Show If question

I recently did this with an asp site which I'm redoing now as php since everyone tells me php is better. It worked in asp but I can't get it to work now.

I am trying to show the password field on a details page only if it is your record. My rule (If Self) says to show the field if the Session ID = the detail recordset ID. I've put dynamic fields in to verify that they both are the same, but my field still won't show.

My code is:

<?php if(WA_Auth_RulePasses("If Self")){ // Begin Show Region ?>
<tr>
<th>Password:</th>
<td><input type="text" class="WAATKTextField" name="txtpassword" id="txtpassword" value="<?php echo(str_replace('"', '&quot;', $row_rs_directory_detail['txtpassword'])); ?>" size="50"/></td>
</tr>
<?php } // End Show Region ?>

Any help would be appreciated. Thank you.

Update:
I've been working on this and have a more complete picture of what I'm trying to do. Basically there is a detail page of info that if it is the info of person signed in, they will see one version which they can update, except for the Group field which only the Admin can see and edit. The Admin can also see and update all their other data.

If it's not your data, you see a non-editable version which excludes password and group data.

What's happening is that no matter if who you're signed in as, you're seeing the non-editable version of the data.

I realize that's a bit complicated so I've attached a zip of the detail page and HelperGroupsRulesPHP.php so you can see how my rules are.

Thanks for any help. I'm stuck!

using recordset data in rules can be tricky.

the recordset needs to be created before the rule is created for the recordset value to be available.


this code at line 7 attaches the WA_SecurityAssist/Helper_PHP.php

<?php require_once( "WA_SecurityAssist/Helper_PHP.php" ); ?>


This also attaches the HelperGroupsRulesPHP.php and defines the access rules. Since this code is before the recordset code, the recordset value is not available when the rules are created.

you need to move the recordset code to be before the the require once line at line 7

Thank you, Jason. That makes sense. But two followup questions.

First, I selected the record set and moved it after line 6
<?php require_once('Connections/residents_unix.php'); ?> and before what used to be line 7
<?php require_once( "WA_SecurityAssist/Helper_PHP.php" ); ?>

but now I get the error:
Fatal error: Call to undefined function getsqlvaluestring() in /data/25/2/98/45/2424045/user/2657060/htdocs/test/directory_detail2.php on line 13

Line 13 is
$query_rs_directory_detail = sprintf("SELECT * FROM Residents WHERE ID = %s", GetSQLValueString($colname_rs_directory_detail, "int"));

Not sure what to do now.

The second thing I will need to know to get this to work properly, is how to have the first group of data Show If the "If Self" OR the "If Admin" rules are met. I'm not sure how to string those together in php. Can I do it by

<?php if(WA_Auth_RulePasses("If Self") OR WA_Auth_RulePasses("If Admin")){ // Begin Show Region ?>

And can I still have a second Show If Admin within that group that will only show the Group field if you are Admin?

I've attached the file if it helps.
Thank you.

this code needs to be before the recordset:

if (!function_exists("GetSQLValueString")) {

function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 

{

  if (PHP_VERSION < 6) {

    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

  }



  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);



  switch ($theType) {

    case "text":

      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

      break;    

    case "long":

    case "int":

      $theValue = ($theValue != "") ? intval($theValue) : "NULL";

      break;

    case "double":

      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";

      break;

    case "date":

      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

      break;

    case "defined":

      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;

      break;

  }

  return $theValue;

}

}

use the following syntax to chck if either condition is true:
<?php if(WA_Auth_RulePasses("If Self") || WA_Auth_RulePasses("If Admin")){ // Begin Show Region ?>

I think I've done everything you said, but it still is only showing me the second - display only - table. This is set to Show If Other and should only show for non-Admin viewing a record other than their own.

I also have admin priv so I should see the first table, with editable fields, along with the Group field. But no matter who's record I select (even my own), I only see the display only table.

I've attached the latest version of the file.

Thanks for your patience.

there is no attachment to your post.

lets back up a bit though and simplify things.


You dont need to use recordset values in your rules, this is one thing that may be causing confusion.

for the admin rule, edit the authenticate user behavior on the login page. On the third step of the wizard, you can select user table columns to store in a session variable, select the txtgroup column so that the user group is stored at login time, this way you dont hav to look it up, you can use the already existing session variable.


for the if self rule, you are just filtering thje recordset on the ID query string:
$_GET['ID']

why not use that in the rule rather than the recordset value?

I didn't realize I could do the Admin rule that way, and have changed the rule to be based on a session variable. Thanks for the tip.

As far as the If Self rule, I'm not sure I understand exactly. There is a data grid of people. When you click on a record, if it's yours, you will see a editable table where you can update your info. If it's not yours, you will see the info (minus Password & Group) as display only. The Admin should be able to see and edit all info.

The recordset that populates directory_detail.php (rs_directory_detail) is built on the URL ID passed by clicking on a grid row. I don't understand how to use your $_GET['ID'] idea. What I have is if your session ID is equal to the rs_directory_detail ID, then the If Self rule is met.

I'm not very experienced at this so I'm very open to learning a better way.

I've attached the details and rules files now, if it helps.

Thanks again.

go to the bindings panel, and click the plus button.

Select URL Variable and name it ID

In the if self rule, set it to use the ID URL Variable instead of the recordset.



your code at line 129 is not correct:
<?php if(WA_Auth_RulePasses("If Self") OR WA_Auth_RulePasses("If Admin")){ // Begin Show Region ?>


it needs to be changed to:
<?php if(WA_Auth_RulePasses("If Self") || WA_Auth_RulePasses("If Admin")){ // Begin Show Region ?>



in PHP || is the OR separator for an if statement. use && for AND


Again, lets simplify though. Does it work if you only use the if self rule:
<?php if(WA_Auth_RulePasses("If Self")){ // Begin Show Region ?>

how about if you use the if admin rule:
<?php if(WA_Auth_RulePasses("If Admin")){ // Begin Show Region ?>


make sure it works as expected individually before combining them

Oh man, Jason, this is great - two of the three rules are working now AND I've learning some great things! Thank you!

The only rule that doesn't seem to be working is the If Admin. Maybe I set it up wrong too. I have it where if the Session variable txtgroup = Admin then Allow. My dynamic text is showing me as Admin but the Group field is not showing (which is not a combined rule) and the <?php if(WA_Auth_RulePasses("If Self")|| WA_Auth_RulePasses("If Admin")){ // Begin Show Region ?> rule is also not working as I'm seeing the non-editable display.

Did I set up the Admin rule wrong?

Thank you so much for your patience and help.

keep in mind that php is a case sensitive language.

add the following code to the page to output the session variable value:

<?php

if(!session_id()) Session_start();

echo("Session txtgroup is equal to: |".$_SESSION['txtgroup']."|");

?>

I put the pipe character around the output to check for trailing or leading spaces. What does this print to the page? is it Admin with capitol A or lower case a? make sure to get the case correct in your rule.