close ad
Install the LAtest Updates to Work with CC 2017 and CC 2018
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

Test SecurityAssist 2

Thread began 10/26/2011 4:47 am by rminshul431464 | Last modified 10/27/2011 11:49 pm by rminshul431464 | 1508 views | 13 replies |

rminshul431464

Test SecurityAssist 2

I've tried testing a page I've restricted access to using SecurityAssist. I keep getting messages that the "page cannot be displayed" in each of several different browsers.

I had trouble getting a record inserted into the Visitors table but after several tries I did get a record inserted but got this message on the registration.php screen

Warning: Cannot modify header information - headers already sent by (output started at C:\wamp\www\securitytest\registration.php:1) in C:\wamp\www\securitytest\registration.php on line 62

Pages that have not been protected still display OK in several different browsers.

If I strip out the php code from a protected page, save it and relaunch it, it will also display OK in several browsers.

I can access the login.php screen but when I input a valid email and password and click the Login button I get a message that the page cannot be displayed.

Several times I've deleted the php code from every protected page, deleted the login.php, logout.php, registration.php, userupdate.php and forgotpassword.php pages, deleted the webassist folder and SpryAssets folder, "saved all" in the site, restarted the PC and gone through the whole process described in the SecurityAssist 2 Getting Started Guide again and again and each time I get messages that the pages cannot be displayed when I try to view them in a browser.

I've also deleted the Visitors table as well as deleting all the php code from protected pages and deleting all the webassist generated pages, saved all, restarted the PC and gone through the whole setup process again but I still can’t view the protected pages as well as not being able to view webassist generated pages after pressing the associated login/register, etc button.

What do I need to do differently to make this security work?

Thanks,
Robert

Sign in to reply to this post

Jason ByrnesWebAssist

Please send a copy of your Security Assist pages so i can examine the code.

Sign in to reply to this post

rminshul431464

WebAssist Files

Jason,

The SecurityAssist-generated files are attached.

And this is the code inserted at the top of protected pages:

<?php virtual( "/securitytest/webassist/security_assist/helper_php.php" ); ?>
<?php
if (!WA_Auth_RulePasses("Logged in to pcms2_users")){
WA_Auth_RestrictAccess("/securitytest/login.php");
}
?>

Thanks,
Robert

Attached Files
webassistfiles.zip
Sign in to reply to this post

Jason ByrnesWebAssist

using the virtual function to call the include files is causing the problems.


Dreamweaver is using the "virtual" syntax because in your Site Definition, the "Create Links Relative To:" option is set to Site. If you change that to "Document" instead, Dreamweaver will use the "require_once"syntax.

Sign in to reply to this post

rminshul431464

Thanks Jason, that seems to help.

Are there links created anywhere in the SecurityAssist-generated pages that I will need to modify so they will be consistent with all the other site relative links throughout the site?

When I setup security using Authenticate User in Dreamweaver I was able to direct the user to a specific webpage if the login was successful. Is there a way to do that using SecurityAssist?

Thanks,
Robert

Sign in to reply to this post

Jason ByrnesWebAssist

all of the security assist links will be created as document relative, but you can convert any that you want to be site relative.


to set a redirect page, open the server behaviors panel, double click the Security Assist Authenticate user behavior, and set the Success redirect.

Sign in to reply to this post

rminshul431464

Also in Dreamweaver I was able to create numerous login screens that looked identical but were accessed from different places in the site that then popped up when trying to access specific pages. If the login was successful the user would then be directed to that specific page.

Can I do the same thing with the SecurityAssist Login page by simply copying the SecurityAssist-generated Login page and renaming it and then modify the Security Assist Authenticate user behavior in the server behaviors panel followed by changing the name of the login page used by each protected page using SecurityAssist Restrict Access to Page also in the sever behaviors panel?

Thanks,
Robert

Sign in to reply to this post

rminshul431464

Logout

Originally Said By: Jason Byrnes
  all of the security assist links will be created as document relative, but you can convert any that you want to be site relative.


to set a redirect page, open the server behaviors panel, double click the Security Assist Authenticate user behavior, and set the Success redirect.  



Jason,

Prior to setting up security using SeacurityAssist, I used Dreamweaver's Insert>>Data Objects>>User Authentication>>Log Out User which permitted me to create a link on a protected page that when clicked would logout the user and redirect them to the home page.

Using SecurityAssist I've only been able to logout by opening the SecurityAssist-generated logout page in a browser. Creating a link on a protected page logs out the user but leaves the user on the logout page. Is there a way to logout the user and redirect them to the homepage?

Thanks,
Robert

Sign in to reply to this post

Jason ByrnesWebAssist

to the login page, add a restrict access behavior. Go to WebAssist -> Security Assist -> Secure Page.

from the Grant Access If list, select the "Not Logged in to <Name of your users table>" Rule (where <Name of your users table> is the name of your users table).

Set the redirect to point to the home pagew.


you may need to re order the code so that the Clear Session Variable code is before the restrict access code.

Sign in to reply to this post

rminshul431464

Restrict Access to Login Pages?

Jason,

I thought I had all the login pages setup correctly with the appropriate webpage opening after logging in from specific login pages.

Now after reading your last post I get the impression I'm supposed to restrict access to "Login" pages. Is that correct?

Among the many new Server Behaviors created by SecurityAssist for the SecurityAssist-generated "Login" page, there are 2 entries for "SecurityAssist Authenticate User."

The 1st "SecurityAssist Authenticate User":
-Trigger: any form post
-If log in succeeds, go to: home.php?loggedIn=1
-If log in fails, go to: login.php?failedLogin=1

The 2nd "SecurityAssist Authenticate User":
-Trigger: ((isset($_SESSION["SecurityAssist_UserID"]) && $_SESSION["SecurityAssist_UserID"] != "")?"LoggedIn":"") == "")&&(((isset($_COOKIE["AutoLoginUN"]))?$_COOKIE["AutoLoginUN"]:"") != "")&&(((isset($_COOKIE["AutoLoginPWD"]))?$_COOKIE["AutoLoginPWD"]:"")
-If log in succeeds, go to: "nothing is defined in this field"
-If log in fails, go to: "nothing is defined in this field"

Do I still need to add a "Restrict Access" behavior to this "Login" page?
Do I need to modify the 2 "SecurityAssist Authenticate User" Server behaviors?

Thanks,
Robert

Sign in to reply to this post
loading

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...