Give script access to restricted pages

Report · Jul 23, 2006

I need to provide a search function within the Members section of a large, dynamically-generated site. I am trying to use Sphider for this purpose, but the product is not set up for password protected pages.

I took a look at the Sphider code and it seemed like it would be an easy fix. I went into the main authorization file and set the standard DW session variables (MM_Username and MM_UserGroup) to an appropriate username and access level. I also made sure that all the sub-files had "session_start". I know the session variables are correct because I added echo statements in Sphider to test them.

Every time I run the indexing script the password protected pages kick the script out as not logged in.

Any suggestions welcome!

Report · Jul 24, 2006

Still hoping some of you PHP experts can point me in the right direction! : )

Report · Jul 24, 2006

You need to enable that on the server.

"glwm" <webforumsuser@macromedia.com> wrote in message
news:ea35a5$ihc$1@forums.macromedia.com...
> Still hoping some of you PHP experts can point me in the right direction!
> : )

Report · Jul 24, 2006

Thanks so much for replying!

Unfortunately I haven't the foggiest idea what that means.

Could you give more specifics?

Report · Aug 27, 2006

I'm still struggling with this one.

Could anyone help a non-programmer understand what it means to "enable that on the server"?

Thanks!

Report · Aug 28, 2006

glwm wrote:
> I need to provide a search function within the Members section of a large,
> dynamically-generated site. I am trying to use Sphider for this purpose, but
> the product is not set up for password protected pages.

You would probably get better help from Sphider support or a Sphider
user group.

> Every time I run the indexing script the password protected pages kick the
> script out as not logged in.

I have never even heard of Sphider and haven't studied your code in
detail, but the following line in the Sphider authorization file is
what's causing your problem:

> if (isset($_POST['user']) && isset($_POST['pass'])) {

The $_POST array is not persistent. It passes values to a script when a
form is submitted, but unless you preserve those values in some way,
such as by creating session variables, they are thrown away. Since
$_POST['user'] and $_POST['pass'] are unset, the Sphider authentication
block is ignored.

--
David Powers
Adobe Community Expert
Author, "Foundation PHP for Dreamweaver 8" (friends of ED)
http://foundationphp.com/

Report · Aug 28, 2006

Hi David,

Thanks for trying to help me out!

quote:

You would probably get better help from Sphider support or a Sphider
user group.

Yup. That's the first place I went but no luck. The developer intoned that this feature was not available and that was the end of that thread...

quote:

I have never even heard of Sphider and haven't studied your code in
detail, but the following line in the Sphider authorization file is
what's causing your problem:

> if (isset($_POST['user']) && isset($_POST['pass'])) {

The $_POST array is not persistent. It passes values to a script when a
form is submitted, but unless you preserve those values in some way,
such as by creating session variables, they are thrown away. Since
$_POST['user'] and $_POST['pass'] are unset, the Sphider authentication
block is ignored.

I can see why it looks like the problem, but it is not. The POST line above refers to the Sphider login. The user id and password that relate to my Members Only pages are session variables (see a few lines down in the code).

Ah well. Back to the drawing board.

Again, thanks for trying to help!

Report · Aug 28, 2006

glwm wrote:
> I can see why it looks like the problem, but it is not. The POST line above
> refers to the Sphider login. The user id and password that relate to my
> Members Only pages are session variables (see a few lines down in the code).

It is the problem because your session variables are inside the
conditional block controlled by the $_POST variables. Since the $_POST
variables don't exist, your session variables are never read.

--
David Powers
Adobe Community Expert
Author, "Foundation PHP for Dreamweaver 8" (friends of ED)
http://foundationphp.com/

Report · Aug 28, 2006

Hi David,

I am SO not a programmer and I know you are beyond an expert, so I feel a little strange disagreeing

, but...

The "if" statement is part of the original code and so are the first two session variables. I just added the 3rd and 4th session variables.

The $_POST variables DO exist because this file is included in the admin page and this generates the login for Sphider.

Also I am echoing the session variables that I added and they are correct.

I appreciate your help, but since I have only given you part of the picture I know it's hard. Maybe I'll go back to the Sphider forum and see if I can get someone there to try to work with me.

Many thanks!

Grace

Report · Aug 28, 2006

glwm wrote:
> The $_POST variables DO exist because this file is included in the admin page
> and this generates the login for Sphider.
>
> Also I am echoing the session variables that I added and they are correct.

OK. That clarifies that. From what I understand, you are still being
shown the Sphider login form towards the end of the script.

I suspect that what's happening is that this line is not working:

header("Location: admin.php");

This function, which redirects you to admin.php, will not work if any
output is sent to the browser. So echoing the session variables while
testing will prevent the page from being redirected. Normally, you would
see a "headers already sent" error message, but that is being suppressed
by this line:

error_reporting(E_ERROR | E_PARSE);

To clean up your script, you should remove the second call to
session_start(). You should also add exit(); after the call to header():

header("Location: admin.php");
exit();

--
David Powers
Adobe Community Expert
Author, "Foundation PHP for Dreamweaver 8" (friends of ED)
http://foundationphp.com/

Report · Aug 28, 2006

Actually my problem is not that I stall on the sign-in screen. It is that the password protected pages are not indexed even though I have session variables (that I have verified) that SHOULD pass the DW Restrict Access Code.

I don't have duplicate session starts. Those are two different sets of code. One showing the DW resticted access code on each of my pages and the other showing the Sphider file where I hardcode the session variables to allow the program to index the restricted pages.

It seems like it should work to me. I did a search for code that destroyed the session at some point in the Sphider process and came up empty there.

I came up with a temporary workaround while I keep plugging at the real problem. I am going to move all the restrict access code into an include file (where it should have been from the start, but I was too green to know...) and then comment out the restrict access code in order to index the site each time. Messy, but it gets the job done.

grace

Report · Aug 28, 2006

glwm wrote:
> Actually my problem is not that I stall on the sign-in screen. It is that the
> password protected pages are not indexed even though I have session variables
> (that I have verified) that SHOULD pass the DW Restrict Access Code.

Actually, Grace, your problem lies in your failure to explain your
problem in clear language. What do you mean by the pages not being indexed?

> I don't have duplicate session starts. Those are two different sets of code.

That's precisely what I mean by your failure to explain things in clear
language. Yes, they are different sets of code, but if they're being
used on the same page or one of them is an include, you have two calls
to session_start(). If they're on separate pages, you should make the
relationship between them clear.

Working with PHP or any other server-side language needs clear thinking.
Once you achieve that, your problem can probably be sorted out very quickly.

--
David Powers
Adobe Community Expert
Author, "Foundation PHP for Dreamweaver 8" (friends of ED)
http://foundationphp.com/

Report · Aug 28, 2006

I find your response completely out of line.

Read my original post.

I explain that I am attempting to provide a search function for password protected pages and using an outside package for that purpose.

I explained the changes I made to the package to allow it access to a site that is restricted using the Dreamweaver standard restrict access code.

I provided both the DW code and the search engine code and labelled each accordingly.

Indexing refers to the process a search engine goes through when crawling the site and identifying keywords. Again, this was discussed in my original post.

You don't know me and you have no right to make a personal attack on me, my ability to communicate or my ability think logically.

I made every attempt to communicate clearly. Perhaps some of the blame lies in reading too quickly and thinking you know what the problem is without reading carefully.

I am not a programmer and have made that clear. If my word choice was off at times, I apologize. But isn't the purpose of this forum to help not to insult?

Report · Aug 29, 2006

glwm wrote:
> I find your response completely out of line.

I'm sorry you feel that way.

> Read my original post.

I have read it many times.

> You don't know me and you have no right to make a personal attack on me, my
> ability to communicate or my ability think logically.

I'm sorry if you took it as a personal attack, but you're asking for
help about incorporating non-standard code into Dreamweaver code. You
admit yourself that you got zero help from the developer of Sphider.
After posting here, you received only one, unhelpful response in five
days. So I decided to come to your assistance. I have devoted a
considerable amount of my personal time to trying to help you. It's a
pity that I wasn't able to solve your problem.

> I am not a programmer and have made that clear. If my word choice was off at
> times, I apologize. But isn't the purpose of this forum to help not to insult?

Of course, the purpose is to help. What do you think I've been trying to
do for the past 24 hours or so? However, you admit yourself that you're
not a programmer. If that's the case, perhaps you should consider hiring
one or subcontracting the programming aspects of your work to one. Six
days have passed since you first posted your question. If you're doing
this on a professional basis, your time could be more profitably spent
doing something that you are an expert at.

This is a user-to-user Dreamweaver forum (I am not an Adobe employee and
I don't receive any payment for the help I give in this and other
forums). Help is usually willingly given for common problems or ones
that people like myself find an interesting challenge. However, nobody
here *owes* you an answer.

--
David Powers
Adobe Community Expert
Author, "Foundation PHP for Dreamweaver 8" (friends of ED)
http://foundationphp.com/