close ad
Databridge V2 with MySQLi support IS Now Available!
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

SA wont allow logged in user?

Thread began 1/25/2012 10:45 am by gary.brett434358 | Last modified 1/25/2012 12:16 pm by Jason Byrnes | 1009 views | 9 replies |

gary.brett434358

SA wont allow logged in user?

Hi, first crack at SA and confused.
My users stored in table have a ContactID, ContactGroupID, Contact name etc etc. These 3 fields are stored when users log in, have tested this by adding to the redirect page after successful login.

I have it set to redirect to 'redirect.php' after login, this contains:
<?php
if(!session_id()) session_start();
switch($_SESSION['SecurityAssist_UserGroupID']) {
case "2":
header("Location: direct_tblcontacts_Results.php");
break;
case "4":
header("Location: staff_tblcontacts_Results.php");
break;
case "5":
header("Location: admin_tblcontacts_Results.php");
break;
}
?>

So far so good, but I then used SA Access Pages Manager, chose test.php and set as:

<?php
if (!WA_Auth_RulePasses("Log in success")){
WA_Auth_RestrictAccess("login.php");
}
?>

I thought this would allow logged in user to see test.php but it just redirects user to login.php?

What I need to do is allow users with ContactGroupID=4 to access this page & restrict table records to ContactID, anyone in other group would be redirected to login.php?

Any ideas?

Thanks

Sign in to reply to this post

Jason ByrnesWebAssist

this is using the Login Success access rule, use the "Logged into <your uses table>" access rule instead.

Sign in to reply to this post

gary.brett434358

Originally Said By: Jason Byrnes
  this is using the Login Success access rule, use the "Logged into <your uses table>" access rule instead.  



Hi Jason, thanks again, that works but allows any users in our DB to access any page. We have 4 user groups in the table, could I limit access to certain pages to certain groups:

ContactGroupID = 2 access to client.php
ContactGroupID = 3 access to admin.php
ContactGroupID = 4 access to staff.php
ContactGroupID = 5 access to staff.php & admin.php


I briefly looked at setting up groups in SA but a little confused?

Cheers

Sign in to reply to this post

Jason ByrnesWebAssist

you would need to create a separate rule for each group. for example, create a rule for ContactGroupID 2 as:

Allow if
value: click the lightning bolt and select the SecurityAssist_UserGroupID session variable
Critirea: =
Compare to: 2

then apply that access rule to the client.php page.


same format for the other rules, just change the value entered in the compare to setting.

Sign in to reply to this post

gary.brett434358

Hi Jason, yes I copied the 'Logged Into TableContacts' rule, applied rule to level 4 and it seems to work fine.

To allow 2 groups to access a page would I just the the 'OR' command like 4 OR 5? The compare field seem to take this but the code on page stays the same so I am thinking not?

Would it be better to add SA rules for level 4 & 5, then apply rules one at a time to to the pages in question, can I even do that?
regards

Sign in to reply to this post

Jason ByrnesWebAssist

no to allow 4 or 5 first go to the access groups manager. create a new access group named "Group 4 or 5"

in group member click the plus button and enter 4, click the plus button a second time and enter 5

now create the access rule as:
Allow if: click the lightning bolt and select the SecurityAssist_UserGroupID session variable
criteria: In Group
Compare to: Group 4 or 5

Sign in to reply to this post

gary.brett434358

Brilliant stuff, that's explained it clearly and all works. Am I also able to filter recordset data via a session value? the ContactID is stored after login and I would like that to filter a recordset.

On the page I open up the rs, would I need to add WHERE ContactID=SecurityAssist_ContactID, this return zero records even though there are 2 matching the SecurityAssist_ContactID of 70?

Sign in to reply to this post

Jason ByrnesWebAssist

in the recordset add:

WHERE ContactID = paramContactID

in the variables section, create a new variable:
name: paramContactID
type: number
default value: -1
Run Time Value: $_SESSION['SecurityAssist_ContactID']


this is the same way the recordset on the profile is created.

Sign in to reply to this post

gary.brett434358

Oh my, I would have been looking for the answer to that forever Jason, thank you for the lightening response as usual.

Final question of the day I promise! Could I edit '$_SESSION['SecurityAssist_ContactID']' to
exclude ContactID=100?

ContactID 100 is the admin who should see all records so no filter is set? No problems if not I can easily duplicate all the pages for each table and send admin there after login, therefore keeping recordsets/pages separate.

Kind regards

Gary

Sign in to reply to this post

Jason ByrnesWebAssist

no the ID cannot be conditional, you should create a separate set of pages for the admin.

Sign in to reply to this post
loading

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...