Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

› WebAssist Forums › Data Bridge › SecurityAssist › Restrict access to page based on login and database value

Restrict access to page based on login and database value

Thread began 9/03/2013 7:56 am by rob75685 | Last modified 9/03/2013 8:39 am by Jason Byrnes | 2116 views | 5 replies |

9/03/2013 7:56 am | #1 rob75685

Restrict access to page based on login and database value

hi guys

This is an easy one I'm sure, but I'm a bit stuck

I have a SecurityAssist login page working fine, on correct login it takes me to a secured page.

What I want to do is also check that a value in my database for that user = Y (so via a CMS their access can be easily restricted)

I've added another Session Value so my user_ID and user_live sessions are:

"sessionColumns" => explode($WA_Auth_Separator,"user_ID".$WA_Auth_Separator."live"),
"sessionNames" => explode($WA_Auth_Separator,"user_ID".$WA_Auth_Separator."user_live"),

and on my protected page I've tried editing the Rules (as per the screen grab) to try and check if the 'live' column is set to Y or not...

I know this is glaringly wrong somewhere... can you set me straight please, many thanks as always

9/03/2013 7:59 am | #2 Jason ByrnesWebAssist

change the first rule from

Allow if SESSION['user_ID'] <> (blank value)

to:
Restrict if SESSION['user_ID'] = (blank value)

leave the second rule as is.

9/03/2013 8:16 am | #3 rob75685

hi Jason

Thanks for your help - this seems to log me in regardless...

Here's my Login script, and my page security is attached

<?php
if($_SERVER["REQUEST_METHOD"] == "POST"){
$WA_Auth_Parameter = array(
"connection" => $localhost,
"database" => $database_localhost,
"tableName" => "partners",
"columns" => explode($WA_Auth_Separator,"email".$WA_Auth_Separator."password"),
"columnValues" => explode($WA_Auth_Separator,"".((isset($_POST["Log_In_group_email"]))?$_POST["Log_In_group_email"]:"") ."".$WA_Auth_Separator."".(WA_HashEncryption((isset($_POST["Log_In_group_password"]))?$_POST["Log_In_group_password"]:"")) .""),
"columnTypes" => explode($WA_Auth_Separator,"text".$WA_Auth_Separator."text"),
"sessionColumns" => explode($WA_Auth_Separator,"user_ID".$WA_Auth_Separator."live"),
"sessionNames" => explode($WA_Auth_Separator,"user_ID".$WA_Auth_Separator."live"),
"successRedirect" => "partnershome.php",
"failRedirect" => "partnerslogin.php?failedLogin=1",
"gotoPreviousURL" => TRUE,
"keepQueryString" => TRUE
);

WA_AuthenticateUser($WA_Auth_Parameter);
}
?>

9/03/2013 8:24 am | #4 Jason ByrnesWebAssist

For the first rule You have the crittirea set to "<>" (Not equals"

change it to "="

from my initkal reply:

change the first rule from

Allow if SESSION['user_ID'] <> (blank value)

to:
Restrict if SESSION['user_ID'] = (blank value)

note that I suggest 2 changes:
1) Change Allow if to Restrict If

2) Change the criteria from "<>" to "="

9/03/2013 8:33 am | #5 rob75685

Sorry - not paying attention !

That's great thanks very much

9/03/2013 8:39 am | #6 Jason ByrnesWebAssist

no worries.

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now. Build a store, a gallery, or a web-based email solution.