First time use of SA...

Hi Jason

First time of using security assist and have been playing around with it to try and achieve what I need to do but failing abysmally....

Basically the client wants 2 secure pages set up. One is for staff, the other is for governors.

They want 1 login details per page (ie 1 for staff and 1 for governors) - this is their requirement, not mine

When a governor logs in, they go to the protected governor page
When a staff member logs in they get takent to the protected staff page...

I have been going round and round in circles trying to get this done and would really appreciate some help please...

Cheers

Jamie

Basically, this is user level authentication, there is a tutorial for user level authentication on the security assist support page in the archived documentation section. it was written for security assist 1, but the concept is the same in security assist 2.

thanks Jason will check it out

have been going through the tutorial you mentioned and it references the blue_sky_music database and was wondering if I need that and if so where would I find it?

Thanks

Jamie

it's attached to the manage relational table tutorial here:
data_bridge_manage_relational_table.php

Hey Jason

I have been going round in circles and not able to get this login to work at all....

I have also tried to pick apart what Ray helped me with on another login from a different site but still no joy.

Would appreciate any help please - have attached the files and db in a zip.

Basically, index.php is the login page, which *should* on successfull login take the user to secure.php

There are 2 logins (using UserFirstName as the username and UserPassword as the password)

Once logged in, secure.php should show relevant content based on the login details

ie if logging in as staff, staff content shows etc...

The 2 logins are:

Staff / test
and
Governors / test

Thanks in advance

Jamie

I'll need more details. you describe what should happen, so i have a good idea of the expected result, but you don't describe what actually does happen when try to log in, only that it doesn't work, I need more detail than that to be able to help determine what the problem is.

also, you don't include details on how the access rules are created.

What are the settings you mused for the Staff access rule? what about for the Governors rule?

Hey Jason

Hope you had a good long weekend and Labor Day...

Right, re the above, I have set it up on a live test server:

This is the login page:
test-computer.com/

This is the failed login page:
login-failed.php

On successful login you are taken to the page
secure.php

where the content will depend on which login you have used:
If you use the login
Staff
test
you will see the content relevant to staff

if you use the login
Governors
test
you will see the content relevant to governors

If you go to the secure.php page without logging in you see nothing.

The access rules are:
Governors
Allow if <?php echo $_SESSION['UserID']; ?> = 2
Staff
Allow if <?php echo $_SESSION['UserID']; ?> = 1

This all works fine but am wondering how to do a couple of things:

1. if someone lands on secure.php that isnt logged in or shouldnt be there, how would I redirect them straight away to the login page?
2.how would I link up the Super Admin and User logins to be able to access without having to login as staff or governor?

Thanks

Jamie

Ok have managed to sort of figure this out... just one last hurdle which is doing my noggin in....

basically, on the secure page I have set up 3 show regions

staff, governors, permision denied

the staff and governors side of things works fine and the relevnat one shows when using the right login.

What I can get to work is the permision denied which should show if neither of the logins work and it just shows some text

<?php if(WA_Auth_RulePasses("Staff")){ // Begin Show Region ?>

            <?php echo WA_getCMSContent($database_PowerCMSConnection, $PowerCMSConnection, 'Secure Pages', 'Staff'); ?>

            <?php } // End Show Region ?>

<?php if(WA_Auth_RulePasses("Governors")){ // Begin Show Region ?>

            <?php echo WA_getCMSContent($database_PowerCMSConnection, $PowerCMSConnection, 'Secure Pages', 'Governors'); ?>

            <?php } // End Show Region ?>

            

              <?php if(WA_Auth_RulePasses("No permission")){ // Begin Show Region ?>

                <p>You do not have permission to view the content on these pages.</p>

                <?php } // End Show Region ?>

I can figure out what the rule should be on this basis that if the login is incorrect for either of the first 2, then the permission denied comment shows.....

At the moment, the 'No permission' rule I am using is as per the screenshot attached....

Cheers

Jamie

Your denied rule should use groups.

Set the denied rule as:

Deny IF
Value: <?php echo $_SESSION['UserID']; ?>
Criteria: In Group


Next to the groups list, click the button to create a new group. Name the group "Allowed", and add the values 1 and 2 as group members.

after creating the group, select it in the list for the denied rule.