Ask a Question related to Dreamweaver AppDev, Design and Development.
-
Vinny4979 #1
PHP - Restrict Accesss Behavior
Afternoon everyone... So, I've created a simple User Login procedure using PHP
and a MySQL Database. Login.php - contains a form with a UN/PW text boxes and
a submit button. I applied the DW 'Log In User' behavior to the page. The
behavior checks against the MySQL Database using UN, PW, and Access Level. The
MySQL 'Test' database contains one 'user' table, which contains three UN, PW,
and ACCESS_LEVEL colums. Welcome.php - contains a simple Welcome message and
the DW 'Restrict Access' behavior. I've defined two access levels 'GADM' -
Global Administrator and 'LADM' - Local Administrator and allow access to both
GADM and LADM. If access is denied the user is directed to 'Fail.php'.
Fail.php - a simple .PHP page that the user goes to if they are no granted
access to the page, with a link back to Login.php For some reason this login
procedure works fine on a PC but fails on my development MAC. Is there
something I'm missing here? I've scoured over the procedure and it simple
doesn't work on my Mac. I've adjusted security settings on the several
different browsers on both the PC and MAC and that doesn't seem to have any
effect. The procedure for creating a user login seems simple but I can't
figure out why this would work on one system and not the other. I've attached
the code for Login.php and Welcome.php. Any assistance would be appreciated!
/****************************/
/* LOGIN.PHP */
/****************************/
<?php require_once('Connections/con_test.php'); ?>
<?php
// *** Validate request to login to this site.
session_start();
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {
$GLOBALS['PrevUrl'] = $accesscheck;
session_register('PrevUrl');
}
if (isset($_POST['username'])) {
$loginUsername=$_POST['username'];
$password=$_POST['password'];
$MM_fldUserAuthorization = "ACCESS";
$MM_redirectLoginSuccess = "welcome.php";
$MM_redirectLoginFailed = "fail.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_con_test, $con_test);
$LoginRS__query=sprintf("SELECT UN, PW, ACCESS FROM users WHERE UN='%s' AND
PW='%s'",
get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername),
get_magic_quotes_gpc() ? $password : addslashes($password));
$LoginRS = mysql_query($LoginRS__query, $con_test) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = mysql_result($LoginRS,0,'ACCESS');
//declare two session variables and assign them
$GLOBALS['MM_Username'] = $loginUsername;
$GLOBALS['MM_UserGroup'] = $loginStrGroup;
//register the session variables
session_register("MM_Username");
session_register("MM_UserGroup");
if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>
</head>
<body>
<form action="<?php echo $loginFormAction; ?>" method="POST" name="frmLogin"
id="frmLogin">
<table width="450" border="0" cellspacing="2" cellpadding="2">
<tr>
<td width="106">User Name: </td>
<td width="330"><input name="username" type="text" id="username"></td>
</tr>
<tr>
<td>Password:</td>
<td><input name="password" type="text" id="password"></td>
</tr>
<tr>
<td> </td>
<td><input name="login" type="submit" id="login" value="Login!"></td>
</tr>
</table>
</form>
</body>
</html>
/****************************/
/* WELCOME.PHP */
/****************************/
<?php
//initialize the session
session_start();
// ** Logout the current user. **
$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){
$logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
//to fully log out a visitor we need to clear the session varialbles
session_unregister('MM_Username');
session_unregister('MM_UserGroup');
$logoutGoTo = "login.php";
if ($logoutGoTo) {
header("Location: $logoutGoTo");
exit;
}
}
?>
<?php
$MM_authorizedUsers = "GADM,LADM";
$MM_donotCheckaccess = "false";
// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
// For security, start by assuming the visitor is NOT authorized.
$isValid = False;
// When a visitor has logged into this site, the Session variable
MM_Username set equal to their username.
// Therefore, we know that a user is NOT logged in if that Session variable
is blank.
if (!empty($UserName)) {
// Besides being logged in, you may restrict access to only certain users
based on an ID established when they login.
// Parse the strings into arrays.
$arrUsers = Explode(",", $strUsers);
$arrGroups = Explode(",", $strGroups);
if (in_array($UserName, $arrUsers)) {
$isValid = true;
}
// Or, you may restrict access to only certain users based on their
username.
if (in_array($UserGroup, $arrGroups)) {
$isValid = true;
}
if (($strUsers == "") && false) {
$isValid = true;
}
}
return $isValid;
}
$MM_restrictGoTo = "fail.php";
if (!((isset($_SESSION['MM_Username'])) &&
(isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'],
$_SESSION['MM_UserGroup'])))) {
$MM_qsChar = "?";
$MM_referrer = $_SERVER['PHP_SELF'];
if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
$MM_referrer .= "?" . $QUERY_STRING;
$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" .
urlencode($MM_referrer);
header("Location: ". $MM_restrictGoTo);
exit;
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>
</head>
<body>
<p>This is a restricted page! WELCOME!</p>
<p> </p>
<p><a href="<?php echo $logoutAction ?>">Logout</a> </p>
</body>
</html>
Vinny4979 Guest
-
Restrict access by ip
I have an ASP page that I want to allow access from only from a certain block of address, can someone get me started? -
restrict characters
in the action script i create //allowed character var restrict_:String = "a-z,A-Z,0-1,!,@,$,%,^,*,(,),,{,},;,\',\",/,\\,-,.,+,|, ,,"; and in... -
restrict access behavior not working
Thanks, I had this problem and I was due to Zone Alarm blocking.. Thanks Joolz -
TextField.restrict
How to make the entry to accept only "+" sign. -
Restrict teen
How do you restrict a teen from adult sites? -
Felix1 #2 Re: PHP - Restrict Accesss Behavior
I don't know if the codeyou posted appear in the same way on your page, but
first of all you must remove any comments, space and empty lines between php
tags. Example: <?php require_once('Connections/con_test.php'); ?> <?php // ***
Validate request to login to this site. session_start();
...................................... .................................. ?>
Otherwise php stop running at the first non php code that encounters. Felix
[email]webmaster@felixone.it[/email] [url]http://www.felixone.it[/url]
Felix1 Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
