close ad
 
Important WebAssist Announcement
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

Security levels not working

Thread began 5/30/2013 6:58 pm by mrs | Last modified 6/03/2013 11:16 am by mrs | 3047 views | 12 replies

mrs

Security levels not working

There was an interactive tutorial on your old site by Mark Jones (I think that was his name) for creating multiple level access with security assist. Where has it gone?

Anyways, I have built an admin log in using security assist, and I have then created a CRUD system for master admins to add lower level admins. I have tested the pages with the bog standard 'Logged in to tbl_admin' settings and all works fine apart from the fact that any admin has access to these pages. I then went about creating admin levels, and applied them, but they failed to check if I was logged in or not and let me straight into the admin area.

I have used the Access Rules Manager to edit and create access group levels:

Logged in to tbl_admin (levels of 3, 2 and 1)
Logged in to tbl_admin Power Admin Users (levels of 3 and 2)
Logged in to tbl_admin Master Admin Users (levels of 3 only)

None of these are working... I just go straight into the admin and am free to edit without ever signing in.

What I've noticed is that the code on the login.php seems to refer to the unique column (fld_adminID) rather than the access column (fld_adminACTIVE).

"sessionColumns" => explode($WA_Auth_Separator,"fld_adminID"),
"sessionNames" => explode($WA_Auth_Separator,"SecurityAssist_fld_adminID"),

I've changed the code where I can see it to refer to the access column of the DB (fld_adminACTIVE), and I have tried to rename the session name to SecurityAssist_fld_adminACTIVE, but now I am locked out of the admin even though I know I am entering the correct log in details! I've now changed the code back from ACTIVE to ID. I found the code in the helpergroupsrulesphp.php and login.php.

Within the Access Rules Manager, the default settings produced by Security Assist is:

Allow if
Value:<?php echo $_SESSION['SecurityAssist_fld_adminID']; ?>
Crteria: <>
Compare to: '' (field left empty)

And I changed it to:

Allow if
Value:<?php echo $_SESSION['SecurityAssist_fld_adminACTIVE']; ?>
Crteria: In group
Compare to: Logged in to tbl_admin

What am I doing wrong? What do I need to change? During the wizard process, what do I set to ensure the security is checking against the level rather than the unique record ID?

I've attached zip of the admin section with my levels in, but some code somewhere is still wrong... unless I have approached this entirely incorrectly!

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...