I have tried what you've suggested Jason, but it didn't validate properly as far as I can tell.
Basically, even though I have restrict access to the page, the page displays without actually pushing you to the login page, however, I do have a show if region on the page that seems to be working if the user isn't logged in.
So I followed the steps given, but the Authenticate User step didn't work as expected in comparison to your explanation. The tab Session Values wouldn't allow me to add anything. If I add the DB table I am checking against in the Database tab, then the Session Values tab allows me to create a session, but it automatically adds a session too. The session it adds is 'id' and each time I click it to highlight it to delete it, another instance of 'id' appears in the dropdown menu... then sometimes it crashes DW!!
Anyway, what ever I seem to be doing is allowing access to users who have been refused and granted access. If I try to change the setting to Restrict and <>, then I am locked out regardless of access granted.
So, I have been trying these conditions within the rule Logged in to tbl_admin:
This lets me in:
Allow if <?php echo $_SESSION['SecurityAssist_id']; ?> <>
Allow if <?php echo $_SESSION['useractive']; ?> = 1
This locks me out:
Restrict if <?php echo $_SESSION['useractive']; ?> <> 1
Allow if <?php echo $_SESSION['SecurityAssist_id']; ?> <>
I've read your help pages and they say only one Allow if can be used per rule, and no matter what combination I use, I am either allowed in, or locked out regardless of access rights.
Any thoughts?
Mat