Skip to main content
A
Anonymous
October 24, 2012
Question

problem with php restrict access to page()

  • October 24, 2012
  • 1 reply
  • 1279 views

Hi, i'm using dw cs5 for my website and using php for updating info in the database. However, I have a problem with the restict access to page() behaviour.

I have a login page which either takes me to the update info page or will take me to the "restricted" page. The problem is even with a successful login, I am taken to the 'restricted' page.

I shall paste the code in one of the update pages. Is there anything wrong in it?

<?php
if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
  // For security, start by assuming the visitor is NOT authorized.
  $isValid = False;

  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
  // Therefore, we know that a user is NOT logged in if that Session variable is blank.
  if (!empty($UserName)) {
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
    // Parse the strings into arrays.
    $arrUsers = Explode(",", $strUsers);
    $arrGroups = Explode(",", $strGroups);
    if (in_array($UserName, $arrUsers)) {
      $isValid = true;
    }
    // Or, you may restrict access to only certain users based on their username.
    if (in_array($UserGroup, $arrGroups)) {
      $isValid = true;
    }
    if (($strUsers == "") && true) {
      $isValid = true;
    }
  }
  return $isValid;
}

$MM_restrictGoTo = "login.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {  
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0)
  $MM_referrer .= "?" . $_SERVER['QUERY_STRING'];
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo);
  exit;
}
?>

This topic has been closed for replies.

1 reply

David_Powers
David_Powers
Inspiring
October 25, 2012

anb_newbie wrote:

I have a login page which either takes me to the update info page or will take me to the "restricted" page. The problem is even with a successful login, I am taken to the 'restricted' page.

How do you know the login is successful? If you're taken to the restricted page, it means that the login failed.

There doesn't appear to be anything wrong with the code you posted here. Possible reasons for the failure include getting the username or password wrong (they're usually case-sensitive). It's also possible that sessions haven't been enabled on your server, or that PHP can't write to the directory where sessions are stored.

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices