Security Rule

Hello,
To use Security Assist to create a rule that allows access to a page based on a Date Range ($startDate - $endDate) is the idea to create 2 separate rules?

For instance the first rule is IF > $startDate and the second rule is IF < $endDate
Then reroute the user elsewhere if they do not have the appropriate criteria as a session value which will be set when they login.

Yes, this is the best way or is there some other consideration?

create one rule as:

Deny IF Today is < $startDate

AND
Allow If Today is < $endDate

It's not working for some reason..

Rule:

case "Subscribed":
$comparisons[0] = array(FALSE, "".$startDate ."", 3, "".date('Y-m-d') ."");
$comparisons[1] = array(TRUE, "".$endDate ."", 3, "".date('Y-m-d') ."");
break;


Test page:

http://intuitorsports.com/test-security.php

<?php 
$startDate = '2014-9-31'; 
$endDate = '2014-10-5';
?>
<?php
if (!WA_Auth_RulePasses("Subscribed")){
	WA_Auth_RestrictAccess("purchase.php");
}
?>

Next the failure takes you to a purchase page that also fails:
It should have stayed on the test page as the date range is valid.

http://intuitorsports.com/purchase.php?accesscheck=%2Ftest-security.php%3F

This page does not load properly due to the cart code that reformats the form tag.
for instance if you go to the purchase page without the URL query string it works fine. IF accessed due to a redirect as shown in the link above it fails at the re-writen form action tag

The page loads and stops at this point:

<form name="eCart1_1_ATC_2" method="POST" action="/purchase.php

I'll need to troubleshoot directly, see the private message section.

Link provided in message above. Also FTP details provided in prior eCart posts from yesterday. I will repost these for you

details added

save start date and end date as session variables, and use strtotime to convert to a time stamp:
<?php
@session_start();
$_SESSION['startDate'] = strtotime('2014-10-3');
$_SESSION['endDate'] = strtotime('2014-10-5');
?>

make sure that is before the security assist helper require once line.

I also had the rules a little off, do the rules as:

Restrict if:
<?php echo (strtotime(date('Y-m-d'))); ?>
<
<?php echo $_SESSION['startDate']; ?>

Allow if:
<?php echo (strtotime(date('Y-m-d'))); ?>
<
<?php echo $_SESSION['endDate']; ?>

i updated the form action code to correct a syntax error, i changed:
htmlentites

to
htmlentities

Thanks Jason,
I'm working on getting additional values from the Purchase page , Cart, Checkout inserted on Purchase. The eCart object looks like it needs additional values for my start and end dates.

Where do we add the additional values to pass to the insert into DB on success of purchase?

eCart Object Charges?

add columns to the cart object to collect those values, then enter the start and end dates into those columns in the add to cart button behaivor.

Jason,
Adding columns to the cart object via the Charges tab or manually insert in the code?


Also I added the session values and also the new security rule change but still not passing as valid:

http://intuitorsports.com/test-security.php

This page sets the Sessions and on the purchase.php page you get a session dump that shows their presence.


Rule:

case "Subscribed":
$comparisons[0] = array(FALSE, "".(strtotime(date('Y-m-d'))) ."", 3, "".((isset($_SESSION['startDate']))?$_SESSION['startDate']:"") ."");
$comparisons[1] = array(TRUE, "".(strtotime(date('Y-m-d'))) ."", 3, "".((isset($_SESSION['endDate']))?$_SESSION['endDate']:"") ."");
break;

Also added as an attachment.

Rule makes total sense Restrict IF less than start date then Allow if less than end date... This gives us a valid span but something is not respecting this...