close ad
WARNING PC USERS: Do Not Install the DREAMWEAVER CC 2017 Update »
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

User Login Blocked

Thread began 2/29/2016 1:47 pm by Kumel | Last modified 3/01/2016 12:02 am by Ray Borduin | 300 views | 11 replies |

Kumel

User Login Blocked

After creating Login pages & etc with security assist, I added new column on users table as Deleted.
So if a user is deleted then Y else N.
Default value for column: Deleted is 'N'

So lets say if a user is Deleted. So his data is not deleted but then just column Deleted becomes 'Y' (Yes)
So lets say if that same deleted user tries to login, How do we not let him login & also display error at login page as to he was deleted so he can not login.

How do we do this?

Sign in to reply to this post

Ray BorduinWebAssist

You can store the value of the Deleted column in the session, then update the Security Assist Rule so that the value of the session variable has to equal "N" in order to pass the validation.

Sign in to reply to this post

Kumel

so i went into login.php
from server behavior panel i clicked SecurityAssist Authenticate user it contained this at start:

if((((isset($_SESSION["SecurityAssist_ID"]) && $_SESSION["SecurityAssist_ID"] != "")?"LoggedIn":"") == "")&&(((isset($_COOKIE["AutoLoginUN"]))?$_COOKIE["AutoLoginUN"]:"") != "")&&(((isset($_COOKIE["AutoLoginPWD"]))?$_COOKIE["AutoLoginPWD"]:"") != "")){



After clicking,under session values i choosed Deleted and did ok.

then update the Security Assist Rule so that the value of the session variable has to equal "N" in order to pass the validation.

update how?

Sign in to reply to this post

Ray BorduinWebAssist

There are two authenticate server behaviors on the page. Make sure you update both of them to store the Deleted column in the session.

Then go to the security assist rule and add "Restrict IF" $_SESSION['Deleted'] = "Y" to the logged in user rule you are using to restrict access on the pages.

Sign in to reply to this post

Kumel

I went to acces page rule, selected Logged in to Users. then screenshot attached.. i logged in using deleted user still it does login.

Sign in to reply to this post

Kumel

Well seems like moving Deleted to top helped.

So how do we show error on homepage if user is blocked?

Sign in to reply to this post

Ray BorduinWebAssist

You could add a new Rule for "User Blocked" that is defined as "Allow Access" if $_SESSION['Deleted'] = "Y" and use that rule to conditionally show a message on the page.

Sign in to reply to this post

Kumel

I added this into login page:

<?php if(WA_Auth_RulePasses("User Blocked")){ // Begin Show Region ?>

<div class="alert alert-danger alert-dismissible" role="alert">
<button type="button" class="close" data-dismiss="alert" aria-label="Close">
<span aria-hidden="true">×</span>
</button>
<p>User ID Block.<br>
Please contact your admin</p>
</div>
<?php } // End Show Region ?>



SecurityAssist rule file attached.

Doesn't display error if user deleted and tried to login..
login page also attached

Sign in to reply to this post

Ray BorduinWebAssist

The session variable name you used on your login page is: "UserDeleted" but in your rule you are referring to it as just "Deleted"... you need to make sure you are referencing the variable you are storing.

Sign in to reply to this post

Kumel

Yes i checked on that. i made it UserDeleted. Still error is not displaying on login page.
Generally links becomes like this when username or password is wrong : login.php?invalid=true

but this case its : .../login.php?accesscheck=%2Floto%2Flatest%2Fdashboard.php%3F

Sign in to reply to this post
loading

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...