User Profile Page not functioning properly

** Please see attached users_profile.php file

When testing the functionality of my URSP, everything was working well until I noticed that the users_profile.php page was revealing the incorrect "show if" region / statement...

When I initially logged in, I accessed the profile page (without verifying my email address first) and noticed that the profile page was displaying the "show if" region stating 'Congratulations. You can access the Protected Page." Of course, I was expecting to see the "show if" region stating, "Your email address has not been verified" (**I slightly modified the wording for each "show if" statement for my web page, but the message is the same).

I tried this a couple of more times (registering a new user and accessing the profile page without first verifying my email address) and was met with this same issue.

I am uncertain if this makes any difference, but I did insert user level authorization through securityassist to the page. Do you think this may be the problem. Also, is it necessary to insert such security access to a profile page?

I would appreciation any assistance you may have to offer. Thank you.

You don't have to add the security to the page as it will already have security applied to it. Try using the default pages and see if you get the correct results.

I may need further assistance with my profile page. I am still not having any luck getting the show if region displaying that the email address has been verified from not showing when the email has not been verified.

I have checked my securityassist rules and everything appears to be fine. When I checked with the default / original profile page, this did not help since the page was pulling from the existing rules.

Could you offer some assistance. Please reference the attached file I sent previously.

Check in your database on the users table if the UserEmailVerified is set to 0 or not. If it is set to 0, then the user's email is not verified. If it is set to 1, then there is somewhere else that is verifying the email.

Also, can you send me a link to your page, so I can test the behavior?

I am familiar with the 1 and 0. This behavior in the database is working just fine. In other words, when I am testing, the database is updating with the information entered in the registration form. The database does reveal a 0 in the UserEmailVerified column, just as you specified.

However, when I log in and access the profile page, the "show if" server behavior (stating, "Congratualtions, you can access the ProtectedPage." is showing up. This is occuring before I have had the opportunity to verify the email address. I would think that the verify email server behavior would be showing.

I am at a loss of what to do next. I really need to profile page working properly. What do you suggest?

This is quite interesting, I've looked into the code for checking if the rule is validated or not. Put this code right above line 974:

<?php die("".((isset($_SESSION['UserEmailVerified']))?$_SESSION['UserEmailVerified']:"Not set")  .""); ?>

Line 974 looks like this:

<?php if ($totalRows_WAATKusers == 0) { // Show if recordset empty ?>

I want to check if that session variable is being set incorrectly. Let me know what the results are.

In copy and pasting the code to my profile.php page, I noticed that there is another line of code above line 974; line 973 which looks like this...<?php } // Show if recordset not empty ?>

Am I to replace this line of code (line 973) or insert your specified code between line 973 and 974? If I do that, the new code you specified will become line 974.

Please advise?

** I have attached a copy of my profile.php file for your reference.

***Note...I attempted to insert your recommended code between line 973 and 974. When I tested it, the profile page revealed the number 0 at the bottom. When testing the page, I used an account which email address has not be verified as of yet. The profile page did not show the "Show Region" section that informs me that the email address has not be verified.

So the value is correctly being calculated as having not been verified (by the displaying of 0). It seems like the check for whether the email is verified is executing incorrectly. Try uploading the WA_SecurityAssist directory again after deleting the current one to see if the files are uploaded correctly.

You can also remove the code I had you add in the previous response. That was just to output some debug information.

Jimmy, I deleted the previous code you asked me to insert and uploaded my WA_SecurityAssist directory once again...no change.

I ran a test on a user account that has not had its email address verified and the page still reflected the account verified. The Protected_Page even show the email address verified when the database clearly shows a 0.

Any other thoughts? Would you be open to creating a ticket for us to talk over the phone so I can show you the problem?

I have opened a backend ticket to look into this issue further. To check this ticket, log in to your account at www.webassist.com and check your support history.