I have run the wizard a hundred different times with a hundred different variables...

All I need is index.php login to redirect to home.php. That works fine, but, if I kill the session I can navigate directly to the home.php...

groups:
everyone - 2 & 3
admin - 3

The Rule for 'everyone' is:
Allow if <?php echo $_SESSION['userlevel']; ?> in group 'everyone'

The Rule for 'admin' is:
Allow if <?php echo $_SESSION['userlevel']; ?> = 3

It does not work...

I can pull the details out of session to display on the page - even the userlevel...

Anyone have any ideas??? I'm at a loss...

Ted

<?php require_once('Connections/PathTo.php');?>
<?php require_once( "WA_SecurityAssist/Helper_PHP.php" ); ?>

<?php
if($_SERVER["REQUEST_METHOD"] == "POST"){
$WA_Auth_Parameter = array(
"connection" => $PathTo,
"database" => $database_PathTo,
"tableName" => "users",
"columns" => explode($WA_Auth_Separator,"emailaddress".$WA_Auth_Separator."password".$WA_Auth_Separator."orgcode"),
"columnValues" => explode($WA_Auth_Separator,"".((isset($_POST["username"]))?$_POST["username"]:"") ."".$WA_Auth_Separator."".((isset($_POST["userpassword"]))?$_POST["userpassword"]:"") ."".$WA_Auth_Separator."".((isset($_POST["userorgcode"]))?$_POST["userorgcode"]:"") .""),
"columnTypes" => explode($WA_Auth_Separator,"text".$WA_Auth_Separator."text".$WA_Auth_Separator."text"),
"sessionColumns" => explode($WA_Auth_Separator,"uid".$WA_Auth_Separator."userlevel".$WA_Auth_Separator."emailaddress".$WA_Auth_Separator."orgcode"),
"sessionNames" => explode($WA_Auth_Separator,"uid".$WA_Auth_Separator."userlevel".$WA_Auth_Separator."emailaddress".$WA_Auth_Separator."orgcode"),
"successRedirect" => "landing.php",
"failRedirect" => "dead.php",
"gotoPreviousURL" => TRUE,
"keepQueryString" => TRUE
);

WA_AuthenticateUser($WA_Auth_Parameter);
}
?>

The the internal pages have:

<?php require_once( "WA_SecurityAssist/Helper_PHP.php" ); ?>
<?php
if (!WA_Auth_RulePasses("everyone")){
WA_Auth_RestrictAccess("not-logged-in.php");
}
?>

However, like I said, while not logged in I can view the page and it displays everything, except the session stuff...

Any additional ideas?

Most likely your groups have a blank value in them.


it is very easy to add a group member with a blank value and not see it.


Open the Security Assist Access Groups manager and edit each group that you have created.

try to click bellow the last group member to see if there is a blank group member.

If you can select a line with nothing in it bellow the last group member there is a blank one. remove each of the blank group members you find.



the easiest way to see if there is a blank group member or not is directly in the WA_SecurityAssist/HelperGroupsRulesPHP.php file.

That was it... Thank you...

No worries, glad to hear it's working.