Having Trouble with Security Assist

I am assuming I am missing something obvious. I have used the DW Login/Authentication behaviors for years, with no problems but I wanted the extra features of the WA versions. I am using PHP/MySQL

First off, it's looking for the values from my users table (called 'users') : User ID, User Name and Password. So I initially set them as:

User ID -> users.Email
User Name -> users.FirstName
Password -> users.Password

But the logon.php page was prompting for User Name which confused me, so I made both User ID and User Name map to users.Email

So when I log on it seems to work. I see "login.php?loggedIn=1" in my address bar.

Then I created a new page (logtest.php) and selected Server Behaviors -> Web Assist -> Security Assist -> Secure Page and when it asks for a rule I select "Logged in to users" and redirect to login.php on failure.

The problem is it aways fails, I always get redirected to logon.php

Here is my logtest.php page:

<?php require_once( "webassist/security_assist/helper_php.php" ); ?>
<?php
if (!WA_Auth_RulePasses("Logged in to users")){
WA_Auth_RestrictAccess("login.php");
}

@session_start();
?>

<!doctype html>
<html>
<head>
<meta charset="UTF-8">
<title>testing</title>
</head>

<body>
<p> You are logged in </p>
</body>
</html>

Checking my server variables I see I have:

SecurityAssist_ID xx@yyyy.com
FirstName Fred
Admin 9

The last two are values from my users table.

I am at a total loss. I've been working on this for hours, trying all sorts of combinations. i'm sure I'm just missing something simple.

Thanks in advance for any help.

User ID should be the primary key column of your table.

UserName should be the email address column

you want the user to type the email address and password when they log in.

So the Username column is the email, and the password column is the password.

when the user logs in, the Primary Key value from the ID column will be stored in a session and used to identify the logged in user.

email is the primary key on my users table, so I had User Name and User ID set to email.

I went back and made an auto increment field the primary key in the users table and rebuild the security pages from scratch. No change, I cannot get past the restrict access behavior.

The old DW behavior checked for a session variable "MM_Username" to determine if somebody was logged in. What is the actual mechanism that SA uses?

Security assist creates a session variable to track the users ID, this is used to determine if the user is logged in. The name of the session changes depending on the name of the ID column.

I'll need to troubleshoot directly, see the private message section.

See PM

I dont see a registration page so i can create an account?

see PM

PM sent

The webassist/security_assist/helpergrouprules files on your server does not have any code for the logged into users rule in it.

make sure you upload that file after running the security assist wizard so the access rule will be defined on the server.

That seemed to have fixed it. Thanks!