close ad
WARNING PC USERS: Do Not Install the DREAMWEAVER CC 2017 Update »
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

Encountered validation conflict

Thread began 2/23/2011 3:34 pm by troyd | Last modified 2/25/2011 3:02 pm by Jason Byrnes | 1793 views | 9 replies |

troyd

Encountered validation conflict

This is the first time I encountered this so my assumption is that by editing the uses_Registration.php page, I must have applied a new extension that is conflicting. I can't find anything in the support source about this, so it's my best guess.

It's the validation of the form. The User Registration Solution includes validation created by the WA Validation Tool Kit, I think.
I don't have that installed, or the CSS form building installed. But I do have the Form Toolkit and SecurityAssist installed.

In my Server Behavior panel, I have a behavior for validation called "WA Server Validations". Anyway, I clicked on that and removed the UserCountry validation after I removed the country text field. I think that added the conflicting include file.

So now I have two includes and I don't which one to remove. Or if I should change the whole form to match the new one.

I have both;

require_once("../WA_ValidationToolkit/WAVT_ValidatedForm_PHP.php");
require_once("../webassist/form_validations/wavt_validatedform_php.php");

Thanks,
TroyD

Sign in to reply to this post

Jason ByrnesWebAssist

yes, this is an issue caused by using the Form toolkit to edit validation originally created by validation toolkit.


delete this line:
require_once("../WA_ValidationToolkit/WAVT_ValidatedForm_PHP.php");


you will also need to double click on each of the Validation show if behaviors to regenerate the code.

Sign in to reply to this post

troyd

Thanks Jason,

Should I also follow these steps with all other pages within the registration? There are several as you know, and I have added some myself. Including the date picker.

And another thought. Are there any known conflicts between Security Assist, Form Toolkit and User Registration Solution? I ask because in the User Registration I have the original Page Access rules provided by UR Solution and they don't always work. I can open a different thread for this if needed. But the main problem rule is the "Email Confirmed".
I printed out the session array and even though it says [UserEmailVerified] => 0 and have a Page Access rule set to "not email confirmed", it still lets them land on that page. I also tried "email confirmed". Sometimes it works, other times it doesn't. And I close my browser first.

So is it possible I need to check something there as well?

I know the rules can sometimes read backwards so I have had to really think about this, but when you apply the reverse and it still makes no difference, I have to consider other possible conflicts.

This particular page rule, in my application, should not allow even a logged in user to access the page unless they have a confirmed email. Maybe I need to create a different rule and the one provided is not meant for this.

Thanks,
TroyD

Sign in to reply to this post

Jason ByrnesWebAssist

you only need to follow these steps if you have modified the validation using form toolkit.


have you made any modifications to the email confirmed rule?


when you say that sometimes it works others it doesn't, is this on different visits to the same page or different pages?

Sign in to reply to this post

troyd

No, the rule is the same. I haven't changed anything. And it's different visits to the same page.

I'm having trouble getting my head around some of the rules since Page Access and Show Region use the same rules but differently. So I know that some of my problem is user error on my part.

For example, the users_Profile.php page has the Show region wrapped around a Show region.

php:
<?php if(!WA_Auth_RulePasses("email sent")){ // Begin Show Region ?>

    <?php if(!WA_Auth_RulePasses("Email Confirmed")){ // Begin Show Region ?>
      <p>Your email address has not been verified.</p>
      <form name="form1" method="post"  action="">
        <input type="submit" name="verify_button" id="verify_button" value="verify">
      </form>
      <?php // End Show Region ?>
    <?php // End Show Region ?>



So the first rule there would be a URL variable that applies only immediately after a registration. But a later visit would not provide the information as to if the email had been sent. And, the rule is not showing that line if they still need to verify their email.

Plus, in the "email confirmed" rule, there is a second line for UserID <> so I wondered if that might be my problem. I'm not sure I understand that one since <> mean not equal to, and the compare is blank. So it would pass no matter what, right?

The full "Email Confirmed" rule is this;

Allow if echo $_SESSION['UserEmailVerified']; = 1
Allow if echo $_SESSION['UserID']; <>

Thanks,
TroyD

Sign in to reply to this post

Jason ByrnesWebAssist

that show region will only trigger if the the URL Variable is present and the Email has not been confirmed.

the rules:
Allow if echo $_SESSION['UserEmailVerified']; = 1
Allow if echo $_SESSION['UserID']; <>

mean:

Allow if the Session UserEmailVerified is = to 1

Allow If the Session UserID is NOT = to an empty string - this will only pass if the userID session has a value.


if it does not have a value, the user is not loged in and the rule will not pass.

add the <?php var_dump($_SESSION); ?> code to the page you are having a problem with and send a copy of the page along with the session dump results when you are able to access it when you dont think you should.

Sign in to reply to this post

troyd

Jason,

I created a simpler rule and it still isn't doing what I need so I am missing something.

I have rule "Email Verified".
$comparisons[0] = array(TRUE, "".((isset($_SESSION['UserEmailVerified']))?$_SESSION['UserEmailVerified']:"") ."", 1, "1");

That's all it has in it.

What my intentions are that this rule looks at the logged in user's session for UserEmailVerified and checks to see if it's 0 or 1. If it's = 1 then they are verified.

So here's how I used it so far.

On the user_Profile.php page. I want them to see this page if they are logged in. But I also want them to see the message that their email is not verified if their session for email = 0.
So I wrapped it like this.

Under the show region, if I select "not email verified", I get this.

php:
<?php if(!WA_Auth_RulePasses("Email Verified")){ // Begin Show Region ?>

                     <form name="form1" method="post"  action="">
                      Your email address has not been verified.
                     <input type="submit" name="verify_button" id="verify_button" value="verify">
                     </form>
<?php // End Show Region ?>



And on a "protected" page, I don't want them to have access to this page even if they are logged in, UNLESS their email is verified. So the access rule is this.

If under the page access I select "email verified" I get this.

php:
<?php if (!isset($_SESSION)) {

  
session_start();
}
if (!
WA_Auth_RulePasses("Email Verified")){
    
WA_Auth_RestrictAccess("users_LogIn.php");
}

?>



Both are using the same argument aren't they? Accept one is the opposite of the other. They both have the "!" in there but the first is using Allow if and the second is using restrict if? Is that right? (here's where I get confused with all the double negatives).

The first example is a show region so if they are not verified, then I DO want them to have access to that line of text.
The second is a page access so that would say if this rule passes, grant access to this page, otherwise redirect them to the login page.

Or do I have this confused?

Thanks,
TroyD

(*I was working on this post as your previous came in. I will follow that one and submit my page. Might be later however.)

Sign in to reply to this post

troyd

Jason,

Here are a couple of my pages. Formatting stripped out to simplify things but that's it.
And the session dumb provided for each page. It's exactly the same for both pages.

The first page in question is the order_Page.php. Basically this is what will be a protected page. And it's exactly the same as the original User Registration Solution "protected page" file. What's really weird here is that this page does what is should when testing it on the original on my local server. But in the active web site, the rule is ignored. You can't access it if your not logged in, but if you are and your email is NOT confirmed, you can access it.

order_Page.php
array(3) { ["UserID"]=> &string(1) "5" ["UserEmailVerified"]=> &string(1) "0" ["UserEmail"]=> &string(27) "test@domain.com" }

This is from the users_Profile.php page. Here, the access rule works just fine. But there are two regions that should show up if your email is, or isn't confirmed. But the top one "You can access the Table Reservation Page or update your profile below." shows up no matter what. And the second area "Your email address has not been verified. Verify" never shows up. And it needs to if they are not confirmed.

users_Profile.php
array(3) { ["UserID"]=> &string(1) "5" ["UserEmailVerified"]=> &string(1) "0" ["UserEmail"]=> &string(27) "test@domain.com" }

I have completely closed my browser and reopened it every time I try a change. And it looks like the session is set. Not sure what I did but it is messed up some how.

Thanks,
TroyD

Attached Files
order_Page_WA.php.zip
users_Profile_WA.php.zip
Sign in to reply to this post

troyd

Some success!

I created a new rule called "Logged In Email Confirmed". But it actually only checks one thing, which is, "is the session for UserEmailVerified >= 1?"

Here's the rule;
case "Logged In Email Confirmed":
$comparisons[0] = array(TRUE, "".((isset($_SESSION['UserEmailVerified']))?$_SESSION['UserEmailVerified']:"") ."", 6, "1");

(not sure what the 6 means)

It seems to now do everything I need it to. Not sure why this works and the original = 1 doesn't. But there is that added UserID <> in that rule.

So it is blocking access to the protected page for the following
Not logged in at all
Logged in but not email verified

And the show regions work as well with this rule.

I have tested this by logging in as both a verified and a not verified user. And by closing my browser each time. But if I encounter trouble, I will report that for reference.
If you see anything weird in that session dump from earlier please let me know.

Thanks,
TroyD

Sign in to reply to this post

Jason ByrnesWebAssist

ok, glad to hear you have it working.


I cant see from what was posted why the other rules where not working, but if this new rule is working for you then use that one.

Sign in to reply to this post
loading

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...