Login Fails endlessley

I have gone through the interactive tutorials numerous times step-by-step but have yet to get the login/user system working correctly. I am creating an eCommerce site using all of the Super Suite tools. The Dataassist extensions have worked pretty much flawlessly. I used them to create a basic CMS for adding/updating/deleting/inserting the products. I am working towards developing an administrative back-end as outlined in one of your tutorials and have stored these pages in a directory called "admin". All I want to do is create a simple username/password system for accessing the index.php page inside of the "admin" directory if the login is successful. I created a simple MySQL database that is only 4 columns.

AdminID
AdminUserName
AdminPassword
UserLevel

At this point I want to just manually enter the credentials for all of the admins into the database so that I only have to create a simple "one-page" login form. They do not have to register, and if they forget their credentials, I will manually change them in the database. Probably not too secure, but I am desperate at this point.

Seems pretty straight forward with Security Assist, but every time I run through the the whole wizard and all Security Assist tutorials, my login attempts fail and always take me to the access_denied.php page ( in the root directory of the site ) which I have set-up for failed login attempts.

My admin_login.php page is stored in the root directory of the site and I am trying to take the user to /admin/index.php on successful login. I have applied all of the user level access to the /admin directory so that only administrators can access that directory.

Either I am doing something fundamentally wrong in my file structure, or there is an issue with my database setup because I have followed the instructions to the letter without any luck.

Below is a link to my testing site login page. I do not want to provide login credentials, but have attached my admin_login.php and admin_logout.php files for your review. Let me know if there are any other files you need to help my sort this out.

admin_login.php

I really appreciate your expertise and assistance.

you say you are manually entering the user credentials in the database?


Directly in the database, Or do you fill in a registration page to enter the details.

In the login behavior, I see you are using the password encryption technique.

For this to work, the password will need to be stored in the database as an encrypted string.

an encrypted password would be stored in the database as a 40 character string. For example if your password where "test" the value stored in the database would be "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3"

If you are entering the passwords directly into the database, you will need to manually perform the sha1 conversion.

If you create a registration form that you can use to enter new users into the database, you can set it up to perform the conversion for you, the security assist tutorial walks through modifying the registration page to store the encrypted passwords.

Yes, I just created two rows in the database and manually entered the data for each since there would only ever be two users that would have access to the admin directory. I figured that just creating just a login page would be best since I could not get the whole login/register system to work (although I would like to use the full potential of Security Assist.)

So would your recommendation be for me to go into the SA Authenticate User Server Behavior on the login page and remove the SHA1 encryption to see if that works?

BTW - thank you for your quick response.

yes, since the password is not encrypted in the database, you cannot use the sha1 encryption on the login page.

I removed the sha1 encryption from the login page and tried again without success. So I deleted the WASecurityAssist directory and the all the appropriate login pages and then started the wizard again. I created just the registration and login pages following the tutorials for login/registration.

Upon my next test, I am getting error "incorrect table name". I keep trying to simplify this process. I created the "admin" table with only the 4 columns and I know that I am selecting that table for the "insert record" step of the admin_registration.php page, so I am at a lost as to why it is now returning that error.

My apologies for putting you through your paces so early this morning, but this is really vexing me. I still have to create the eCart version of this project and need to get a grip on handling users before I can move on to that portion.

Thanks in advance.

to tell why you are getting the error, I will need to see the code.

If you do not want a registration page, dont create it.


the simplest test you can run is to create only the login page using the wizard, then test it to see if you can login with one of the users you have already added to the database.


Do not do any additional modification from any of the tutorials, in your case, you are not using encryption, so the first tutorial does not apply. Dont worry about user levels until you can get a working login.

if a simple login page does not work, test the server for session management using the sessionTest.php file here:
showpost.php?p=23826&postcount=2