close ad
Databridge V2 with MySQLi support IS Now Available!
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

SecurityAssist Allow if 2 Conditions

Thread began 10/24/2009 12:16 am by dlovas275157 | Last modified 10/24/2009 2:52 pm by anonymous | 1904 views | 7 replies |

dlovas275157

SecurityAssist Allow if 2 Conditions

I would only like users to gain access if they meet the following two criteria:

userLevel column = 2
userActivity column = 1

I understand how to setup an "allow if" statement restricting access based on 1 of these, but cannot seem to stack 2 allow if's to restrict on both.

How can I go about restricting access based on 2 database fields.

Sign in to reply to this post

anonymous

The first thing to do is to create session values for each upon user authentication.

Then go into your rules manager and create a new rule. Then in your new rule, use the dialogue box to compare the value in the session to your entered value to make sure the user has the correct credentials.

The rules access manager has a "+" button that will allow you to add as many conditions as you like.

Cheers,

Brian

Sign in to reply to this post

dlovas275157

Brian,

Thanks for the response. I have done as you has stated.

I have created session variables for the following:

userLevel
userActivity

I have then created rules as follows:

Rule Name: Admin
Allow if <?php echo $_SESSION['userActivity']; ?> = 1
Allow if <?php echo $_SESSION['userLevel']; ?> = 2

Rule Name: User
Allow if <?php echo $_SESSION['userActivity']; ?> = 1
Allow if <?php echo $_SESSION['userLevel']; ?> = 1

The rules work fine when I just have the userLevel in the conditions, but when I stack the allow if statements to add userActivity they fail to work. Access is denied for all when testing.

Are you not allowed to stack "allow if" statements? If not how should I phrase it.

Thanks.

Sign in to reply to this post

anonymous

Yes... you shouldn't have any issue.

I wonder, then, if UserActivity session is getting truly set.

On the page that it is supposed to work on, can you echo out the session.UserActivity above the HTML and see what comes up. My guess is that it is not getting set properly.

I ran into a similar issue when I created an "active" column in one of my user DBs... since we know the User Level appears to work, I have a feeling this a problem with the other session variable.

After you echo the other session, let me know your findings. (you may need to remove the access rules for the time being).

Cheers,

Brian

Sign in to reply to this post

dlovas275157

Brian,

My session variables were set correctly. It seems you cannot stack two "allow if" statements. If you do this it appears to let in users when either of the two individual conditions are true (as opposed to both true - which was what i wanted). In your experience is this true?

To fix, i had to do as follows:
restrict if
<?php echo $_SESSION['userActivity']; ?> = 0

Then underneath (had to be below the restrict if statement for some reason)
allow if
<?php echo $_SESSION['userLevel']; ?> = 2

All seems to be working properly now.

Sign in to reply to this post

anonymous

Yes... that is the correct way... nice work.

Actually that is the correct logic to deny all rules you wish to restrict against first - because if your allow statement is first, it will become "true" before the other statements actually would be factored in. And if you want to ensure that a user has all of the credentials needed and not just one... you first would try to negate all others and then confirm the final.

You could even add another layer of protection to an admin section.

Say for example, you set your default access level in your database to "user". But you wanted to ensure your admin section required the credentials of active and admin. You could create a rule set where you first restrict if their account is not active (set to 0)... then restrict if their access level is set to user... then allow if their access level is set to admin.

Maybe a bit over the top, but there is no way that someone gets in by accident.

Cheers,

Brian

Sign in to reply to this post

dlovas275157

Brian,

Thanks for the added advice. I will probably add that for the admin users as you stated. That logic actually makes more sense to me.

Establishing User Levels and Authentication in WA seems a bit more complicated than it was in ADDT, but I just need to get used to it and better understand the logic.

Appreciate it. DL

Sign in to reply to this post

anonymous

It is a bit more complicated on the surface... as I am an ADDT owner, as well, I know exactly what you're talking about.

But, I do love the added flexibility - where you can combine several rules to make groups... something that ADDT wasn't as flexible in.

For example, you may have four levels on a site, so you create rules like "user", "poweruser", "admin", and "superadmin".

Now, with WebAssist - after you create your various rules... you can though go to the groups manager to say, allow access to all admins by allowing anyone who meets the conditions of "admin" or "superadmin".

Or, you could add a group for all actives where it includes all four groups.

When I started creating super complex applications, I found WebAssist's model to be far superior. For a single quick project - the ADDT method was great - but the limitations of the ADDT method showed when you needed to couple groups together.

Cheers,

Brian

Sign in to reply to this post

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...