If postman does support retaining the session variables. Then when a person authenticates, they would get redirected to this page with restricted access:
<?php require_once('Connections/sdpc_i.php'); ?>
<?php require_once('webassist/mysqli/authentication.php'); ?>
<?php require_once('webassist/mysqli/rsobj.php');
error_reporting(E_ALL);
ini_set('display_errors', 1);?>
<?php
if ("" == "") {
$RestrictAccess = new WA_MySQLi_Auth();
$RestrictAccess->Action = "restrict";
$RestrictAccess->Name = "sdpc_login";
$RestricAccessRedirect = "error.php";
if (function_exists("rel2abs")) $RestricAccessRedirect = $RestricAccessRedirect?rel2abs($RestricAccessRedirect,dirname(__FILE__)):"";
$RestrictAccess->FailRedirect = $RestricAccessRedirect;
$RestrictAccess->execute();
}?>
<?php
include_once("db_connect.php");
$page = 1;
if(!empty($_GET['page'])) {
$page = filter_input(INPUT_GET, 'page', FILTER_VALIDATE_INT);
if(false === $page) {
$page = 1;
}
}
$items_per_page = 50;
$offset = ($page - 1) * 50;
$sql2 = "SELECT *, t1.districtID as thedistrict, t1.statusID as statusID_final, t1.agreement_typesID as agtype from ((SELECT dataID, districtID, softwareID, agreement_typesID, signed_agreement_file, statusID, date_approved, date_expired, year, grade_level, content_area, declined_reasoning, originator, data.softwareID as code1, data.districtID as code FROM data) t1 JOIN (Select districtID, district_name, state, account_status, tec_member from districts) t9 on (t1.code = t9.districtID) LEFT JOIN (SELECT *, addendums_data.addendumID as selected_addendum FROM addendums_data) t2 On (t1.dataID = t2.dataID) LEFT JOIN (SELECT * from addendums) t7 on (t2.addendumID = t7.addendumID) LEFT JOIN (Select agreement_typesID, public, agreement_name, state from agreement_types) t4 on (t1.agreement_typesID = t4.agreement_typesID) LEFT JOIN (Select * from status) t5 on (t1.statusID = t5.statusID) LEFT JOIN (SELECT district_data_elements.districtID as code3, district_data_elements.softwareID as code2, GROUP_CONCAT(element_name SEPARATOR ', ') as data_list from district_data_elements LEFT JOIN data_elements on data_elements.data_elementID = district_data_elements.data_elementID GROUP BY district_data_elements.softwareID) t3 On (t1.code1 = t3.code2) LEFT JOIN (SELECT softwareID, company_name,software_name from software) t6 on (t1.code1 = t6.softwareID)) Where (t5.public = 'Yes' or t4.public = 'Yes') GROUP by t1.dataID ORDER BY t9.district_name ASC";
$result = mysqli_query($conn, $sql2) or die("database error:". mysqli_error($conn));
if(false === $result) {
throw new Exception('Query failed with: ' . mysqli_error());
} else {
$row_count = mysqli_num_rows($result);
// free the result set as you don't need it anymore
mysqli_free_result($result);
}
$page_count = 0;
if (0 === $row_count) {
// maybe show some error since there is nothing in your table
} else {
// determine page_count
$page_count = (int)ceil($row_count / $items_per_page);
// double check that request page is in range
if($page > $page_count) {
// error to user, maybe set page to 1
$page = 1;
}
}
header("Content-Type:application/json");
if ("".($_GET['verify']) ."" == "T") { // WebAssist Show If
$state=$_GET['verify'];
$items = getItems($state, $conn);
if(empty($items) and "".($_GET['verify']) ."" == "T") {
jsonResponse(200,"There is no data found.",NULL);
} else {
jsonResponse(200,"Data Found",$items);
}
} else {
jsonResponse(400,"This is an Invalid Request or the url has not been verified correctly",NULL);
}
function jsonResponse($status,$status_message,$data) {
header("HTTP/1.1 ".$status_message);
$response['status']=$status;
$response['status_message']=$status_message;
$response['data']=$data;
$json_response = json_encode($response);
echo $json_response;
}
// set the number of items to display per page
function getItems($state, $conn) {
// determine page number from $_GET
$page = 1;
if(!empty($_GET['page'])) {
$page = filter_input(INPUT_GET, 'page', FILTER_VALIDATE_INT);
if(false === $page) {
$page = 1;
}
}
$items_per_page = 50;
$offset = ($page - 1) * 50;
$sql = "SELECT *, t1.districtID as thedistrict, t1.statusID as statusID_final, t1.agreement_typesID as agtype from ((SELECT dataID, districtID, softwareID, agreement_typesID, signed_agreement_file, statusID, date_approved, date_expired, year, grade_level, content_area, declined_reasoning, originator, data.softwareID as code1, data.districtID as code FROM data) t1 JOIN (Select districtID, district_name, state, account_status, tec_member from districts) t9 on (t1.code = t9.districtID) LEFT JOIN (SELECT *, addendums_data.addendumID as selected_addendum FROM addendums_data) t2 On (t1.dataID = t2.dataID) LEFT JOIN (SELECT * from addendums) t7 on (t2.addendumID = t7.addendumID) LEFT JOIN (Select agreement_typesID, public, agreement_name, state from agreement_types) t4 on (t1.agreement_typesID = t4.agreement_typesID) LEFT JOIN (Select * from status) t5 on (t1.statusID = t5.statusID) LEFT JOIN (SELECT district_data_elements.districtID as code3, district_data_elements.softwareID as code2, GROUP_CONCAT(element_name SEPARATOR ', ') as data_list from district_data_elements LEFT JOIN data_elements on data_elements.data_elementID = district_data_elements.data_elementID GROUP BY district_data_elements.softwareID) t3 On (t1.code1 = t3.code2) LEFT JOIN (SELECT softwareID, company_name,software_name from software) t6 on (t1.code1 = t6.softwareID)) Where (t5.public = 'Yes' or t4.public = 'Yes') GROUP by t1.dataID ORDER BY t9.district_name ASC LIMIT " . $offset . "," . $items_per_page;"";
$resultset = mysqli_query($conn, $sql) or die("database error:". mysqli_error($conn));
$data = array();
while( $rows = mysqli_fetch_assoc($resultset) ) {
$data[] = $rows;
}
return $data;
}
Does this code look right to recognize the authentication? Or do I need to add something like: $_SESSION[“sdpc_login”] = $Username