Access Check is not working as it should.

Okay, this is a little confusing but here it goes..

If I'm logged into the site (a site that is using Security Assist's user registration wizard) - it's all working fairly well except for some minor details.

When I logout - I can go to the login screen, log in, and everything is fine.

BUT if I go to the members page that requires the user to be a registered user - it sends me to the login screen (like it should) BUT it adds the "access check" page as the awaiting verification page that it sends people to if they try to login but are not verified yet. Instead of just logging them in and going to the main members page. Is that confusing?

So in other words - I log out. I go to the members page (instead of logging in first). It brings me to the login screen. I login, but instead of sending me back to the members page (which is where I originally tried to goto), it sends me to the "awaiting verification" page instead (as if I'm not verified - although I am). I can go to the members page by typing it in my browser though, so it does know that I have the proper access, it just thinks that I want to go to the awaiting verification page for some reason (which is the access denied page if they aren't a registered user).

It's setup this way because I have to manually verify all new user registrations. And until I change their user level to the appropriate level, if they try to login, and they aren't a verified user, it goes to the awaiting verification page which tells them they need to wait a little longer. For some reason, if someone goes straight to the members page, without logging in first (and even though they are verified), it sends them to the login page, they log in, but instead of going to the members page, they go to the awaiting verification page for some reason. There's something wrong with the logic.

Please send a copy of the login page so I can look at the code.

Here's the login page.

I'd also like to look at thye code on the awaiting verification and members pages please.

Sure - here they are.

Right, I see the problem:



On the memembers index page yu have the following code:

<?php require_once( "../WA_SecurityAssist/Helper_PHP.php" ); ?>

<?php

if (!WA_Auth_RulePasses("Verified Member")){

    WA_Auth_RestrictAccess("../awaiting_verification.php");

}

?>

this checks if they are a verified member and sends them to the awaiting_verification.php page.


they are not logged in, so they cant be a verified member either ;)


on the awaiting_verification.php page you have the following:

?php

if (!WA_Auth_RulePasses("Logged in to users")){

    WA_Auth_RestrictAccess("users_LogIn.php");

}

?>

they are not logged in so they are directed to the login page. Since the awaiting_verification.php page was the page that actyually sent them to the login page, it is page they get directed to.



on the members page, change the code:

<?php

if (!WA_Auth_RulePasses("Verified Member")){

    WA_Auth_RestrictAccess("../awaiting_verification.php");

}

?>

to:

?php

if (!WA_Auth_RulePasses("Logged in to users")){

    WA_Auth_RestrictAccess("../users_LogIn.php");

}

?>

But that will let anyone that registers into the members page, won't it? I only want verified members on that page.

OK, then use:
<?php
if (!WA_Auth_RulePasses("Verified Member")){
WA_Auth_RestrictAccess("../users_LogIn.php");
}
?>

Is it possible to have it so that registered but not verified users go to awaiting verification page?

You have to first check if the are loged in, the check if the are verified:

<?php

if (!WA_Auth_RulePasses("Logged in to users")){

    WA_Auth_RestrictAccess("../users_LogIn.php");

}

?>

<?php

if (!WA_Auth_RulePasses("Verified Member")){

    WA_Auth_RestrictAccess("../awaiting_verification.php");

}

?>