Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

› WebAssist Forums › Data Bridge › SecurityAssist › SA wont allow logged in user?

SA wont allow logged in user?

Thread began 1/25/2012 7:45 am by gary.brett434358 | Last modified 1/25/2012 9:16 am by Jason Byrnes | 2359 views | 9 replies |

1/25/2012 7:45 am | #1 gary.brett434358

SA wont allow logged in user?

Hi, first crack at SA and confused.
My users stored in table have a ContactID, ContactGroupID, Contact name etc etc. These 3 fields are stored when users log in, have tested this by adding to the redirect page after successful login.

I have it set to redirect to 'redirect.php' after login, this contains:
<?php
if(!session_id()) session_start();
switch($_SESSION['SecurityAssist_UserGroupID']) {
case "2":
header("Location: direct_tblcontacts_Results.php");
break;
case "4":
header("Location: staff_tblcontacts_Results.php");
break;
case "5":
header("Location: admin_tblcontacts_Results.php");
break;
}
?>

So far so good, but I then used SA Access Pages Manager, chose test.php and set as:

<?php
if (!WA_Auth_RulePasses("Log in success")){
WA_Auth_RestrictAccess("login.php");
}
?>

I thought this would allow logged in user to see test.php but it just redirects user to login.php?

What I need to do is allow users with ContactGroupID=4 to access this page & restrict table records to ContactID, anyone in other group would be redirected to login.php?

Any ideas?

Thanks

1/25/2012 7:54 am | #2 Jason ByrnesWebAssist

this is using the Login Success access rule, use the "Logged into <your uses table>" access rule instead.

1/25/2012 8:03 am | #3 gary.brett434358

Originally Said By: Jason Byrnes

this is using the Login Success access rule, use the "Logged into <your uses table>" access rule instead.

Hi Jason, thanks again, that works but allows any users in our DB to access any page. We have 4 user groups in the table, could I limit access to certain pages to certain groups:

ContactGroupID = 2 access to client.php
ContactGroupID = 3 access to admin.php
ContactGroupID = 4 access to staff.php
ContactGroupID = 5 access to staff.php & admin.php

I briefly looked at setting up groups in SA but a little confused?

Cheers

1/25/2012 8:10 am | #4 Jason ByrnesWebAssist

you would need to create a separate rule for each group. for example, create a rule for ContactGroupID 2 as:

Allow if
value: click the lightning bolt and select the SecurityAssist_UserGroupID session variable
Critirea: =
Compare to: 2

then apply that access rule to the client.php page.

same format for the other rules, just change the value entered in the compare to setting.

1/25/2012 8:16 am | #5 gary.brett434358

Hi Jason, yes I copied the 'Logged Into TableContacts' rule, applied rule to level 4 and it seems to work fine.

To allow 2 groups to access a page would I just the the 'OR' command like 4 OR 5? The compare field seem to take this but the code on page stays the same so I am thinking not?

Would it be better to add SA rules for level 4 & 5, then apply rules one at a time to to the pages in question, can I even do that?
regards

1/25/2012 8:21 am | #6 Jason ByrnesWebAssist

no to allow 4 or 5 first go to the access groups manager. create a new access group named "Group 4 or 5"

in group member click the plus button and enter 4, click the plus button a second time and enter 5

now create the access rule as:
Allow if: click the lightning bolt and select the SecurityAssist_UserGroupID session variable
criteria: In Group
Compare to: Group 4 or 5

1/25/2012 8:36 am | #7 gary.brett434358

Brilliant stuff, that's explained it clearly and all works. Am I also able to filter recordset data via a session value? the ContactID is stored after login and I would like that to filter a recordset.

On the page I open up the rs, would I need to add WHERE ContactID=SecurityAssist_ContactID, this return zero records even though there are 2 matching the SecurityAssist_ContactID of 70?

1/25/2012 8:45 am | #8 Jason ByrnesWebAssist

in the recordset add:

WHERE ContactID = paramContactID

in the variables section, create a new variable:
name: paramContactID
type: number
default value: -1
Run Time Value: $_SESSION['SecurityAssist_ContactID']

this is the same way the recordset on the profile is created.

1/25/2012 9:01 am | #9 gary.brett434358

Oh my, I would have been looking for the answer to that forever Jason, thank you for the lightening response as usual.

Final question of the day I promise! Could I edit '$_SESSION['SecurityAssist_ContactID']' to
exclude ContactID=100?

ContactID 100 is the admin who should see all records so no filter is set? No problems if not I can easily duplicate all the pages for each table and send admin there after login, therefore keeping recordsets/pages separate.

Kind regards

Gary

1/25/2012 9:16 am | #10 Jason ByrnesWebAssist

no the ID cannot be conditional, you should create a separate set of pages for the admin.

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now. Build a store, a gallery, or a web-based email solution.