Skip to main content
A
Anonymous
July 31, 2009
Question

Page restriction and connecting users

  • July 31, 2009
  • 2 replies
  • 900 views

Hi all!

I'm working on a admin section of a web site using Dreamweaver CS3.

I did follow a tutorial regarding connecting user and protecting the admin page of my site.

Altrought I think I did it correctly, I'm having a problem...

The login page work fine, When I testing with a bad user name and password, It does send the user to a page to ask him/her to retry login.

When I'm putting on the good user name and a password, all it does is reload the login page, unless I remove the protection on the admin page, if  I do that, it work ok, so I asume the problem is on the admin page I'm trying to protect. Any help?

[Moved to the Dreamweaver Application Development forum by moderator]

This topic has been closed for replies.

2 replies

A
Anonymous
August 3, 2009

> When I'm putting on the good user name and a password, all it does is reload the login page

Does the username and password u mentioned above is belong to an administrator or any registered users?

A
Anonymous
August 4, 2009

User name and password are in MySQL data base, without any particular right on the page.

A
Anonymous
August 5, 2009

Tht's the point. It is because u try to enter username and password that is not belong to admin. Okay, assuming u have two users in database with their own username and password but different privilege, admin and member respectively.

For login page, choose Server Behaviour > User Authentication > Log In User and choose restrict access based on "Username, password and access level" and select appropriate access level column in database.

For restriction page, choose Server Behaviour > User Authentication > Restrict Access to Page. Select "Username,password and access level". Define the access level that can access this page (click Define and click plus sign to add). For example, if u want only admin that can access the page, add and select 'admin' only. If u want both for admin and member, define both and select both (in Select level(s) field).

DwFAQ
DwFAQ
Participating Frequently
July 31, 2009

The problem is with your login SB. Enter the URL in the appropriate field where the users goes upon successful login. Without code examples one is left to speculate.

A
Anonymous
August 2, 2009

Hi, sorry, but does "SB" mean? I'm working with a french version of DWCS3....

Anyways, I did set up to page link to the adm page correctly...here is the code of the login page:

<?php require_once('Connections/retemq.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
  $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;   
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['User'])) {
  $loginUsername=$_POST['User'];
  $password=$_POST['Password'];
  $MM_fldUserAuthorization = "";
  $MM_redirectLoginSuccess = "admin/liste.php";
  $MM_redirectLoginFailed = "index2.php";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_retemq, $retemq);
 
  $LoginRS__query=sprintf("SELECT `User`, Password FROM login WHERE `User`=%s AND Password=%s",
    GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));
  
  $LoginRS = mysql_query($LoginRS__query, $retemq) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
     $loginStrGroup = "";
   
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;     

    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices