Restrict access to those above a certain security level AND that have a validated account

Hi there,

I'm pretty sure this is possible with WADB SA.. I just can't get it to work. ;)

I would like to restrict access to some pages based on a user having a security clearance above a certain level and they must have an activated account.

I have the security levels setup and working and dumped into a session value, and the account verification is also up and running and dumping the status into a session variable as well.

The issue is that only one of the two conditions needs to be true in order for the rule to pass (or so it seems.) This means that anyone with a verified account of any level can get to any areas as long as they pass the "activated" part of the rule and anybody can access the site if they have a security level, even if they are not activated.

How do I make both rules required to pass the check?

I hope that's as clear as mud. ;)

Thanks.

Figured it out, I needed two restricts, one for login ID being available, and one for activation being set to true. Then the accept if clearance was high enough for the zone they were requesting.

I am using a case switch to send different access levels to different areas of the website, this is on the login page - it was creating an endless loop when the user wasn't activated. I added another if statement before the case statement to redirect the user only if they were activated, and if they weren't then they get routed to the activation reminder page.

If there is more efficient way of doing all of this (and I suspect that there may be) then I would love to hear what it is. ;)

Thanks.

Using the if statement to redirect unverified users, then the switch case statement to redirect based on user level is the best way to do this.

as for the access rule, it sounds like you figured it out, use a restrict if condition to restrict if the verified session is false, then an allow condition to allow if the user level session is above a certain value.