Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

› WebAssist Forums › Data Bridge › SecurityAssist › Cannot access page even though logged in

Cannot access page even though logged in

Thread began 6/08/2011 7:29 am by A Sound Design | Last modified 6/30/2011 11:02 am by Jason Byrnes | 2803 views | 12 replies |

6/08/2011 7:29 am | #1 A Sound Design

Cannot access page even though logged in

I am using SA 2 and have created login, registration pages etc. using the wizard.

I can successfully register and login but when I try to access a page that is protected using the Access Pages Manager I am continually redirected to the Access Denied page I have created. In the MySQL table I have set a field UserLevel as Int (11). I manually assign a user access level to each registered user, where administrators are level 3. In the SA Secure Page settings for each page I have it as in the attached screenshot. I cannot see why this does not work based upon this rule setting.

The code at the top of the page is

php:

<?php require_once( "../webassist/security_assist/helper_php.php" ); ?>
<?php
if (!WA_Auth_RulePasses("Administrator")){
    WA_Auth_RestrictAccess("access_denied.php");
}
?>
<?php
//initialize the session
if (!isset($_SESSION)) {
  session_start();
}

// ** Logout the current user. **
$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){
  $logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
  //to fully log out a visitor we need to clear the session varialbles
  $_SESSION['MM_Username'] = NULL;
  $_SESSION['MM_UserGroup'] = NULL;
  $_SESSION['PrevUrl'] = NULL;
  unset($_SESSION['MM_Username']);
  unset($_SESSION['MM_UserGroup']);
  unset($_SESSION['PrevUrl']);
    
  $logoutGoTo = "logout.php";
  if ($logoutGoTo) {
    header("Location: $logoutGoTo");
    exit;
  }
}
?>

Thanks in advance. I'm now way behind on schedule for this project so any help appreciated.

6/08/2011 10:42 am | #2 Jason ByrnesWebAssist

Does the login page set the UserLevel Session?

Double click the Authenticate User server behavior on the login page and go to the third page, make sure the UserLevel column is added to the list of sessions to set.

just to double check what sessions are being set, add the following code to the access denied page:

php:

</pre><?php var_dump($_SESSION); ?></pre>

6/08/2011 12:28 pm | #3 A Sound Design

Originally Said By: Jason Byrnes

php:

</pre><?php var_dump($_SESSION); ?></pre>

The output from the above code simply says 'NULL'. I've attached the code for the login page.

Attached Files

6/08/2011 12:46 pm | #4 Jason ByrnesWebAssist

that make me think the server is not setting session variables properly.

use the session test page from the following thread to test the servers session management:
showpost.php?p=23826&postcount=2

if the session test fails, you will need to contact the host to have them correct the problem, it is most likely a bad setting for the session.save_path in the php.ini

6/08/2011 1:20 pm | #5 A Sound Design

Uploaded that file and the server passed the test. Btw, I'm using XAMPP on local testing server.

6/08/2011 1:33 pm | #6 Jason ByrnesWebAssist

strange,

try changing:

php:

</pre><?php var_dump($_SESSION); ?></pre>

to:

php:

</pre><?php @session_start(); var_dump($_SESSION); ?></pre>

6/08/2011 1:56 pm | #7 A Sound Design

Outputs

array(3) { ["WAENCRYPTEDRETURNUSED"]=> bool(false) ["WAENCRYPTEDRETURNSUCCESS"]=> bool(false) ["test"]=> string(4) "test" }

6/09/2011 6:57 am | #8 Jason ByrnesWebAssist

I have created a support ticket so we can look into this issue further.

To view and edit your support ticket, please log into your support history:
supporthistory.php

If anyone else is experiencing this same issue, please append to this thread.

6/09/2011 7:23 am | #9 A Sound Design

Originally Said By: Jason Byrnes

Thanks, but I had to uninstall version 2 and go back to version 1.1.9 for now at least so that I can get the job finished. Still took a bit of fiddling but at least I can create a registration page, a login page and get pages secured.

I have had nothing but problems with version 2 since installing it and have spent hours of my time, and money on the upgrade unless I can get it to work. I'll come back to this once I have this project finished as that is the immediate priority.

6/09/2011 7:30 am | #10 Jason ByrnesWebAssist

ok, if you run into problems again with version 2, update the ticket that was created and we will look into the cause of the issue with you over the phone.

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now. Build a store, a gallery, or a web-based email solution.