all log ins fail

What would cause all log ins to fail?

Both the registration page and log in page are encrypted.

Users were created after the encrytion was applaied.

no errors reported but the url says this: MySite.com/no_access.php?accesscheck=%2Fadmin%2Fadmin_home.php

here is the log in script.

<?php require_once("../WA_SecurityAssist/WA_SHA1Encryption.php"); ?>
<?php require_once('../Connections/reservations2.php');?>
<?php require_once( "../WA_SecurityAssist/Helper_PHP.php" ); ?><?php
if($_SERVER["REQUEST_METHOD"] == "POST"){
$WA_Auth_Parameter = array(
"connection" => $reservations2,
"database" => $database_reservations2,
"tableName" => "users",
"columns" => explode($WA_Auth_Separator,"UserName".$WA_Auth_Separator."UserPassword"),
"columnValues" => explode($WA_Auth_Separator,"".((isset($_POST["username"]))?$_POST["username"]:"") ."".$WA_Auth_Separator."".WA_SHA1Encryption(((isset($_POST["userpassword"]))?$_POST["userpassword"]:"")) .""),
"columnTypes" => explode($WA_Auth_Separator,"text".$WA_Auth_Separator."text"),
"sessionColumns" => explode($WA_Auth_Separator,"UserId".$WA_Auth_Separator."UserLevel".$WA_Auth_Separator."UserName"),
"sessionNames" => explode($WA_Auth_Separator,"UserId".$WA_Auth_Separator."users_UserLevel".$WA_Auth_Separator."UserName"),
"successRedirect" => "admin_home.php",
"failRedirect" => "no_access.php",
"gotoPreviousURL" => FALSE,
"keepQueryString" => TRUE
);

WA_AuthenticateUser($WA_Auth_Parameter);
}
?>

In your Users table make sure that the password column is set to hold 40 characters.

The encryption uses an SHA1 hash which is a 40 character string.

If the password column cannot hold 40 characters, the hash will be truncated when stored in the database.

It is, I even set it higher just incase.

Take a look in the live database. Is the password being stored in encrypted format?

Double check that the registration page has been modified to store the password using SHA1 encryption.

if you still having problems, add the registration page to a zip file and attach that zip file with your reply.

Yes the passwords are encrypted in the database. here is the page.

Just anote, everything works until you add the restricted pages behavior. then all the log ins fail.

dean

OK, I see, if ot fails after adding the restricted page behavior, can you send a page with the restriction applies that does not work and the WA_SecurityAssist/HelperGroupsRulesPHP.php file so I can see what rule you are applying and how that rule is created.

here are the files

OK, I see the problem now:


the login page is set to store the value in the UserLevel column in a session variable named "users_UserLevel":

"sessionColumns" => explode($WA_Auth_Separator,"UserId".$WA_Auth_Separ ator."UserLevel".$WA_Auth_Separator."UserName"),

"sessionNames" => explode($WA_Auth_Separator,"UserId".$WA_Auth_Separ ator."users_UserLevel".$WA_Auth_Separator."UserNam e"),

in the admin and users rule that you have created, you are referencing a session variable named "UserLevel":

case "admin and users":

            $comparisons[0] = array(TRUE, "".((isset($_SESSION['UserLevel']))?$_SESSION['UserLevel']:"")  ."", 20, "admin and users");

            break;

you either need to change the login page to create the session variable as "UserLevel" or change the admin and users rule to use the "users_UserLevel" session variable that is currently being crated.