Page restriction and connecting users

Report · Jul 31, 2009

Hi all!

I'm working on a admin section of a web site using Dreamweaver CS3.

I did follow a tutorial regarding connecting user and protecting the admin page of my site.

Altrought I think I did it correctly, I'm having a problem...

The login page work fine, When I testing with a bad user name and password, It does send the user to a page to ask him/her to retry login.

When I'm putting on the good user name and a password, all it does is reload the login page, unless I remove the protection on the admin page, if I do that, it work ok, so I asume the problem is on the admin page I'm trying to protect. Any help?

[Moved to the Dreamweaver Application Development forum by moderator]

Report · Jul 31, 2009

The problem is with your login SB. Enter the URL in the appropriate field where the users goes upon successful login. Without code examples one is left to speculate.

In Response To DwFAQ · Aug 02, 2009

Hi, sorry, but does "SB" mean? I'm working with a french version of DWCS3....

Anyways, I did set up to page link to the adm page correctly...here is the code of the login page:

<?php require_once('Connections/retemq.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
}
return $theValue;
}
}
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['User'])) {
$loginUsername=$_POST['User'];
$password=$_POST['Password'];
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "admin/liste.php";
$MM_redirectLoginFailed = "index2.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_retemq, $retemq);

$LoginRS__query=sprintf("SELECT `User`, Password FROM login WHERE `User`=%s AND Password=%s",
    GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));

$LoginRS = mysql_query($LoginRS__query, $retemq) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
     $loginStrGroup = "";

    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;

    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
    }
    header("Location: " . $MM_redirectLoginSuccess );
}
else {
    header("Location: ". $MM_redirectLoginFailed );
}
}
?>

Report · Aug 02, 2009

> When I'm putting on the good user name and a password, all it does is reload the login page

Does the username and password u mentioned above is belong to an administrator or any registered users?

In Response To Deleted User · Aug 04, 2009

User name and password are in MySQL data base, without any particular right on the page.

In Response To Deleted User · Aug 04, 2009

Tht's the point. It is because u try to enter username and password that is not belong to admin. Okay, assuming u have two users in database with their own username and password but different privilege, admin and member respectively.

For login page, choose Server Behaviour > User Authentication > Log In User and choose restrict access based on "Username, password and access level" and select appropriate access level column in database.

For restriction page, choose Server Behaviour > User Authentication > Restrict Access to Page. Select "Username,password and access level". Define the access level that can access this page (click Define and click plus sign to add). For example, if u want only admin that can access the page, add and select 'admin' only. If u want both for admin and member, define both and select both (in Select level(s) field).