Access rule with third condition not working.

9/20/2017 7:51 am | #1 s.joiner74419001

trying to add a secure page behaviour to a page, which in the past has been a simple process, but currently I am unable to get this to work.
I have created a login system manually ( not using WA Create Security Pages ) which I have done before with no issues.

The problem seems to be when I want to add a third condition to the access rule.

If i use the access rule that has two conditions such as:

case "logged in to registered_apps":
$comparisons[0] = array(TRUE, "".((isset($_SESSION['acc_id']))?$_SESSION['acc_id']:"") ."", 2, "");
$comparisons[1] = array(TRUE, "".((isset($row_rsCurrentUser['email_verified']))?$row_rsCurrentUser['email_verified']:"") ."", 1, "1");

this works fine.

But the particular page I am wanting to secure needs a third condition which checks the database to see if the ’status’ column in the database has a value of ‘Consolidation’. If it doesn’t then it redirects to a different page.

so the access rule would be as as follows:

case "Logged in and Consolidation":
$comparisons[0] = array(TRUE, "".((isset($_SESSION['acc_id']))?$_SESSION['acc_id']:"") ."", 2, "");
$comparisons[1] = array(TRUE, "".((isset($row_rsCurrentUser['email_verified']))?$row_rsCurrentUser['email_verified']:"") ."", 1, "1");
$comparisons[2] = array(TRUE, "".((isset($row_rsCurrentUser['status']))?$row_rsCurrentUser['status']:"") ."", 1, "Consolidation");

So on the page I’m wanting to secure would be the following:

<?php
if (!WA_Auth_RulePasses("Logged in and Consolidation")){
WA_Auth_RestrictAccess("consent-list.php");
}
?>

I've attached relevant pages..

Thanks in advance!

9/20/2017 8:59 am | #3 Ray BorduinWebAssist

You shouldn't be referencing the recordset directly in rules. You should instead save the recordset values as session variables during login and then use the session variable in the rule. I think that is probably the source of the problem.

Did this help? Tips are appreciated...

9/21/2017 4:00 am | #4 s.joiner74419001

I’ve tried what you suggested but it still isn’t working for me.

I have added two session values to the ‘Authenticate user’ behaviour. which are ‘email_verified’ and ‘status’.

A successful login directs to the ‘consent-consolidation.php’ page, which uses the following rule:

case "Logged in and Consolidation":
$comparisons[0] = array(FALSE, "".((isset($_SESSION['acc_id']))?$_SESSION['acc_id']:"") ."", 1, "");
$comparisons[1] = array(TRUE, "".((isset($_SESSION['email_verified']))?$_SESSION['email_verified']:"") ."", 1, "1");
$comparisons[2] = array(FALSE, "".((isset($_SESSION['status']))?$_SESSION['status']:"") ."", 1, "Consolidated");
break;

... in a secure page behaviour, if it fails it redirects to the ‘consent-list.php’ page.

So basically if a user logs in and their ‘status’ value is ‘Consolidation’ then they get access to the ‘consent-consolidation.php’ page. if their ‘status’ value is ‘Consolidated’ they get redirected to the ‘consent-list.php’ page.

But it doesn’t!!

mayne this isn’t the best way for me to achieve my goal. To put it in simple terms..

When the user logs in, if their ‘status’ value is ‘consolidation’ i want them to stay on the ‘consent-consolidation.php’ page. If their ’status’ value is ‘Consolidated’ they get redirected to the ‘consent-list.php’ page.

I’ve attached the pages as they are. Plus they are on the remote test site ( see post #2 for access ).

Thanks in advance.

9/21/2017 9:52 am | #5 Ray BorduinWebAssist

So if I'm reading this right, you have a rule set up:

Restrict if $_SESSION['acc_id'] = 1
Allow if $_SESSION['email_verified'] = 1
Restrict if $_SESSION['status'] = Consolidated

The way this works is it reads down the list but once something is allowed or restricted it doesn't read any further.

So if $_SESSION['acc_id'] equals 1 it will fail the validation and won't go any further.

If $_SESSION['acc_id'] does not equal Consolidated then it will go to the next line and Allow if $_SESSION['email_verified'] equals 1. If it does than it will allow and won't read the next line.

So if you want to restrict solely on the basis of the status, you should create a separate rule and only check that value.

Did this help? Tips are appreciated...

9/21/2017 11:57 am | #6 s.joiner74419001

OK so I'm a bit confused now..

So I need the page to be accessed by logged in users only, so 'acc_id' and 'emailVerified' is checked. Then I need to check on the 'status' value. if it's 'consolidation' then its accessed. If its 'consolidated' then the user is redirected to another page ( consent-list.php )

So how can I achieve these two goals?

9/21/2017 12:16 pm | #7 Ray BorduinWebAssist

Restrict if $_SESSION['acc_id'] does not equal 1
Restrict if $_SESSION['email_verified'] does not equal 1
Restrict if $_SESSION['status'] does not equal consolidated

Did this help? Tips are appreciated...

Email me with all replies to this thread

Title:

Public Message: (viewable by anyone reading this thread)
(do not cut and paste code into this field unless necessary, attach copies of your pages so they can be opened in Dreamweaver for debugging)

Type in the characters exactly as displayed below - if you don't complete the Captcha correctly you will get a blank page, so you may want to copy the text of your message before you submit!

Quote message in reply?

Private Message: (viewable only by you, the person you are replying to, and WebAssist employees)
(only put truly private information in this area such as ftp details and phone numbers. Keep as much of your post public as possible)

These attachments are private (viewable only by you, the person you are replying to, and WebAssist employees)

Manage Attachments

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

Access rule with third condition not working.

9/20/2017 7:51 am | #1 s.joiner74419001