Encountered validation conflict

This is the first time I encountered this so my assumption is that by editing the uses_Registration.php page, I must have applied a new extension that is conflicting. I can't find anything in the support source about this, so it's my best guess.

It's the validation of the form. The User Registration Solution includes validation created by the WA Validation Tool Kit, I think.
I don't have that installed, or the CSS form building installed. But I do have the Form Toolkit and SecurityAssist installed.

In my Server Behavior panel, I have a behavior for validation called "WA Server Validations". Anyway, I clicked on that and removed the UserCountry validation after I removed the country text field. I think that added the conflicting include file.

So now I have two includes and I don't which one to remove. Or if I should change the whole form to match the new one.

I have both;

require_once("../WA_ValidationToolkit/WAVT_ValidatedForm_PHP.php");
require_once("../webassist/form_validations/wavt_validatedform_php.php");

Thanks,
TroyD

yes, this is an issue caused by using the Form toolkit to edit validation originally created by validation toolkit.


delete this line:
require_once("../WA_ValidationToolkit/WAVT_ValidatedForm_PHP.php");


you will also need to double click on each of the Validation show if behaviors to regenerate the code.

Thanks Jason,

Should I also follow these steps with all other pages within the registration? There are several as you know, and I have added some myself. Including the date picker.

And another thought. Are there any known conflicts between Security Assist, Form Toolkit and User Registration Solution? I ask because in the User Registration I have the original Page Access rules provided by UR Solution and they don't always work. I can open a different thread for this if needed. But the main problem rule is the "Email Confirmed".
I printed out the session array and even though it says [UserEmailVerified] => 0 and have a Page Access rule set to "not email confirmed", it still lets them land on that page. I also tried "email confirmed". Sometimes it works, other times it doesn't. And I close my browser first.

So is it possible I need to check something there as well?

I know the rules can sometimes read backwards so I have had to really think about this, but when you apply the reverse and it still makes no difference, I have to consider other possible conflicts.

This particular page rule, in my application, should not allow even a logged in user to access the page unless they have a confirmed email. Maybe I need to create a different rule and the one provided is not meant for this.

Thanks,
TroyD

you only need to follow these steps if you have modified the validation using form toolkit.


have you made any modifications to the email confirmed rule?


when you say that sometimes it works others it doesn't, is this on different visits to the same page or different pages?

No, the rule is the same. I haven't changed anything. And it's different visits to the same page.

I'm having trouble getting my head around some of the rules since Page Access and Show Region use the same rules but differently. So I know that some of my problem is user error on my part.

For example, the users_Profile.php page has the Show region wrapped around a Show region.

<?php if(!WA_Auth_RulePasses("email sent")){ // Begin Show Region ?>

    <?php if(!WA_Auth_RulePasses("Email Confirmed")){ // Begin Show Region ?>

      <p>Your email address has not been verified.</p>

      <form name="form1" method="post"  action="">

        <input type="submit" name="verify_button" id="verify_button" value="verify">

      </form>

      <?php } // End Show Region ?>

    <?php } // End Show Region ?>

So the first rule there would be a URL variable that applies only immediately after a registration. But a later visit would not provide the information as to if the email had been sent. And, the rule is not showing that line if they still need to verify their email.

Plus, in the "email confirmed" rule, there is a second line for UserID <> so I wondered if that might be my problem. I'm not sure I understand that one since <> mean not equal to, and the compare is blank. So it would pass no matter what, right?

The full "Email Confirmed" rule is this;

Allow if echo $_SESSION['UserEmailVerified']; = 1
Allow if echo $_SESSION['UserID']; <>

Thanks,
TroyD

that show region will only trigger if the the URL Variable is present and the Email has not been confirmed.

the rules:
Allow if echo $_SESSION['UserEmailVerified']; = 1
Allow if echo $_SESSION['UserID']; <>

mean:

Allow if the Session UserEmailVerified is = to 1

Allow If the Session UserID is NOT = to an empty string - this will only pass if the userID session has a value.


if it does not have a value, the user is not loged in and the rule will not pass.

add the <?php var_dump($_SESSION); ?> code to the page you are having a problem with and send a copy of the page along with the session dump results when you are able to access it when you dont think you should.

Jason,

I created a simpler rule and it still isn't doing what I need so I am missing something.

I have rule "Email Verified".
$comparisons[0] = array(TRUE, "".((isset($_SESSION['UserEmailVerified']))?$_SESSION['UserEmailVerified']:"") ."", 1, "1");

That's all it has in it.

What my intentions are that this rule looks at the logged in user's session for UserEmailVerified and checks to see if it's 0 or 1. If it's = 1 then they are verified.

So here's how I used it so far.

On the user_Profile.php page. I want them to see this page if they are logged in. But I also want them to see the message that their email is not verified if their session for email = 0.
So I wrapped it like this.

Under the show region, if I select "not email verified", I get this.

<?php if(!WA_Auth_RulePasses("Email Verified")){ // Begin Show Region ?>

                     <form name="form1" method="post"  action="">

                      Your email address has not been verified.

                     <input type="submit" name="verify_button" id="verify_button" value="verify">

                     </form>

<?php } // End Show Region ?>

And on a "protected" page, I don't want them to have access to this page even if they are logged in, UNLESS their email is verified. So the access rule is this.

If under the page access I select "email verified" I get this.

<?php if (!isset($_SESSION)) {

  session_start();

}

if (!WA_Auth_RulePasses("Email Verified")){

    WA_Auth_RestrictAccess("users_LogIn.php");

}



?>

Both are using the same argument aren't they? Accept one is the opposite of the other. They both have the "!" in there but the first is using Allow if and the second is using restrict if? Is that right? (here's where I get confused with all the double negatives).

The first example is a show region so if they are not verified, then I DO want them to have access to that line of text.
The second is a page access so that would say if this rule passes, grant access to this page, otherwise redirect them to the login page.

Or do I have this confused?

Thanks,
TroyD

(*I was working on this post as your previous came in. I will follow that one and submit my page. Might be later however.)

Jason,

Here are a couple of my pages. Formatting stripped out to simplify things but that's it.
And the session dumb provided for each page. It's exactly the same for both pages.

The first page in question is the order_Page.php. Basically this is what will be a protected page. And it's exactly the same as the original User Registration Solution "protected page" file. What's really weird here is that this page does what is should when testing it on the original on my local server. But in the active web site, the rule is ignored. You can't access it if your not logged in, but if you are and your email is NOT confirmed, you can access it.

order_Page.php
array(3) { ["UserID"]=> &string(1) "5" ["UserEmailVerified"]=> &string(1) "0" ["UserEmail"]=> &string(27) "test@domain.com" }

This is from the users_Profile.php page. Here, the access rule works just fine. But there are two regions that should show up if your email is, or isn't confirmed. But the top one "You can access the Table Reservation Page or update your profile below." shows up no matter what. And the second area "Your email address has not been verified. Verify" never shows up. And it needs to if they are not confirmed.

users_Profile.php
array(3) { ["UserID"]=> &string(1) "5" ["UserEmailVerified"]=> &string(1) "0" ["UserEmail"]=> &string(27) "test@domain.com" }

I have completely closed my browser and reopened it every time I try a change. And it looks like the session is set. Not sure what I did but it is messed up some how.

Thanks,
TroyD

I created a new rule called "Logged In Email Confirmed". But it actually only checks one thing, which is, "is the session for UserEmailVerified >= 1?"

Here's the rule;
case "Logged In Email Confirmed":
$comparisons[0] = array(TRUE, "".((isset($_SESSION['UserEmailVerified']))?$_SESSION['UserEmailVerified']:"") ."", 6, "1");

(not sure what the 6 means)

It seems to now do everything I need it to. Not sure why this works and the original = 1 doesn't. But there is that added UserID <> in that rule.

So it is blocking access to the protected page for the following
Not logged in at all
Logged in but not email verified

And the show regions work as well with this rule.

I have tested this by logging in as both a verified and a not verified user. And by closing my browser each time. But if I encounter trouble, I will report that for reference.
If you see anything weird in that session dump from earlier please let me know.

Thanks,
TroyD

ok, glad to hear you have it working.


I cant see from what was posted why the other rules where not working, but if this new rule is working for you then use that one.