email body is set and I can see if I can spot the problem.

The trigger is set to anyform post on both insert record and universal email

<%
function WA_Universal_Email_1_SendMail(RecipientEmail)
dim MailObject, MailAttachments, MailBCC, MailCC, MailTo, MailBodyFormat, MailBody, MailImportance, MailFrom, MailSubject
MailAttachments = ""
MailBCC = ""
MailCC = ""
MailTo = ""
MailBodyFormat = ""
MailBody = ""
MailImportance = ""
MailFrom = "Paul Conway|WA|paul@hostspaced.com"
MailSubject = "Registration"

'Global Variables
gBodyFormat = ""

set WA_MailObject = WAUE_Definition("mail.hostspaced.com","25","paul@hostspaced.com","rachael")

if (RecipientEmail <> "") then
set WA_MailObject = WAUE_AddRecipient(WA_MailObject,RecipientEmail)
else
'To Entries
end if

'Attachment Entries

'BCC Entries

'CC Entries

'Character Set

'Body Format
set WA_MailObject = WAUE_BodyFormat(WA_MailObject,0)
MailBodyFormat = gBodyFormat

'Set Importance
set WA_MailObject = WAUE_SetImportance(WA_MailObject,"3")

'Start Mail Body
MailBody = MailBody & ""
MailBody = MailBody & cStr(Request.Form("verificationcode"))
MailBody = MailBody & ""
'End Mail Body

set WA_MailObject = WAUE_SendMail(WA_MailObject,MailAttachments,MailBC C,MailCC,MailTo,MailImportance,MailFrom,MailSubjec t,MailBody)

set WA_MailObject = nothing
end function
%>

Thanks

ok and what is the code that does the insert?

It doesn't seem to insert the verificationcode... does it? Shouldn't it be set in the database somewhere?

<%
' WA Application Builder Insert
if (Request.ServerVariables("Request_Method") = "POST") then
WA_connection = MM_hostspaced_STRING
WA_table = "users"
WA_sessionName = "users_userID"
WA_redirectURL = "users_Profile.asp"
WA_keepQueryString = false
WA_indexField = "userID"
WA_fieldNamesStr = "Email|FirstName|verificationcode"
WA_fieldValuesStr = "" & cStr(cStr(Request.Form("Email"))) & "" & "|" & "" & cStr(cStr(Request.Form("FirstName"))) & "" & "|" & "" & cStr(WA_RandomPassword(9, true, true, true, "")) & ""
WA_columnTypesStr = "',none,''|',none,''|',none,''"
WA_comparisonStr = " LIKE | LIKE | LIKE "
WA_fieldNames = Split(WA_fieldNamesStr,"|")
WA_fieldValues = Split(WA_fieldValuesStr,"|")
WA_columns = Split(WA_columnTypesStr,"|")
WA_comparisions = Split(WA_comparisonStr, "|")

insertParamsObj = WA_AB_generateInsertParams(WA_fieldNames, WA_columns, WA_fieldValues, -1)
set MM_editCmd = Server.CreateObject("ADODB.Command")
MM_editCmd.ActiveConnection = WA_connection
MM_editCmd.CommandText = "INSERT INTO " & WA_table & " (" & insertParamsObj(1) & ") VALUES (" & insertParamsObj(2) & ")"
MM_editCmd.Execute()
MM_editCmd.ActiveConnection.Close()
obj = WA_AB_generateWhereClause(WA_fieldNames, WA_columns, WA_fieldValues, WA_comparisions)
sqlstr = "SELECT " & WA_indexField & " FROM " & WA_table & " WHERE " & obj & " ORDER BY " & WA_indexField & " DESC"
set WA_AppBuilderRecordset = Server.CreateObject("ADODB.Recordset")
WA_AppBuilderRecordset.ActiveConnection = WA_connection
WA_AppBuilderRecordset.Source = sqlstr
WA_AppBuilderRecordset.CursorType = 0
WA_AppBuilderRecordset.CursorLocation = 2
WA_AppBuilderRecordset.LockType = 1
WA_AppBuilderRecordset.Open()
if (NOT WA_AppBuilderRecordset.EOF) then Session(WA_sessionName) = WA_AppBuilderRecordset.Fields.Item(WA_indexField). Value
WA_AppBuilderRecordset.Close()
if (WA_redirectURL <> "") then
if (WA_keepQueryString AND Request.QueryString <> "" AND Request.QueryString.Count > 0) then
if (inStr(WA_redirectURL,"?") > 0) then
WA_redirectURL = WA_redirectURL & "&"
else
WA_redirectURL = WA_redirectURL & "?"
end if
WA_redirectURL = WA_redirectURL & Request.QueryString
end if
Response.Redirect(WA_redirectURL)
end if
end if
%>

It inserts it into the database field.

OK, then that is the problem.

You will want to create the random password as a session variable. Then you can refer to that session variable as both the database field and in the body of the email.

Use the Set Session Value server behavior that comes with eCart and/or cookies toolkit, or just write the code by hand on top of the page:

Session("verificationcode") = cStr(WA_RandomPassword(9, true, true, true, "")

Then in the Insert it becomes:

WA_fieldValuesStr = "" & cStr(cStr(Request.Form("Email"))) & "" & "|" & "" & cStr(cStr(Request.Form("FirstName"))) & "" & "|" & "" & cStr(Session("verificationcode")) & ""

and in the email it becomes:

Mailbody = Mailbody & cStr(Session("verificationcode"))

Thanks for your help once again Ray. I'll try that later tonight and no doubt be back to you with another problem tomorrow.

Hi as per my request a couple of posts ago about help with getting an email from a registration with a link to a page to activate the user.

i got a link in the email which looks like this
http://www.hostspaced.com/manageproducts/verification.asp?dssgssxx222dpaul@conwayss.aquiss. com=A5rG4tAM1

is that correct or should I use the primary key userID instead of the email address in the link.

Using the email as the parameter seems like the wrong choice, same as the ID... I'd just do:

verification.asp?id=13&code=A5rG4tAM1

That way the parameter names stay consistant. You could use ID or email address I don't think it would matter much which so I'd go with ID since it looks cleaner.

Now I am slightly confused as how do I use the ID field. I'm getting the email from the registration form. If the ID number is autogenerated after the form is submitted, how do I do that.

I think the webassist server behavior used to insert the record should store a session variable with the newly inserted ID for just such an occasion. If you can't get it to work, it would be just as good to use:

verification.asp?email=test@test.com&code=A5rG4tAM1

Thanks I did that. Now I just need a little more help with the page that the email goes to. I created a recordset and filtered by email and the code. Then I created an update record server behaviour but am not quite sure about that. I trigured it by recordset not empty used userID as key column, then on the next page I chose the boolean verification field but I dont know what I need to do with it to make it work

leave the update trigger as the button press.

Move the recordset code above the server validation code and add number validation for the variable that stores the total records returned.

Then you can add the error message to the page announcing when an error occurs.

Theres no button press trigger so I left it as any form post. Do I set the number validation to 0. I did a error message show if recordset total number fails. It returns everytime but I'm not sure what I am suppose to be doing.

Set both minimum and maximum to 1 for the number validation. Maybe post your validation code and recordset above it and I can see if I can spot the problem.

<%
Dim Recordset1__MMColParam
Recordset1__MMColParam = "1"
If (Request.QueryString("Email") <> "") Then
Recordset1__MMColParam = Request.QueryString("Email")
End If
%>
<%
Dim Recordset1__MMColParam1
Recordset1__MMColParam1 = "1"
If (Request.QueryString("verificationcode") <> "") Then
Recordset1__MMColParam1 = Request.QueryString("verificationcode")
End If
%>
<%
Dim Recordset1
Dim Recordset1_cmd
Dim Recordset1_numRows

Set Recordset1_cmd = Server.CreateObject ("ADODB.Command")
Recordset1_cmd.ActiveConnection = MM_hostspaced_STRING
Recordset1_cmd.CommandText = "SELECT * FROM users WHERE Email = ? AND verificationcode = ?"
Recordset1_cmd.Prepared = true
Recordset1_cmd.Parameters.Append Recordset1_cmd.CreateParameter("param1", 200, 1, 255, Recordset1__MMColParam) ' adVarChar
Recordset1_cmd.Parameters.Append Recordset1_cmd.CreateParameter("param2", 5, 1, -1, Recordset1__MMColParam1) ' adDouble

Set Recordset1 = Recordset1_cmd.Execute
Recordset1_numRows = 0
%>
<%
if (Request.ServerVariables("Request_Method") = "POST") then
WAFV_Redirect = ""
Session("WAVT_verification_Errors") = ""
if (WAFV_Redirect = "") then
WAFV_Redirect = cStr(Request.ServerVariables("SCRIPT_NAME"))
end if
WAFV_Errors = ""
WAFV_Errors = WAFV_Errors & WAValidateNM((Recordset1_total) & "",1,1,"",",.",true,1)

if (WAFV_Errors<> "") then
PostResult WAFV_Redirect,WAFV_Errors,"verification"
end if
end if
%>

OK, you are in ASP... Dreamweaver doesn't add the count to asp unless it is used... so you would have to have code above the validation:

var Recordset1_total = WADACOMMENTS.RecordCount;
if (Recordset1_total == -1) {
// count the total records by iterating through the recordset
for (Recordset1_total=0; !Recordset1.EOF; Recordset1.MoveNext()) {
Recordset1_total++;
}

// reset the cursor to the beginning
if (Recordset1.CursorType > 0) {
if (!Recordset1.BOF) Recordset1.MoveFirst();
} else {
Recordset1.Requery();
}
}

You are trying to validate Recordset1_total even though it doesn't exist yet. If you add the code I mentioned above the validation it will start working properly.

Sorry I haven't seen these brackets {
with asp before, should they be there?

sorry that is asp javascript... I see you are using vbscript...

If you just go to Insert->Data Objects->Display Record Count->Recordset Navigation Status

That would be what I would do to get you the correct syntax to use.

It still keeps returning no user records

Are you submitting a form to this page? I don't see the form. I see you are using Querystring for some things and form POST for some triggers. My guess is that the values you are using either for the trigger or for the recordset filter are not correct.

Sorry I wasn't really sure what I was suppose to do. So I manually add a form. What fields do I need to add? Should they be hidden

When I do it now it comes up with ADODB.Command error '800a0d5d'

Application uses a value of the wrong type for the current operation.

/manageproducts/verification.asp, line 31
(which is Recordset1_cmd.Parameters.Append Recordset1_cmd.CreateParameter("param2", 5, 1, -1, Recordset1__MMColParam1) ' adDouble)

When i remove the filter by verification code parameter in the recordset and just just do it by email, it does return a record

Hi I still need help in doing this. With the recordsets I did as you said before. I filtered by the email as a url paramater. The default value is set to 1. Then I went to advanced and added another colparam for the verification code.
<%
Dim Recordset1__MMColParam
Recordset1__MMColParam = "1"
If (Request.QueryString("Email") <> "") Then
Recordset1__MMColParam = Request.QueryString("Email")
End If
%>
<%
Dim Recordset1__MMColParam1
Recordset1__MMColParam1 = "1"
If (Request.QueryString("code") <> "") Then
Recordset1__MMColParam1 = Request.QueryString("code")
End If
%>


I think thats how it should be but I am getting the error message I mentioned on my previous post. Could this because of the datatype. I set it to varchar. What do I need in the form to pass the value to the emailverified field. Do you need to use securityassists autheticate user or rules manager. I'd like to know what I have to do to get this to work. As I have been stuck on this for over a month I appreciate your help.

Edit the recordset and change the data type of the parameter in the Dreamweaver recordset. It appears to be set as a number there even though you have defined it as a varchar in the database. This is a conflict between the datatype defined in the database and in the recordset.

Thanks thats now working. Its showing one record. What do I need to do now to it to activate the user-account?

Update that record and set the Active field value to "1" instead of "0" most likely. You should be able to use data assist update table server behavior for that.

Ok I'm probably not understanding this but I'm sure I'm not that far away.
I need to know what form fields and values I need and also in the update record server behaviour in step 2 update data options what should the datatype be set to and should i set the value to 1 because when I do that it doesn't update it from 0 to 1 in the database.

Please start a new forum post. This isn't about addt user levels at this point.

I don't think you need any form fields or values. Trigger on when the recordset is not empty and set the field value to something other than the default so that you can identify it as being verified. It should update to 1 in the database.

Yes Ray it has digressed a bit hasn't it. Thanks that seems to have solved that problem. It updates to 1 in the database. I will post a new thread, because I will just need a little bit of help pointing me in the right direction to do the rest.

Hi Ray I just wanted to say I have done it now. Thanks for all your time and patience. I might leave you alone for a few days now lol

Yes I believe it would work with the existing login page. As long as you know the names of the session variables it stores.

OK - I'm finally implementing this. How exactly do I use this with the Session variables? (See the reason most of us buy your products is because we're not PHP gurus and need the Wizards to help set things up.)

I have the ADDT registration system that's existing. I want to now use Security Assist for my registration pages. I'd like the new Security Assist log-in to also let existing members log-in as well. (These members were registered with the ADDT registration.) Will this work? And if so - how do I implement it? How and where do these session variables come in if I'm using existing members with ADDT and then the newer members will register with Security Assist into my database.

I'm not familiar enough with the ADDT system you are using to be able to advise you on how to replace it with Security Assist. I assume it uses some session variable settings, so I'm pretty sure you could mimic it with SecurityAssist, I'm just not familiar enough with ADDT to tell you what session variables need to be set or what Tables need to be updated during the registration process.

Ray,

I set up my account activation as you stated in this thread (registered user clicks link in email and it updates record on activate page).

After activation, the activate page redirects the user to the login.php page. I would like to add a conditional message at the top of the login.php page that states "Account Has Been Activated. You may now login" only if the referring page is activate.php.

I do not want the message to appear every time users go to the login page, ONLY immediately after activation.

Can this be done using WA extensions? How do you recommend adding this?

Roughly i have handcoded a conditional that doesn't work, see code below:
<?php
// Show IF Conditional region
if ($_SERVER['HTTP_REFERER'] == "http://www.mysite.com/BLUESKY/register/activate.php") {
?>
ACCOUNT HAS BEEN ACTIVATED. YOU CAN NOW LOGIN.
<?php }
// endif Conditional region
?>

I appreciate any help. Thanks

I'd just pass a url parameter and use that instead.

Just update your redirect on the activate page to go to: loginpage.php?activated=1

then change your conditional to:
<?php
// Show IF Conditional region
if (isset($_GET['activated'])) {
?>
ACCOUNT HAS BEEN ACTIVATED. YOU CAN NOW LOGIN.
<?php }
// endif Conditional region
?>

Thanks Ray!

That conditional with the passed url parameter worked great. Simple. Appreciate the help.