close ad
WARNING PC USERS: Do Not Install the DREAMWEAVER CC 2017 Update »
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

User Login - multiple table session variables

Thread began 3/13/2015 5:39 am by georgina_barrett_187762 | Last modified 3/17/2015 12:43 pm by Jason Byrnes | 662 views | 5 replies |

georgina_barrett_187762

User Login - multiple table session variables

I have 2 tables a client table and a product table. The username and password are stored in the product table as a client can log in to different websites depending on what product they have and they can use different usernames/passwords for each website.

On this particular website there are 2 login levels; a manager login and staff login. When a user logs in they are taken to the manager login and if they don't have the correct permissions they are redirected to the staff login.

My problem is the value that determines whether the user is manager or staff is stored in the clients table (usertype) as this will always be the same regardless of what products they have.

When the user logs in I can store session variables but only from the table where the username and password is stored.

I have tried creating a recordset on the manager login page to pull the 'clienttype' and then add the security access but it doesn't work. Is there anyway of storing this variable on login?

This is the page code...

$colname_client = "-1";
if (isset($_GET['Login_ClientID'])) {
$colname_client = $_GET['Login_ClientID'];
}
mysql_select_db($database_extratime, $extratime);
$query_client = sprintf("SELECT customercontacts.`Ref`, customercontacts.Title, customercontacts.Surname, customercontacts.FirstName, customercontacts.ClientType, customercontacts.ClientTypeLevel FROM customercontacts WHERE customercontacts.`Ref`=%s", GetSQLValueString($colname_client, "int"));
$client = mysql_query($query_client, $extratime) or die(mysql_error());
$row_client = mysql_fetch_assoc($client);
$totalRows_client = mysql_num_rows($client);
?>
<?php require_once( "../webassist/security_assist/helper_php.php" ); ?>
<?php
if (!WA_Auth_RulePasses("mlogin")){
WA_Auth_RestrictAccess("../login/index.php");
}


This is the securityhelper code

<?php

function WA_Auth_GetComparisonsForRule($ruleName){
$comparisons = array();

switch ($ruleName){
case "login":
$comparisons[0] = array(TRUE, "".$row_client['ClientTypeLevel'] ."", 1, "2");
break;
case "mlogin":
$comparisons[0] = array(TRUE, "".$row_client['ClientTypeLevel'] ."", 1, "1");
break;
}
return $comparisons;
}


function WA_Auth_GetGroup($groupName){
$group = Array();

switch($groupName){

}

return $group;
}

?>

Sign in to reply to this post

Jason ByrnesWebAssist

using recordset values in the access rules won't work correctly.

This is because the recordset will always be added to the page after the code that attaches security assist to the page.

instead, you should create the recordset, then use the set session value behavior to save the ClientTypeLevel to a session, and use that session in the access rules.

you will need to make sure the code for the recordset and to save the session comes before the access rule.

Sign in to reply to this post

georgina_barrett_187762

I have tried doing it with Session variables but it still isn't working this is my code...

<?php session_start(); ?>
<?php require_once('../Connections/extratime.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}

$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
?>
<?php

$colname_client = "-1";
if (isset($_GET['Login_ClientID'])) {
$colname_client = $_GET['Login_ClientID'];
}
mysql_select_db($database_extratime, $extratime);
$query_client = sprintf("SELECT customercontacts.`Ref`, customercontacts.Title, customercontacts.Surname, customercontacts.FirstName, customercontacts.ClientType, customercontacts.ClientTypeLevel FROM customercontacts WHERE customercontacts.`Ref`=%s", GetSQLValueString($colname_client, "int"));
$client = mysql_query($query_client, $extratime) or die(mysql_error());
$row_client = mysql_fetch_assoc($client);
$totalRows_client = mysql_num_rows($client);
?>
<?php
if (!session_id()) session_start();
if("" == "") {
$_SESSION["clienttypelevel"] = "".$row_client['ClientTypeLevel'] ."";
}
?>
<?php require_once( "../webassist/security_assist/helper_php.php" ); ?>
<?php
if (!WA_Auth_RulePasses("mlogin")){
WA_Auth_RestrictAccess("../login/index.php");
}
?>


And the helpergroupsrulesphp...
<?php

function WA_Auth_GetComparisonsForRule($ruleName){
$comparisons = array();

switch ($ruleName){
case "login":
$comparisons[0] = array(TRUE, "".((isset($_SESSION['clienttypelevel']))?$_SESSION['clienttypelevel']:"") ."", 1, "2");
break;
case "mlogin":
$comparisons[0] = array(TRUE, "".((isset($_SESSION['clienttypelevel']))?$_SESSION['clienttypelevel']:"") ."", 1, "1");
break;
}
return $comparisons;
}


function WA_Auth_GetGroup($groupName){
$group = Array();

switch($groupName){

}

return $group;
}

?>

Sign in to reply to this post

Jason ByrnesWebAssist

$_GET['Login_ClientID'] is not the correct variable to use. the ID is not saved to a get variable, it is saved to a Session Variable. assuming that Login_ClientID is the name of the session created by the login behavior, the run time value to use in the recordset is:
$_SESSION['Login_ClientID']

and you may need to add:
<?php @session_start(); ?>

at line 1 of the page.

Sign in to reply to this post

georgina_barrett_187762

duh! I should have spotted that thanks.

Sign in to reply to this post

Jason ByrnesWebAssist

you're welcome.

Sign in to reply to this post

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...