close ad
Databridge V2 with MySQLi support IS Now Available!
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

Login Fails endlessley

Thread began 10/27/2010 7:36 pm by eaefaw380137 | Last modified 10/28/2010 11:40 am by Jason Byrnes | 788 views | 5 replies |

eaefaw380137

Login Fails endlessley

I have gone through the interactive tutorials numerous times step-by-step but have yet to get the login/user system working correctly. I am creating an eCommerce site using all of the Super Suite tools. The Dataassist extensions have worked pretty much flawlessly. I used them to create a basic CMS for adding/updating/deleting/inserting the products. I am working towards developing an administrative back-end as outlined in one of your tutorials and have stored these pages in a directory called "admin". All I want to do is create a simple username/password system for accessing the index.php page inside of the "admin" directory if the login is successful. I created a simple MySQL database that is only 4 columns.

AdminID
AdminUserName
AdminPassword
UserLevel

At this point I want to just manually enter the credentials for all of the admins into the database so that I only have to create a simple "one-page" login form. They do not have to register, and if they forget their credentials, I will manually change them in the database. Probably not too secure, but I am desperate at this point.

Seems pretty straight forward with Security Assist, but every time I run through the the whole wizard and all Security Assist tutorials, my login attempts fail and always take me to the access_denied.php page ( in the root directory of the site ) which I have set-up for failed login attempts.

My admin_login.php page is stored in the root directory of the site and I am trying to take the user to /admin/index.php on successful login. I have applied all of the user level access to the /admin directory so that only administrators can access that directory.

Either I am doing something fundamentally wrong in my file structure, or there is an issue with my database setup because I have followed the instructions to the letter without any luck.

Below is a link to my testing site login page. I do not want to provide login credentials, but have attached my admin_login.php and admin_logout.php files for your review. Let me know if there are any other files you need to help my sort this out.

admin_login.php

I really appreciate your expertise and assistance.

Attached Files
loginfiles.zip
Sign in to reply to this post

Jason ByrnesWebAssist

you say you are manually entering the user credentials in the database?


Directly in the database, Or do you fill in a registration page to enter the details.

In the login behavior, I see you are using the password encryption technique.

For this to work, the password will need to be stored in the database as an encrypted string.

an encrypted password would be stored in the database as a 40 character string. For example if your password where "test" the value stored in the database would be "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3"

If you are entering the passwords directly into the database, you will need to manually perform the sha1 conversion.

If you create a registration form that you can use to enter new users into the database, you can set it up to perform the conversion for you, the security assist tutorial walks through modifying the registration page to store the encrypted passwords.

Sign in to reply to this post

eaefaw380137

Yes, I just created two rows in the database and manually entered the data for each since there would only ever be two users that would have access to the admin directory. I figured that just creating just a login page would be best since I could not get the whole login/register system to work (although I would like to use the full potential of Security Assist.)

So would your recommendation be for me to go into the SA Authenticate User Server Behavior on the login page and remove the SHA1 encryption to see if that works?

BTW - thank you for your quick response.

Sign in to reply to this post

Jason ByrnesWebAssist

yes, since the password is not encrypted in the database, you cannot use the sha1 encryption on the login page.

Sign in to reply to this post

eaefaw380137

I removed the sha1 encryption from the login page and tried again without success. So I deleted the WASecurityAssist directory and the all the appropriate login pages and then started the wizard again. I created just the registration and login pages following the tutorials for login/registration.

Upon my next test, I am getting error "incorrect table name". I keep trying to simplify this process. I created the "admin" table with only the 4 columns and I know that I am selecting that table for the "insert record" step of the admin_registration.php page, so I am at a lost as to why it is now returning that error.

My apologies for putting you through your paces so early this morning, but this is really vexing me. I still have to create the eCart version of this project and need to get a grip on handling users before I can move on to that portion.

Thanks in advance.

Sign in to reply to this post

Jason ByrnesWebAssist

to tell why you are getting the error, I will need to see the code.

If you do not want a registration page, dont create it.


the simplest test you can run is to create only the login page using the wizard, then test it to see if you can login with one of the users you have already added to the database.


Do not do any additional modification from any of the tutorials, in your case, you are not using encryption, so the first tutorial does not apply. Dont worry about user levels until you can get a working login.

if a simple login page does not work, test the server for session management using the sessionTest.php file here:
showpost.php?p=23826&postcount=2

Sign in to reply to this post

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...