login redirect issue. failed not working

ok i will add this and get back to you as the problem is very difficult to replicate it seems to happen when i have logged into another page

thanks

ok i have found problem, its happens when i  log into the admin section of the site, if i log into the admin area first then go to the main site and make a purchase it thinks this is the same session then loads the page but obviuosly has no user details

In that case, you probably don't need to do anything because a genuine customer won't also be logged in as admin. However, you could change the login and restrict access server behaviors to use an access level. Alternatively, use a different session variable to identify either customers or admins.

>>>However, you could change the login and restrict access server behaviors to use an access level

can you give me an idea on what i need to do to acheive this?

>>>> Alternatively, use a different session variable to identify either customers or admins.

again what would i need to do?

Both the Log In User and Restrict Access to Page server behavior dialog boxes have a radio button that allows you to restrict access based on username and password, or on username, password, and access level. You need to specify the access level in the database.

If you're using Dreamweaver server behaviors for login, everyone is identified as $_SESSION["MM_Username"]. If you want to use a different session variable for administrators, you would need to identify them as $_SESSION['admin'] or something similar. However, this would involve writing your own login script. It sounds as though you probably don't have the knowledge to do so. In that case, I would recommend the first approach.

ok thanks

This post was partly resolved but i have some issue, it is rather old but i really hope someone can help

I tried your suggestion of using the restrict access based on level. it works to a certain extent. what is not happening is when the user logs in or is already logged in, the recordset needs to be identified by the session

but none of the information from the recordset is now showing i presume this is due to the wrong variable settings

$colname_rsCustomer = "1";

if (isset($_SESSION["MM_UserAuthorization"])) {

  $colname_rsCustomer = $_SESSION["MM_UserAuthorization"];

}

mysql_select_db($database_lotties, $lotties);

$query_rsCustomer = sprintf("SELECT * FROM LOTTIE_customers WHERE CustomerID = %s", GetSQLValueString($colname_rsCustomer, "int"));

$rsCustomer = mysql_query($query_rsCustomer, $lotties) or die(mysql_error());

$row_rsCustomer = mysql_fetch_assoc($rsCustomer);

$totalRows_rsCustomer = mysql_num_rows($rsCustomer);

i have a column in the database called access and with the following values "user"

the code for restricting the user

// *** Restrict Access To Page: Grant or deny access to this page

$FF_authorizedUsers=" user";

$FF_authFailedURL="login.php";

$FF_grantAccess=0;

if (!session_id()) session_start();

if (isset($_SESSION['priorUrl'])) session_unregister("priorUrl");

if (isset($_SESSION["MM_Username"])) {

  if (false || !(isset($_SESSION["MM_UserAuthorization"])) || $_SESSION["MM_UserAuthorization"]=="" || strpos($FF_authorizedUsers, $_SESSION["MM_UserAuthorization"])) {

    $FF_grantAccess = 1;

  }

}

if (!$FF_grantAccess) {

  $priorUrl = "http://".$_SERVER['_HOST'].$_SERVER['SCRIPT_NAME'];

  if (isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING'] != "") $priorUrl .= "?".$_SERVER['QUERY_STRING'];

  $_SESSION['priorUrl'] = $priorUrl;

  session_register("priorUrl");

  $FF_qsChar = "?";

  if (strpos($FF_authFailedURL, "?")) $FF_qsChar = "&";

  $FF_referrer = "Restricted Area";

  $FF_authFailedURL = $FF_authFailedURL . $FF_qsChar . "accessdenied=" . urlencode($FF_referrer);

  header("Location: $FF_authFailedURL");

  exit;

}

thanks in advance