close ad
Install the LAtest Updates to Work with CC 2017 and CC 2018
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

No access to secured pages - and no info

Thread began 7/01/2010 4:33 pm by Brendan | Last modified 7/06/2010 4:13 pm by Jason Byrnes | 1383 views | 13 replies |

Brendan

No access to secured pages - and no info

I've been troubleshooting a problem for hours now...I have applied simple rules to pages, and I can log on, but even as Administrator, I cannot access ANYTHING that is under SecurityAssist.

Code in page, ltac.org/mainmembers/news.php

<?php require_once( "../WA_SecurityAssist/Helper_PHP.php" ); ?>
<?php
if (!WA_Auth_RulePasses("LTAC Members")){
WA_Auth_RestrictAccess("../AccessDenied.php");
}
?>

HelperGroup rules php rules:

<?php

function WA_Auth_GetComparisonsForRule($ruleName){
$comparisons = array();

switch ($ruleName){
case "Administrator":
$comparisons[0] = array(TRUE, "".((isset($_SESSION['userLevel']))?$_SESSION['userLevel']:"") ."", 1, "3");
break;
case "LTAC Members":
$comparisons[0] = array(TRUE, "".((isset($_SESSION['userLevel']))?$_SESSION['userLevel']:"") ."", 6, "1");
break;
case "Power Users":
$comparisons[0] = array(TRUE, "".((isset($_SESSION['userLevel']))?$_SESSION['userLevel']:"") ."", 6, "2");
break;
}
return $comparisons;
}


function WA_Auth_GetGroup($groupName){
$group = Array();

switch ($groupName){
}
return $group;
}

?>

You can see at LTAC_visitors_index.php

log in with dci user dci password (assigned level 3 Administrator)

Log in works, but the redirect to news.php works then denies access and goes to AccessDenied.php (as bad login would).

I cannot figure out what I am doing wrong here.

Also, can't find any log file to explain the error.

Thanks for any help possible. This has to be some basic problem I'm missing.

Sign in to reply to this post

Eric Mittman

I can see what you mean, it looks like the rule for LTAC Members is failing. Are you setting the access level in the $_SESSION['userLevel'] variable? You need to ensure that it has the proper value in it. Also, when you crafted the rule how exactly did you set it up? Please post back with this info so we can check into this further with you.

Sign in to reply to this post

Brendan

Fundamental problem

Yes, the database table is set up properly. I'm looking to find any indication that, in the process of working with four different client security files (they just couldn't make up their mind) and naming the field userLevel and UserLevel if the system hasn't somehow got the wrong value in the lookup.

I don't know where to find that exactly. None of the security levels work...1, 2 or 3. They did work some days ago before another table switch for the client. I deleted files created by the Wizard and re-ran SecurityAssist; I re-loaded all of the objects in the SecurityAssist folder. Since then, authorization works for login but the user level is ignored.

I think I'll go back and delete all of the objects for SecurityAssist and re-run the wizard, then reload and see what happens. I think this is my problem, or mine along with Bill Gates. :)

Sign in to reply to this post

Brendan

Well, I've renamed the table field Sec_Level because I'm just not sure whether it was having a problem with User_Level vs. user_Level. I deleted WASecurityAssist folder and re-ran the Wizard, then reloaded the folder on the host. I set up the rules in exactly the same manner as before, as shown above in this thread.

I still cannot get it to recognize user levels. Are there any files outside of WASecurityAssist folder that affect this function? I frankly cannot find any reference in any code to "levels

I appreciate your kind assistance.

Sign in to reply to this post

Eric Mittman

The rules and how they work are defined in the helper group rules page that you posted previously. If you can please post back with a copy of your current WA_SecurityAssist and a copy of a page that has the rule applied to it and a copy of your login page in a zip archive, I can do some testing to see what the problem might be.

If you can also post back with an example record from your table that might help to determine if there is a problem with the way you are setting up the experience.

Sign in to reply to this post

Brendan

Attached objects

Thanks for your assistance.

I started today by clearing everything and starting over...and it still has the problem.

The attachment is the SecurityAssist folder created today with an updated css and image subfolders.

I used the base login included, but also a copy of it as LTAC_visitors_index.php.

The news.php object is the login target page in subdirectory /mainmembers and I gave you the entire folder.

The permissions are:

Admin = 3
Power >= 2
members >=1

Attached Files
DCISecurityAssist.zip
Sign in to reply to this post

Brendan

Here is also a snapshot of the Security_Master file structure.

User=admin
Pwd=cathyc

User Level is 3

Sign in to reply to this post

Jason ByrnesWebAssist

your login page only creates a session named "Member_ID":

php:
"sessionColumns" => explode($WA_Auth_Separator,"Member_ID"),

"sessionNames" => explode($WA_Auth_Separator,"Member_ID"),




the only rule you have created that uses the Member_ID session is the Logged in to Security_Master rule.

Sign in to reply to this post

Brendan

Well, the Security Assist Wizard created the page and the code. It then had me create the access rules.

Access is based on the User_Level field value of the Member_ID record, right?

What do I need to change in code to make this work?

Sign in to reply to this post

Jason ByrnesWebAssist

my point is that the access rules you created use a session variable named "userLevel"

no session variable named userLevel is created when the user logs in.


perhaps it would help if you viewed the "User Level Authentication" tutorial in the solution recipe section of the security assist support page:
securityassist/

Sign in to reply to this post
loading

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...