Test SecurityAssist 2

I've tried testing a page I've restricted access to using SecurityAssist. I keep getting messages that the "page cannot be displayed" in each of several different browsers.

I had trouble getting a record inserted into the Visitors table but after several tries I did get a record inserted but got this message on the registration.php screen

Warning: Cannot modify header information - headers already sent by (output started at C:\wamp\www\securitytest\registration.php:1) in C:\wamp\www\securitytest\registration.php on line 62

Pages that have not been protected still display OK in several different browsers.

If I strip out the php code from a protected page, save it and relaunch it, it will also display OK in several browsers.

I can access the login.php screen but when I input a valid email and password and click the Login button I get a message that the page cannot be displayed.

Several times I've deleted the php code from every protected page, deleted the login.php, logout.php, registration.php, userupdate.php and forgotpassword.php pages, deleted the webassist folder and SpryAssets folder, "saved all" in the site, restarted the PC and gone through the whole process described in the SecurityAssist 2 Getting Started Guide again and again and each time I get messages that the pages cannot be displayed when I try to view them in a browser.

I've also deleted the Visitors table as well as deleting all the php code from protected pages and deleting all the webassist generated pages, saved all, restarted the PC and gone through the whole setup process again but I still can’t view the protected pages as well as not being able to view webassist generated pages after pressing the associated login/register, etc button.

What do I need to do differently to make this security work?

Thanks,
Robert

Please send a copy of your Security Assist pages so i can examine the code.

Jason,

The SecurityAssist-generated files are attached.

And this is the code inserted at the top of protected pages:

<?php virtual( "/securitytest/webassist/security_assist/helper_php.php" ); ?>
<?php
if (!WA_Auth_RulePasses("Logged in to pcms2_users")){
WA_Auth_RestrictAccess("/securitytest/login.php");
}
?>

Thanks,
Robert

using the virtual function to call the include files is causing the problems.


Dreamweaver is using the "virtual" syntax because in your Site Definition, the "Create Links Relative To:" option is set to Site. If you change that to "Document" instead, Dreamweaver will use the "require_once"syntax.

Thanks Jason, that seems to help.

Are there links created anywhere in the SecurityAssist-generated pages that I will need to modify so they will be consistent with all the other site relative links throughout the site?

When I setup security using Authenticate User in Dreamweaver I was able to direct the user to a specific webpage if the login was successful. Is there a way to do that using SecurityAssist?

Thanks,
Robert

all of the security assist links will be created as document relative, but you can convert any that you want to be site relative.


to set a redirect page, open the server behaviors panel, double click the Security Assist Authenticate user behavior, and set the Success redirect.

Also in Dreamweaver I was able to create numerous login screens that looked identical but were accessed from different places in the site that then popped up when trying to access specific pages. If the login was successful the user would then be directed to that specific page.

Can I do the same thing with the SecurityAssist Login page by simply copying the SecurityAssist-generated Login page and renaming it and then modify the Security Assist Authenticate user behavior in the server behaviors panel followed by changing the name of the login page used by each protected page using SecurityAssist Restrict Access to Page also in the sever behaviors panel?

Thanks,
Robert

Originally Said By: Jason Byrnes

  all of the security assist links will be created as document relative, but you can convert any that you want to be site relative.


to set a redirect page, open the server behaviors panel, double click the Security Assist Authenticate user behavior, and set the Success redirect.  

Jason,

Prior to setting up security using SeacurityAssist, I used Dreamweaver's Insert>>Data Objects>>User Authentication>>Log Out User which permitted me to create a link on a protected page that when clicked would logout the user and redirect them to the home page.

Using SecurityAssist I've only been able to logout by opening the SecurityAssist-generated logout page in a browser. Creating a link on a protected page logs out the user but leaves the user on the logout page. Is there a way to logout the user and redirect them to the homepage?

Thanks,
Robert

to the login page, add a restrict access behavior. Go to WebAssist -> Security Assist -> Secure Page.

from the Grant Access If list, select the "Not Logged in to <Name of your users table>" Rule (where <Name of your users table> is the name of your users table).

Set the redirect to point to the home pagew.


you may need to re order the code so that the Clear Session Variable code is before the restrict access code.

Jason,

I thought I had all the login pages setup correctly with the appropriate webpage opening after logging in from specific login pages.

Now after reading your last post I get the impression I'm supposed to restrict access to "Login" pages. Is that correct?

Among the many new Server Behaviors created by SecurityAssist for the SecurityAssist-generated "Login" page, there are 2 entries for "SecurityAssist Authenticate User."

The 1st "SecurityAssist Authenticate User":
-Trigger: any form post
-If log in succeeds, go to: home.php?loggedIn=1
-If log in fails, go to: login.php?failedLogin=1

The 2nd "SecurityAssist Authenticate User":
-Trigger: ((isset($_SESSION["SecurityAssist_UserID"]) && $_SESSION["SecurityAssist_UserID"] != "")?"LoggedIn":"") == "")&&(((isset($_COOKIE["AutoLoginUN"]))?$_COOKIE["AutoLoginUN"]:"") != "")&&(((isset($_COOKIE["AutoLoginPWD"]))?$_COOKIE["AutoLoginPWD"]:"")
-If log in succeeds, go to: "nothing is defined in this field"
-If log in fails, go to: "nothing is defined in this field"

Do I still need to add a "Restrict Access" behavior to this "Login" page?
Do I need to modify the 2 "SecurityAssist Authenticate User" Server behaviors?

Thanks,
Robert