Forums

This topic is locked

Server Behaviors -> Restrict access to page

Posted 31 May 2006 23:40:17
1
has voted
31 May 2006 23:40:17 Andrew A-P posted:
I have two pages that require a login. the first page being catalog.php (for normal users) and admincatalog.php (for administrative editing) both pages are set to restrict access unless logged in. in fact, if you type catalog.php in the address bar, you will end up at customerlogin.php and you must log in. then and only then after successfully logging in, iyou are redirected to catalog.php. Same exact setup with admincatalog.php. The main difference is that the user names and passwords on the mysql server it will allow in are in two different tables of the database and there is not any duplicates (meaning I do not have a test account on the adminlogin but I do on the catalog).

I understand this is PHP code in a dreamweaver forum and maybe one of you know enough php to help but I thought it may be a dreamweaver problem. I also think it could be a session or cookie problem.

Here is the code DW generated after I restricted access to the page

<?php
session_start();
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
// For security, start by assuming the visitor is NOT authorized.
$isValid = False;

// When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
// Therefore, we know that a user is NOT logged in if that Session variable is blank.
if (!empty($UserName)) {
// Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
// Parse the strings into arrays.
$arrUsers = Explode(",", $strUsers);
$arrGroups = Explode(",", $strGroups);
if (in_array($UserName, $arrUsers)) {
$isValid = true;
}
// Or, you may restrict access to only certain users based on their username.
if (in_array($UserGroup, $arrGroups)) {
$isValid = true;
}
if (($strUsers == "" && true) {
$isValid = true;
}
}
return $isValid;
}

$MM_restrictGoTo = "customerlogin.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {
$MM_qsChar = "?";
$MM_referrer = $_SERVER['PHP_SELF'];
if (strpos($MM_restrictGoTo, "?") $MM_qsChar = "&";
if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
$MM_referrer .= "?" . $QUERY_STRING;
$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
header("Location: ". $MM_restrictGoTo);
exit;
}
?>

I noticed the "session start" at the top. would it work to stop session when you exit the page? or is this a different problem alltogether

Replies

Replied 01 Jun 2006 12:07:07
01 Jun 2006 12:07:07 Roddy Dairion replied:
With dreamweaver you have to set on each page the users that have access to it.
Replied 02 Feb 2008 18:30:27
02 Feb 2008 18:30:27 oliver knights replied:
<BLOCKQUOTE id=quote><font size=1 face="Verdana, Arial, Helvetica" id=quote>quote:<hr height=1 noshade id=quote>
With dreamweaver you have to set on each page the users that have access to it.
<hr height=1 noshade id=quote></BLOCKQUOTE id=quote></font id=quote><font face="Verdana, Arial, Helvetica" size=2 id=quote>

Replied 02 Feb 2008 18:30:49
02 Feb 2008 18:30:49 oliver knights replied:
<BLOCKQUOTE id=quote><font size=1 face="Verdana, Arial, Helvetica" id=quote>quote:<hr height=1 noshade id=quote>
With dreamweaver you have to set on each page the users that have access to it.
<hr height=1 noshade id=quote></BLOCKQUOTE id=quote></font id=quote><font face="Verdana, Arial, Helvetica" size=2 id=quote>

how do you do this

Replied 02 Feb 2008 19:58:59
02 Feb 2008 19:58:59 Alan C replied:
I'm not familiar with restricting access with DW, but in my home-grown method I have a session variable in a similar way, it means that I have to put some php at the top of each page that I want to control access to, this code looks like this . . .

<pre id=code><font face=courier size=2 id=code>if($session-&gt;logged_in){

}
</font id=code></pre id=code>

it was all based on code I found at www.evolt.org/PHP-Login-System-with-Admin-Features it might be worth taking a look at that and seeing if the basic ideas transfer across to your system

Reply to this topic