close ad
 
Important WebAssist Announcement
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

Access rule with third condition not working.

Thread begun 9/20/2017 7:51 am by s.joiner74419001 | Last modified 9/21/2017 12:16 pm by Ray Borduin | 2278 views | 6 replies |

s.joiner74419001

Access rule with third condition not working.

trying to add a secure page behaviour to a page, which in the past has been a simple process, but currently I am unable to get this to work.
I have created a login system manually ( not using WA Create Security Pages ) which I have done before with no issues.

The problem seems to be when I want to add a third condition to the access rule.

If i use the access rule that has two conditions such as:

case "logged in to registered_apps":
$comparisons[0] = array(TRUE, "".((isset($_SESSION['acc_id']))?$_SESSION['acc_id']:"") ."", 2, "");
$comparisons[1] = array(TRUE, "".((isset($row_rsCurrentUser['email_verified']))?$row_rsCurrentUser['email_verified']:"") ."", 1, "1");

this works fine.

But the particular page I am wanting to secure needs a third condition which checks the database to see if the ’status’ column in the database has a value of ‘Consolidation’. If it doesn’t then it redirects to a different page.

so the access rule would be as as follows:

case "Logged in and Consolidation":
$comparisons[0] = array(TRUE, "".((isset($_SESSION['acc_id']))?$_SESSION['acc_id']:"") ."", 2, "");
$comparisons[1] = array(TRUE, "".((isset($row_rsCurrentUser['email_verified']))?$row_rsCurrentUser['email_verified']:"") ."", 1, "1");
$comparisons[2] = array(TRUE, "".((isset($row_rsCurrentUser['status']))?$row_rsCurrentUser['status']:"") ."", 1, "Consolidation");

So on the page I’m wanting to secure would be the following:

<?php
if (!WA_Auth_RulePasses("Logged in and Consolidation")){
WA_Auth_RestrictAccess("consent-list.php");
}
?>

I've attached relevant pages..

Thanks in advance!

Sign in to reply to this post

s.joiner74419001

Remote Access

see private message for remote access to test site.

Sign in to reply to this post

Ray BorduinWebAssist

You shouldn't be referencing the recordset directly in rules. You should instead save the recordset values as session variables during login and then use the session variable in the rule. I think that is probably the source of the problem.

Sign in to reply to this post
Did this help? Tips are appreciated...

s.joiner74419001

I’ve tried what you suggested but it still isn’t working for me.

I have added two session values to the ‘Authenticate user’ behaviour. which are ‘email_verified’ and ‘status’.

A successful login directs to the ‘consent-consolidation.php’ page, which uses the following rule:

case "Logged in and Consolidation":
$comparisons[0] = array(FALSE, "".((isset($_SESSION['acc_id']))?$_SESSION['acc_id']:"") ."", 1, "");
$comparisons[1] = array(TRUE, "".((isset($_SESSION['email_verified']))?$_SESSION['email_verified']:"") ."", 1, "1");
$comparisons[2] = array(FALSE, "".((isset($_SESSION['status']))?$_SESSION['status']:"") ."", 1, "Consolidated");
break;

... in a secure page behaviour, if it fails it redirects to the ‘consent-list.php’ page.

So basically if a user logs in and their ‘status’ value is ‘Consolidation’ then they get access to the ‘consent-consolidation.php’ page. if their ‘status’ value is ‘Consolidated’ they get redirected to the ‘consent-list.php’ page.

But it doesn’t!!

mayne this isn’t the best way for me to achieve my goal. To put it in simple terms..

When the user logs in, if their ‘status’ value is ‘consolidation’ i want them to stay on the ‘consent-consolidation.php’ page. If their ’status’ value is ‘Consolidated’ they get redirected to the ‘consent-list.php’ page.

I’ve attached the pages as they are. Plus they are on the remote test site ( see post #2 for access ).

Thanks in advance.

Sign in to reply to this post

Ray BorduinWebAssist

So if I'm reading this right, you have a rule set up:

Restrict if $_SESSION['acc_id'] = 1
Allow if $_SESSION['email_verified'] = 1
Restrict if $_SESSION['status'] = Consolidated

The way this works is it reads down the list but once something is allowed or restricted it doesn't read any further.

So if $_SESSION['acc_id'] equals 1 it will fail the validation and won't go any further.

If $_SESSION['acc_id'] does not equal Consolidated then it will go to the next line and Allow if $_SESSION['email_verified'] equals 1. If it does than it will allow and won't read the next line.

So if you want to restrict solely on the basis of the status, you should create a separate rule and only check that value.

Sign in to reply to this post
Did this help? Tips are appreciated...

s.joiner74419001

OK so I'm a bit confused now..

So I need the page to be accessed by logged in users only, so 'acc_id' and 'emailVerified' is checked. Then I need to check on the 'status' value. if it's 'consolidation' then its accessed. If its 'consolidated' then the user is redirected to another page ( consent-list.php )

So how can I achieve these two goals?

Sign in to reply to this post

Ray BorduinWebAssist

Restrict if $_SESSION['acc_id'] does not equal 1
Restrict if $_SESSION['email_verified'] does not equal 1
Restrict if $_SESSION['status'] does not equal consolidated

Sign in to reply to this post
Did this help? Tips are appreciated...

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...