Restrict Access to Page (k)

Login Page:

<?php require_once('../Connections/databaseCONNECT.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "",
$theNotDefinedValue = "")
{
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

$theValue = function_exists("mysql_real_escape_string") ?
mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'"
: "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue :
$theNotDefinedValue;
break;
}
return $theValue;
}
}

mysql_select_db($database_databaseCONNECT, $databaseCONNECT);
$query_rsPassword = "SELECT * FROM usernamepassword";
$rsPassword = mysql_query($query_rsPassword, $databaseCONNECT) or
die(mysql_error());
$row_rsPassword = mysql_fetch_assoc($rsPassword);
$totalRows_rsPassword = mysql_num_rows($rsPassword);
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['Username'])) {
$loginUsername=$_POST['Username'];
$password=$_POST['Password'];
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "employment_listings.php";
$MM_redirectLoginFailed = "employment_login2.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_databaseCONNECT, $databaseCONNECT);

$LoginRS__query=sprintf("SELECT Username, Password FROM
usernamepassword WHERE Username=%s AND Password=%s",
GetSQLValueString($loginUsername, "text"),
GetSQLValueString($password, "text"));

$LoginRS = mysql_query($LoginRS__query, $databaseCONNECT) or
die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = "";

//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;

if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>




David Powers wrote:
> W. Kirk Lutz wrote:
>> Anybody? Bueller? Bueller?
>
> What controls access to the page is the PHP code, not the form. Without
> showing the PHP code that has been created, nobody can venture an answer.
>

W. Kirk Lutz wrote:
> Anybody? Bueller? Bueller?

What controls access to the page is the PHP code, not the form. Without
showing the PHP code that has been created, nobody can venture an answer.

--
David Powers, Adobe Community Expert
Author, "Foundation PHP for Dreamweaver 8" (friends of ED)
Author, "PHP Solutions" (friends of ED)
http://foundationphp.com/

Anybody? Bueller? Bueller?



W. Kirk Lutz wrote:
> Anybody?
>
> Session Support is enabled.
>
> I created a page(login.php) with a form with two fields to fill in:
> Username
> Password
> and a Submit button.
>
> Then I clicked on the form and selected the Server Behavior "Log In
> User" and filled it this way:
>
> Get input from form: form1
> Username field: Username
> Password field: Password
>
> Validate using connection: tableCONNECT (this table contains a username
> and password for comparison)
> Table: password
> Username column: Username
> Password column: Password
>
> If login succeeds, go to: listings.php
> If login fails, go to: login2.php
> Restrict access based on: [checked] Username and password
>
> Rest is greyed out in Dreamweaver.
>
> Here's the form code:
> <form ACTION="<?php echo $loginFormAction; ?>" method="POST"
> name="form1">
> <table border="0" align="center" cellpadding="4"
> cellspacing="0">
> <tr valign="baseline">
> <td nowrap align="right">ID_UsernamePassword:</td>
> <td><input type="hidden" name="ID_UsernamePassword"
> value="" size="32"></td>
> </tr>
> <tr valign="baseline">
> <td nowrap align="right"><div
> align="right">Username:</div></td>
> <td><input type="text" name="Username" value=""
> size="32"></td>
> </tr>
> <tr valign="baseline">
> <td nowrap align="right"><div
> align="right">Password:</div></td>
> <td><input type="password" name="Password" size="32"></td>
> </tr>
> <tr valign="baseline">
> <td nowrap align="right"> </td>
> <td><input type="submit" value="Login"></td>
> </tr>
> </table>
>
> </form>
>
>
> This appears to work, when I put in the right username and password it
> goes(briefly) to listings.php, if I put in the wrong username and
> password it goes to login2.php
>
> The problem is that listings.php immediately kicks the user out and back
> to login.php here are the listings.php settings for the Restrict Access
> To Page server behavior:
>
> Restrict based on: [checked] Username and password
>
> If access denied, go to: login.php
>
> Any idea whey this is?
>
> -Kirk
>
>
>
> W. Kirk Lutz wrote:
>> Any idea why the Restrict Access to Page isn't working?
>>
>> When I fill out the Username and Password it goes to the page, but
>> when this Server Behavior is on, it gets kicked out.
>>
>> Thoughts?
>>
>> -kirk
>>
>> David Powers wrote:
>>> W. Kirk Lutz wrote:
>>>> Session Support is Enabled, but session.auto_start is off. Should it
>>>> be on?
>>>
>>> No. All the settings there are fine. Sessions are definitely working
>>> on your setup.
>>>

Anybody?

Session Support is enabled.

I created a page(login.php) with a form with two fields to fill in:
Username
Password
and a Submit button.

Then I clicked on the form and selected the Server Behavior "Log In
User" and filled it this way:

Get input from form: form1
Username field: Username
Password field: Password

Validate using connection: tableCONNECT (this table contains a username
and password for comparison)
Table: password
Username column: Username
Password column: Password

If login succeeds, go to: listings.php
If login fails, go to: login2.php
Restrict access based on: [checked] Username and password

Rest is greyed out in Dreamweaver.

Here's the form code:
<form ACTION="<?php echo $loginFormAction; ?>" method="POST"
name="form1">
<table border="0" align="center" cellpadding="4"
cellspacing="0">
<tr valign="baseline">
<td nowrap align="right">ID_UsernamePassword:</td>
<td><input type="hidden" name="ID_UsernamePassword"
value="" size="32"></td>
</tr>
<tr valign="baseline">
<td nowrap align="right"><div
align="right">Username:</div></td>
<td><input type="text" name="Username" value=""
size="32"></td>
</tr>
<tr valign="baseline">
<td nowrap align="right"><div
align="right">Password:</div></td>
<td><input type="password" name="Password" size="32"></td>
</tr>
<tr valign="baseline">
<td nowrap align="right"> </td>
<td><input type="submit" value="Login"></td>
</tr>
</table>

</form>


This appears to work, when I put in the right username and password it
goes(briefly) to listings.php, if I put in the wrong username and
password it goes to login2.php

The problem is that listings.php immediately kicks the user out and back
to login.php here are the listings.php settings for the Restrict Access
To Page server behavior:

Restrict based on: [checked] Username and password

If access denied, go to: login.php

Any idea whey this is?

-Kirk



W. Kirk Lutz wrote:
> Any idea why the Restrict Access to Page isn't working?
>
> When I fill out the Username and Password it goes to the page, but when
> this Server Behavior is on, it gets kicked out.
>
> Thoughts?
>
> -kirk
>
> David Powers wrote:
>> W. Kirk Lutz wrote:
>>> Session Support is Enabled, but session.auto_start is off. Should it
>>> be on?
>>
>> No. All the settings there are fine. Sessions are definitely working
>> on your setup.
>>

Any idea why the Restrict Access to Page isn't working?

When I fill out the Username and Password it goes to the page, but when
this Server Behavior is on, it gets kicked out.

Thoughts?

-kirk

David Powers wrote:
> W. Kirk Lutz wrote:
>> Session Support is Enabled, but session.auto_start is off. Should it
>> be on?
>
> No. All the settings there are fine. Sessions are definitely working on
> your setup.
>

W. Kirk Lutz wrote:
> Session Support is Enabled, but session.auto_start is off. Should it be on?

No. All the settings there are fine. Sessions are definitely working on
your setup.

--
David Powers, Adobe Community Expert
Author, "Foundation PHP for Dreamweaver 8" (friends of ED)
Author, "PHP Solutions" (friends of ED)
http://foundationphp.com/

Session Support is Enabled, but session.auto_start is off. Should it be on?

-kirk


W. Kirk Lutz wrote:
> Okay, I'm in.
>
> Session Support enabled
> Registered save handlers files user mmcache
>
> Directive Local Value Master Value
> session.auto_start Off Off
> session.bug_compat_42 Off Off
> session.bug_compat_warn Off Off
> session.cache_expire 180 180
> session.cache_limiter nocache nocache
> session.cookie_domain no value no value
> session.cookie_lifetime 0 0
> session.cookie_path / /
> session.cookie_secure Off Off
> session.entropy_file no value no value
> session.entropy_length 0 0
> session.gc_divisor 100 100
> session.gc_maxlifetime 1440 1440
> session.gc_probability 1 1
> session.name PHPSESSID PHPSESSID
> session.referer_check no value no value
> session.save_handler files files
> session.save_path C:\php\sessions C:\php\sessions
> session.serialize_handler php php
> session.use_cookies On On
> session.use_only_cookies Off Off
> session.use_trans_sid Off Off
>
>
>
> David Powers wrote:
>> W. Kirk Lutz wrote:
>>> You are talking way above my knowledge level.
>>
>> If you're working with PHP, you need to learn the basics. Running
>> phpinfo() is one of the most elementary - and important - tasks in
>> understanding what your server is capable of.
>>
>> Put the following script in a page:
>>
>> <?php phpinfo(); ?>
>>
>> There should be nothing else in the page. No DOCTYPE, nothing. Upload
>> it to your remote site and load it in a browser. It will show you the
>> version of PHP and how it is configured. The information about
>> sessions is down towards the bottom of the page.
>>

Okay, I'm in.

Session Support enabled
Registered save handlers files user mmcache

Directive Local Value Master Value
session.auto_start Off Off
session.bug_compat_42 Off Off
session.bug_compat_warn Off Off
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 100 100
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path C:\php\sessions C:\php\sessions
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies Off Off
session.use_trans_sid Off Off



David Powers wrote:
> W. Kirk Lutz wrote:
>> You are talking way above my knowledge level.
>
> If you're working with PHP, you need to learn the basics. Running
> phpinfo() is one of the most elementary - and important - tasks in
> understanding what your server is capable of.
>
> Put the following script in a page:
>
> <?php phpinfo(); ?>
>
> There should be nothing else in the page. No DOCTYPE, nothing. Upload it
> to your remote site and load it in a browser. It will show you the
> version of PHP and how it is configured. The information about sessions
> is down towards the bottom of the page.
>

W. Kirk Lutz wrote:
> You are talking way above my knowledge level.

If you're working with PHP, you need to learn the basics. Running
phpinfo() is one of the most elementary - and important - tasks in
understanding what your server is capable of.

Put the following script in a page:

<?php phpinfo(); ?>

There should be nothing else in the page. No DOCTYPE, nothing. Upload it
to your remote site and load it in a browser. It will show you the
version of PHP and how it is configured. The information about sessions
is down towards the bottom of the page.

--
David Powers, Adobe Community Expert
Author, "Foundation PHP for Dreamweaver 8" (friends of ED)
Author, "PHP Solutions" (friends of ED)
http://foundationphp.com/

You are talking way above my knowledge level.

I sent an email to the host and asked if sessions were enabled. I
haven't heard back yet.

That sound like what is going on, only because I have done the exact
same thing for another client on another server and it worked fine.

I'll let you know what they say.

-kirk

David Powers wrote:
> W. Kirk Lutz wrote:
>> Dreamweaver's wrote this code on the page the login page jumps to
>> after login:
>>
>> //initialize the session
>> if (!isset($_SESSION)) {
>> session_start();
>> }
>
> Fine. That means you have the code for starting a session. However, you
> also need to check that your server supports sessions. Most do, but you
> can find out by running phpinfo(). Details of session support are very
> close to the bottom of the page. It needs to say Session support
> enabled. You also need to make sure that session.save_path points to a
> valid folder.
>