Skip to main content
D
derjaan
Inspiring
July 11, 2009
Question

Log In User behaviour issue

  • July 11, 2009
  • 1 reply
  • 1331 views

So I created a couple of pages for some sort of web admin part of a website so other persons can also add content. I created a table in PMA where DW CS3 gets the username and password. When creating the log in form, after trying to log in, it just keeps coming the same page. After the 'index.php' page, the user should be redirectered to the 'overview.php' page but no luck and beats me really why DW won't make this happen. Please see below for my code.

<?php require_once('../Connections/dbconnect.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['user'])) {
  $loginUsername=$_POST['user'];
  $password=$_POST['pass'];
  $MM_fldUserAuthorization = "";
  $MM_redirectLoginSuccess = "overview.php";
  $MM_redirectLoginFailed = "index.php";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_dbconnect, $dbconnect);
  
  $LoginRS__query=sprintf("SELECT `user`, pass FROM admins WHERE `user`=%s AND pass=%s",
    GetSQLValueString($loginUsername, "-1"), GetSQLValueString($password, "text")); 
   
  $LoginRS = mysql_query($LoginRS__query, $dbconnect) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
     $loginStrGroup = "";
    
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;           

    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];     
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>

All the other pages have the restricted access page behaviour, maybe something to do with that? Thanks for your time.

J.

This topic has been closed for replies.

1 reply

A
Anonymous
July 13, 2009

As what I can see, u also restrict the page by using privilege. Are u sure that u have set the correct privilege? For example if u want that page is only accessible for administrator and member, then u need to choose both privileges, not only administrator. Check the 'Restrict Access to Page' from Server Behaviour.

D
derjaanAuthor
Inspiring
July 13, 2009

Thanks for your answer, I'm afraid though I does not really help me further. In the screenshot attached, you see the log in user behaviour screen you get in DW CS3. I filled it out like I thought it should be, in vain so it seems. It does ask for acces based on username and password though there's no option to turn this off. This index.php page should be accessible to anyone though only people who have a username and password should be able to login. Do I maybe have to delete pieces of the code? On all the other pages, there is a restrict access page based on username and password.

A
Anonymous
July 14, 2009

So in overview.php page, did u restrict the page based on username and password only? If u done that, then it should be okay though.

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices