Skip to main content
B
BrianNardone
Inspiring
April 19, 2009
Answered

Pass URL parameters PAST the Login page

  • April 19, 2009
  • 1 reply
  • 2184 views

I am sending a link in an email to associates that will take them to a page with a Restrict Access SB on it. The Restrict Access server behavior redirects them to the login page; that works fine. The login page also functions perfectly well.

But, the link in the email has two URL parameters on it, the purpose of which is so that when the associate gets to the destination page after logging in, those parameters will filter the recordset and extract the information specific to the individual and their contract.

Problem: the URL parameters seem to get TO the page with the Restrict Access SB on it (because they show up in the URL) and they also show up in the URL of the Login.php page. But when I actually hit ‘submit’ and log in, they don’t carry past that point to the destination page, thus no information from the data table shows up in the contract. I have tried every conceivable combination of record sets and GET’s and whatnot and I cannot get this seemingly simple problem solved.

Is there something unique in the Login or Restrict Access SB’s that strips the URL of the parameters?
If so, how do I overcome that?

If that can’t be overcome, how do I use the Session variables created by the Login transaction to extract the information from the data table?

This topic has been closed for replies.
Correct answer David_Powers

Interesting question. I have studied the code in the Restrict Access to Page and think that's where the problem lies. What puzzles me is that you say the variables are preserved in the query string. They're not. The only thing that's in the query string is the page to which the user is to be redirected after logging in. Fortunately, the fix is simple.

Locate the following section in the Restrict Access to Page code:

if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) 
  $MM_referrer .= "?" . $QUERY_STRING;
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}

Change all instances of $QUERY_STRING to $_SERVER['QUERY_STRING'] like this:

if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0) 
  $MM_referrer .= "?" . $_SERVER['QUERY_STRING'];
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}

The query string should now be preserved intact when the user is redirected to the original page.

I'll report this problem to Adobe.

By the way, you can use Find and Replace to change all instances of $QUERY_STRING to $_SERVER['QUERY_STRING']. If you're feeling ambitious, though, you can fix this problem by editing the configuration file that builds the code for the Restrict Access to Page. In CS4 on Windows, the file you need to edit is C:\Program Files\Adobe\Adobe Dreamweaver CS4\configuration\ServerBehaviors\PHP_MySQL\RestrictAccess_main.edml. It will be in a similar location in the Applications folder in a Mac. Just change all instances of $QUERY_STRING to $_SERVER['QUERY_STRING'].

1 reply

David_Powers
David_PowersCorrect answer
Inspiring
April 19, 2009

Interesting question. I have studied the code in the Restrict Access to Page and think that's where the problem lies. What puzzles me is that you say the variables are preserved in the query string. They're not. The only thing that's in the query string is the page to which the user is to be redirected after logging in. Fortunately, the fix is simple.

Locate the following section in the Restrict Access to Page code:

if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) 
  $MM_referrer .= "?" . $QUERY_STRING;
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}

Change all instances of $QUERY_STRING to $_SERVER['QUERY_STRING'] like this:

if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0) 
  $MM_referrer .= "?" . $_SERVER['QUERY_STRING'];
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}

The query string should now be preserved intact when the user is redirected to the original page.

I'll report this problem to Adobe.

By the way, you can use Find and Replace to change all instances of $QUERY_STRING to $_SERVER['QUERY_STRING']. If you're feeling ambitious, though, you can fix this problem by editing the configuration file that builds the code for the Restrict Access to Page. In CS4 on Windows, the file you need to edit is C:\Program Files\Adobe\Adobe Dreamweaver CS4\configuration\ServerBehaviors\PHP_MySQL\RestrictAccess_main.edml. It will be in a similar location in the Applications folder in a Mac. Just change all instances of $QUERY_STRING to $_SERVER['QUERY_STRING'].

B
BrianNardoneAuthor
Inspiring
April 19, 2009

Do you remember how Charles M. Schultz would draw Snoopy when he was

dancing; nose high in the air, little more than a smile and happy feet? That’s

how I felt when I realized that THE David Powers, the author of my FAV code

book of all time had answered my question. It is the most coffee-stained

book that I own; you can extrapolate all good things from that.

As to the reason I said that the “variables are preserved in the query

string”, they only appeared after I messed around with the code and changed

the

“$MM_restrictGoTo = "../Farsi_URA/Login_Translator.php";”

to:

$MM_restrictGoTo = "../Farsi_URA/Login_Translator.php?Film_ID=&FilmTitle=";

etc

(I used various means to get them in there, including <?php echo $_GET…

?> and others too so I can’t remember which of them worked the

best.

I also tried to do this with the code written by the tick box for “go to

Previous URL if it exists” but that simply eliminated all reference to any

URL params.

Believe me, it took some messing around to do it, but they showed up in

Login page URL so they must have been sent there by the original destination

page with the Restrict Access SB.

Funny thing though, though I could get the ?Film_ID= and FilmTitle= to

show up in the URL, they would show up looking like this:

?Film_ID={GET.Film_ID}&FilmTitle={GET.FilmTitle}

or

?Film_ID={$row_rsTransAgreement['Film_ID'])&FilmTitle={$row_rsTransAgreement['FilmTitle'])…

rather than ?Film_ID=2&FilmTitle=Molly’s Dog. Despite hours of rearranging

things, nothing worked.

Odd.

Your recommendation worked perfectly except for… ( I’m sure you’ve already

spotted my next question: )

Where do I add the stripslashes to remove the apostrophe in Molly’s? When

I remove it manually in the URL, the record set filters perfectly; with it

in there nothing appears.

and thank you David!

Brian

David_Powers
David_Powers
Inspiring
April 19, 2009
Do you remember how Charles M. Schultz would draw Snoopy when he was

dancing; nose high in the air, little more than a smile and happy feet?

Yes, I used to have a Snoopy sweatshirt with that on the front. On the back, it said, "I must start acting more sensibly... tomorrow".

Where  do I add the stripslashes to remove the apostrophe in Molly’s?   When

I remove it manually in the URL, the record set filters perfectly; with it

in there nothing appears.

Don't understand. You don't use stripslashes() to remove apostrophes. You use it to remove backslashes inserted if magic quotes are switched on. Not only that, but Dreamweaver's GetSQLValueString() function handles all that for you automatically (assuming you're using DW 8.0.2 or later).

I have been using a simple test setup to check everything. In the protected page, I have the following conditional statement:

<?php 
if (isset($_GET['film'])) {
     echo $_GET['film'];
}
?>

When I try to access that page without logging in, using the following URL success_redirect.php?film=Molly's, I'm sent to the login page. After logging in, that conditional statement displays the following if magic quotes are ON:

Molly\'s

If magic quotes are off, it displays

Molly's

You shouldn't need to remove the apostrophe for a database search. The GetSQLValueString() function removes the backslash if magic quotes are on, and then wraps the value in mysql_real_escape_string() to make sure it's escaped properly for the database.

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices