close ad
Install the LAtest Updates to Work with CC 2017 and CC 2018
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

all log ins fail

Thread began 10/06/2009 9:23 pm by dean248377 | Last modified 10/08/2009 7:26 pm by Jason Byrnes | 1264 views | 7 replies |

dean248377

all log ins fail

What would cause all log ins to fail?

Both the registration page and log in page are encrypted.

Users were created after the encrytion was applaied.

no errors reported but the url says this: MySite.com/no_access.php?accesscheck=%2Fadmin%2Fadmin_home.php

here is the log in script.

<?php require_once("../WA_SecurityAssist/WA_SHA1Encryption.php"); ?>
<?php require_once('../Connections/reservations2.php');?>
<?php require_once( "../WA_SecurityAssist/Helper_PHP.php" ); ?><?php
if($_SERVER["REQUEST_METHOD"] == "POST"){
$WA_Auth_Parameter = array(
"connection" => $reservations2,
"database" => $database_reservations2,
"tableName" => "users",
"columns" => explode($WA_Auth_Separator,"UserName".$WA_Auth_Separator."UserPassword"),
"columnValues" => explode($WA_Auth_Separator,"".((isset($_POST["username"]))?$_POST["username"]:"") ."".$WA_Auth_Separator."".WA_SHA1Encryption(((isset($_POST["userpassword"]))?$_POST["userpassword"]:"")) .""),
"columnTypes" => explode($WA_Auth_Separator,"text".$WA_Auth_Separator."text"),
"sessionColumns" => explode($WA_Auth_Separator,"UserId".$WA_Auth_Separator."UserLevel".$WA_Auth_Separator."UserName"),
"sessionNames" => explode($WA_Auth_Separator,"UserId".$WA_Auth_Separator."users_UserLevel".$WA_Auth_Separator."UserName"),
"successRedirect" => "admin_home.php",
"failRedirect" => "no_access.php",
"gotoPreviousURL" => FALSE,
"keepQueryString" => TRUE
);

WA_AuthenticateUser($WA_Auth_Parameter);
}
?>

Sign in to reply to this post

Jason ByrnesWebAssist

In your Users table make sure that the password column is set to hold 40 characters.

The encryption uses an SHA1 hash which is a 40 character string.

If the password column cannot hold 40 characters, the hash will be truncated when stored in the database.

Sign in to reply to this post

dean248377

It is, I even set it higher just incase.

Sign in to reply to this post

Jason ByrnesWebAssist

Take a look in the live database. Is the password being stored in encrypted format?

Double check that the registration page has been modified to store the password using SHA1 encryption.

if you still having problems, add the registration page to a zip file and attach that zip file with your reply.

Sign in to reply to this post

dean248377

Yes the passwords are encrypted in the database. here is the page.

Just anote, everything works until you add the restricted pages behavior. then all the log ins fail.

dean

Attached Files
users_Registration.zip
Sign in to reply to this post

Jason ByrnesWebAssist

OK, I see, if ot fails after adding the restricted page behavior, can you send a page with the restriction applies that does not work and the WA_SecurityAssist/HelperGroupsRulesPHP.php file so I can see what rule you are applying and how that rule is created.

Sign in to reply to this post

dean248377

here are the files

Attached Files
as u asked.zip
Sign in to reply to this post

Jason ByrnesWebAssist

OK, I see the problem now:


the login page is set to store the value in the UserLevel column in a session variable named "users_UserLevel":

php:
"sessionColumns" => explode($WA_Auth_Separator,"UserId".$WA_Auth_Separ ator."UserLevel".$WA_Auth_Separator."UserName"),

"sessionNames" => explode($WA_Auth_Separator,"UserId".$WA_Auth_Separ ator."users_UserLevel".$WA_Auth_Separator."UserNam e"),





in the admin and users rule that you have created, you are referencing a session variable named "UserLevel":

php:
case "admin and users":

            $comparisons[0] = array(TRUE, "".((isset($_SESSION['UserLevel']))?$_SESSION['UserLevel']:"")  ."", 20, "admin and users");
            break;





you either need to change the login page to create the session variable as "UserLevel" or change the admin and users rule to use the "users_UserLevel" session variable that is currently being crated.

Sign in to reply to this post

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...