Issues with creating Login User

Hi,

I have installed MySQLI server behavior but now I cant create a Login User. My username and password are not being checked. The system just logs me in even when there is no password. My password is MD5 but nothing is checked. Even when I enter wrong Username, I am still logged in.

Below is the code generated by MySQLi Login User

<?php
$Authenticate = new WA_MySQLi_Auth($RMConferenceDBMS);
$Authenticate->Action = "authenticate";
$Authenticate->Trigger = ($_SERVER["REQUEST_METHOD"] === "POST");
$Authenticate->Name = "Admin";
$Authenticate->Table = "admin_login";
$Authenticate->addFilter("user_name", "=", "s", "".($rsAdmin->getColumnVal("user_name")) ."");
$Authenticate->addFilter("password", "=", "s", "".($rsAdmin->getColumnVal("password")) ."");
$Authenticate->addFilter("level", "=", "s", "".($rsAdmin->getColumnVal("level")) ."");
$Authenticate->storeResult("user_name", "user_name");
$Authenticate->storeResult("password", "password");
$Authenticate->storeResult("level", "level");
$Authenticate->RememberMe = (false);
$Authenticate->SaveLogin = (false);
$Authenticate->AutoReturn = false;
$SuccessRedirect = "dashboard.php";
$FailedRedirect = "loginfailadm.php";
if (function_exists("rel2abs")) $SuccessRedirect = $SuccessRedirect?rel2abs($SuccessRedirect,dirname(__FILE__)):"";
if (function_exists("rel2abs")) $FailedRedirect = $FailedRedirect?rel2abs($FailedRedirect,dirname(__FILE__)):"";
$Authenticate->SuccessRedirect = $SuccessRedirect;
$Authenticate->FailRedirect = $FailedRedirect;
$Authenticate->execute();
?>

Please how do I correct this.

Than

Hi Ray,

I made some modification based on a response from one of the post and its now working. I removed the recordset and changed the Find Record attributes as seen below.

However, I want the system to automatically check the access level as it used to be in the Dreamweaver. I done want users to select their level. In this attached form, I added an inout box for level but I dont want it so. How do I set that so the page checks the Username, Password and Level from the backend

<?php
$Authenticate = new WA_MySQLi_Auth($RMConferenceDBMS);
$Authenticate->Action = "authenticate";
$Authenticate->Trigger = ($_SERVER["REQUEST_METHOD"] === "POST");
$Authenticate->Name = "Admin";
$Authenticate->Table = "admin_login";
$Authenticate->addFilter("user_name", "=", "s", "".((isset($_POST["user_name"]))?$_POST["user_name"]:"") ."");
$Authenticate->addFilter("password", "=", "s", "".((isset($_POST["password"]))?md5($_POST["password"]):"") ."");
$Authenticate->addFilter("level", "=", "s", "".((isset($_POST["level"]))?$_POST["level"]:"") ."");
$Authenticate->storeResult("user_name", "user_name");
$Authenticate->storeResult("password", "password");
$Authenticate->storeResult("level", "level");
$Authenticate->RememberMe = (false);
$Authenticate->SaveLogin = (true);
$Authenticate->AutoReturn = false;
$SuccessRedirect = "dashboard.php";
$FailedRedirect = "loginfailadm.php";
if (function_exists("rel2abs")) $SuccessRedirect = $SuccessRedirect?rel2abs($SuccessRedirect,dirname(__FILE__)):"";
if (function_exists("rel2abs")) $FailedRedirect = $FailedRedirect?rel2abs($FailedRedirect,dirname(__FILE__)):"";
$Authenticate->SuccessRedirect = $SuccessRedirect;
$Authenticate->FailRedirect = $FailedRedirect;
$Authenticate->execute();
?>

You can change this line to something like:

$Authenticate->addFilter("level", "=", "s", "1");

You only want users with a certain access level to be able to log in? That would only allow people to log in if their user level is set to 1 in the database.

Originally Said By: Ray Borduin

  You can change this line to something like:

$Authenticate->addFilter("level", "=", "s", "1");

You only want users with a certain access level to be able to log in? That would only allow people to log in if their user level is set to 1 in the database.  

Yes Users with certain access level but there are about 5 different access levels. How can I set them.

Adding "1" will only show they have access level but not the different levels

Repeat the authentication code for each access type giving each their own name to reflect the level of access you are filtering for.

Leave the fail redirect blank for all but the last on that appears on the page so that the next one will check after the one before fails down the line.

The other option is to use DataBridge instead of MySQLi Server Behaviors. That would allow you to save the access group as a session variable during login and then define access rules based on the session variable value instead of using separate authentication server behaviors.