Log In User behaviour issue

Report · Jul 11, 2009

So I created a couple of pages for some sort of web admin part of a website so other persons can also add content. I created a table in PMA where DW CS3 gets the username and password. When creating the log in form, after trying to log in, it just keeps coming the same page. After the 'index.php' page, the user should be redirectered to the 'overview.php' page but no luck and beats me really why DW won't make this happen. Please see below for my code.

<?php require_once('../Connections/dbconnect.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['user'])) {
  $loginUsername=$_POST['user'];
  $password=$_POST['pass'];
  $MM_fldUserAuthorization = "";
  $MM_redirectLoginSuccess = "overview.php";
  $MM_redirectLoginFailed = "index.php";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_dbconnect, $dbconnect);
  
  $LoginRS__query=sprintf("SELECT `user`, pass FROM admins WHERE `user`=%s AND pass=%s",
    GetSQLValueString($loginUsername, "-1"), GetSQLValueString($password, "text")); 
   
  $LoginRS = mysql_query($LoginRS__query, $dbconnect) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
     $loginStrGroup = "";
    
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;           

    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];     
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>

All the other pages have the restricted access page behaviour, maybe something to do with that? Thanks for your time.

J.

Report · Jul 13, 2009

As what I can see, u also restrict the page by using privilege. Are u sure that u have set the correct privilege? For example if u want that page is only accessible for administrator and member, then u need to choose both privileges, not only administrator. Check the 'Restrict Access to Page' from Server Behaviour.

In Response To Deleted User · Jul 13, 2009

Thanks for your answer, I'm afraid though I does not really help me further. In the screenshot attached, you see the log in user behaviour screen you get in DW CS3. I filled it out like I thought it should be, in vain so it seems. It does ask for acces based on username and password though there's no option to turn this off. This index.php page should be accessible to anyone though only people who have a username and password should be able to login. Do I maybe have to delete pieces of the code? On all the other pages, there is a restrict access page based on username and password.

In Response To derjaan · Jul 13, 2009

So in overview.php page, did u restrict the page based on username and password only? If u done that, then it should be okay though.

In Response To Deleted User · Jul 14, 2009

<?php
if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 

  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) { 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 
    } 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) { 
      $isValid = true; 
    } 
    if (($strUsers == "") && true) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}

$MM_restrictGoTo = "index.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) 
  $MM_referrer .= "?" . $QUERY_STRING;
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}
?>

This is the code from the overview.php page. Basically I just opened the page, added the server behaviour 'restrict access'. Because I did not change anything in the code, I'm more confused why it doesn't work at all...

EDIT: thanks for the help again

Message was edited by: derjaan

In Response To derjaan · Jul 15, 2009

This is a bug that was in CS3 and is still in CS4. See this post:

http://forums.adobe.com/thread/452821

Ed

In Response To EdP21 · Jul 15, 2009

So I made the change to the edml file as said in the topic you pointed me and still no luck. I deleted all the behaviours on the pages in question and re-instated them but still, redirecting to the index.php page.

EDIT: maybe important add, when testing locally, the login form automatically fills in localhost as user and a password, might has got something to do with it?

EDIT 2: so I added the name attribute to the user and password field and then when clicking submit, it returns an entered username (here: entree) error

Unknown column 'entree' in 'where clause'

<form ACTION="<?php echo $loginFormAction; ?>" method="POST" id="utdlogin" name="webadmin">
<label for="username">Gebruikersnaam:</label>
<input type="text" id="username" name="user" />
<label for="pas">Paswoord:</label>
<input type="password" id="pas" name="pass" />
<label for="done"> </label>
<input type="submit" value="Inloggen" />
</form>