close ad
Databridge V2 with MySQLi support IS Now Available!
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

Can't undestand how Access Rules work

Thread began 1/07/2019 10:37 am by tony | Last modified 1/07/2019 12:38 pm by Ray Borduin | 20 views | 3 replies |

tony

Can't undestand how Access Rules work

Hello all,
Happy New Year, first of all.
I just cannot understand how the Security Assist Access Rules work.
I simply would like to show an error message when the user try to log-in but I'm not able to set the Access Rule correctly.

Here what I have done:

I created the login form and added the 'Security assist authenticate user' sb. It works.
If the user enters the correct credentials it is redirected to the success page.

But when the user enters wrong credentials or he is not registered nor activated, no errors are displayed.

If I use the Security Assist > "show region" sb I'm asked to use an access rule.

But where can I get a clue on how to create an access rule from scratch?
I'm trying to understand them using the online help but it only explains the various dialog boxes I'm facing.
There are no real uses examples.
Is there a tutorial specific for undestanding access rules?

I thank you in advance for any suggestion or help.

Tony

Sign in to reply to this post

Ray BorduinWebAssist

In the failed redirect, add a url parameter like: "user_login.php?failed"

Then you can display a message based on that value existing using the Utility Server Behavior for "Show Region IF"

The trigger would be:

php:
<?php (isset($_GET["fail"])?"1":""?>



Or you could just add the simple IF statement by hand like:

php:
<?php

if (isset($_GET["fail"])) {
?>
Your login credentials were not correct, please try again.
<?php
}


?>

You could use security assist rules and the security assist show if server behavior for this, but it is so simple it is probably overkill. You would use the same concept though and create a rule to allow if the URL Parameter "fail" exists and name the rule and then use that rule for the display of the region on the page.

Sign in to reply to this post

tony

I begin to start to understand.
I added some URL parameter to the "Security Assist Authenticate user" and now I can show an error message when the user enters wrong credentials.

Now I need to show a message that warn the user that try to login without having activated his account before.

But how can I build an access rule for this?

In the "Security Assist Authenticate user" dialog box I check both email, password and activation together.
Is this right?
I could easily add a message that says that the user entered wrong credentials or he has not activated his account yet, but I don't thing this is a polite solution (even if it works).

Have I to do something else to manage this kind of access rule?

Here is the complete steps the user do:
1- the user registers in the registration page; it will be redirected to a succesfull registered user page where he can read a message says he need to check the email to activate his account;
2- the user click the email contained in the email and he is redirected to a specific activation page; here the user table is updated and then the user can click a link to go to the login page.
3- but what to do with a user that try to login without having activated his account yet?

TIA
tony

Sign in to reply to this post

Ray BorduinWebAssist

I'd let them log in. Save the value of the "emailVerified" column in the session during login. Then you can create an access rule that checks the value of the "emailVerified" session variable of a logged in user.

On the restricted page you can add two restrict access server behaviors. The first one just checks if they are logged in and redirects to the login page with:
login.php?restrict

and the other that checks the value of the emailVerified and redirects to:
login.php?verify

That way you can show different messages based on how they got to the page.

Sign in to reply to this post

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...