cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Exit
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
0
Upvote

Problem with user access level

pearl_jan
New Here ,
Jan 03, 2011 Jan 03, 2011

David,

I have so far succesfully implementend your tutorial on users registering and having to validate their emailaddress (both part I and II).

Part I: http://cookbooks.adobe.com/post_Registration_system_that_requires_the_user_to_vali-16646.html

Part II: http://cookbooks.adobe.com/post_Registration_system_that_requires_the_user_to_vali-16649.html

When creating a login form however, I don't get it to work based on the access level verified = y. The database is set up exactly as you described in the above tutorials.

This is the HTML for the log in form (index.php):

<form ACTION="<?php echo $loginFormAction; ?>" method="POST" id="logon">
<label for="user">Username</label>
<input type="text" id="user" name="username" />
<br />
<label for="pass">Password</label>
<input type="password" id="pass" name="password" />
<br />
<label for="done"> </label>
<input type="submit" value="Log On" />
</form>


Below the code that is found above the <html> tag in the index.php file:

<?php require_once('../Connections/conn.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['username'])) {
  $loginUsername=$_POST['username'];
  $password=$_POST['password'];
  $MM_fldUserAuthorization = "verified";
  $MM_redirectLoginSuccess = "overview.php";
  $MM_redirectLoginFailed = "index.php";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_conn, $conn);
       
  $LoginRS__query=sprintf("SELECT username, password, verified FROM users WHERE username=%s AND password=%s",
  GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); 
   
  $LoginRS = mysql_query($LoginRS__query, $conn) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
    
    $loginStrGroup  = mysql_result($LoginRS,0,'verified');
    
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;           

    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];     
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>

On the overview.php page, I applied the restrict access to page behaviour, which results in the following code:

<?php require_once('../Connections/conn.php'); ?>
<?php
if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "y";
$MM_donotCheckaccess = "false";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 

  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) { 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 
    } 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) { 
      $isValid = true; 
    } 
    if (($strUsers == "") && false) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}

$MM_restrictGoTo = "index.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) 
  $MM_referrer .= "?" . $QUERY_STRING;
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}
?>

Any idea/thoughts on what I'm not adding to the page in order to work?

TOPICS
Server side applications
1.4K
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 6 Replies 6
latest latest Jump to latest reply
David_Powers
LEGEND ,
Jan 03, 2011 Jan 03, 2011

Please start a new thread for a different question. I have branched this to keep it separate from the other issue.

The code looks fine. If it's not working, check the value of the verified column. Also check case-sensitivity.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
pearl_jan
New Here ,
Jan 03, 2011 Jan 03, 2011
In Response To David_Powers

Maybe a stupid question on the restrict acces box.

If you open that, you select the 2nd radio button username, password and access level. After which I click on Define. In that dialog box, I enter a name (here y) and press the + button on top of the box. Then OK in the define box and afterwards OK in the restrict access box. I tried renaming the y name to verified but that neither didn't do the trick. I checked for case sensitivity but the enum list of that column is 'n','y' as presented in your tutorial and even then, I can't figure out how to declare that if verified = y, the user should get access. Do I need to add username and password to that define box as well?

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
David_Powers
LEGEND ,
Jan 03, 2011 Jan 03, 2011
In Response To pearl_jan

pearl_jan wrote:

I checked for case sensitivity but the enum list of that column is 'n','y' as presented in your tutorial

If the enum list is 'n','y', the default value will be n. Have you checked the record in phpMyAdmin to see whether verified is n or y?

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
pearl_jan
New Here ,
Jan 03, 2011 Jan 03, 2011
In Response To David_Powers

David,

The verified value is indeed y. It changed to that value after clicking on the confirmation link in the email.

Can it have something to do with password maybe? Since it is a string of random characters, maybe the restrict access behaviour does not "decode" that string using the algorithm (or whatever that is called) to check for the correct password... just guessing here really

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
David_Powers
LEGEND ,
Jan 03, 2011 Jan 03, 2011
In Response To pearl_jan

pearl_jan wrote:

Can it have something to do with password maybe? Since it is a string of random characters, maybe the restrict access behaviour does not "decode" that string using the algorithm (or whatever that is called) to check for the correct password... just guessing here really

If you have encrypted the password when the user registers, you also need to encrypt the password when the user logs in.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
pearl_jan
New Here ,
Jan 04, 2011 Jan 04, 2011
LATEST
In Response To David_Powers

David,

Thank you for that insight, I figured it would be something like that and when I woke up this morning, it all made sense. I changed somthing from the tutorial (part I) you wrote and now it works fine.

I had trouble with the validation link in the email that is sent automatically. In your tutorial, section "generating and sending the validation email", you write:

$message .= urlencode($_POST['username']);
$message .= '&t=';
$message .= urlencode($token);

When using the code like this, it wouldn't set the verified column to y. However, when I changed the middle $message to

$message .= '&t=';

it updated the verified column to y. The URL that displayed from the original code displayed the & sign as & in the URL itself.

Next to that, whenever I try to add something to the e-mail, the validation link becomes not clickable anymore.

As the login problem concerns, encrypting indeed did the trick.

if (isset($_POST['username'])) {
  $loginUsername=$_POST['username'];
  $password=sha1($_POST['password']);

Putting the $_POST['password'] between brackets, adding sha1 in front of it. It works just fine now.

Hopefully no further problems on this anymore! Thanks a lot for your insights!

EDIT: I can't mark this thread as answered anymore?

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Copyright © 2025 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices