0 Replies Latest reply on Oct 20, 2012 2:14 AM by anb_newbie

    Problem with Restrict Acces to Page()

    anb_newbie

      Hello, I have a login form which directs the user, after successful login, to another page where they have several options to update the website: update events, update videos, update photos... Surely, the users are stored in one table("admins"), the events are in stored in another table "events", etc...

      I added the Restrict Access to Page() behavior to each of updateevents page, updatevideos page and updatephotos page. If the person accessing those pages is not authorized to access those pages, he will be directed to the login page.

      However, even though the login is happening successfully, everytime i try to access any one of those update pages, I am being directed back to the login page as if I have no access to that page!

      What could be causing this problem? And how can I solve it?

       

      Here is the code (which I assume is linked to this problem) in one of my update files:

       

       

      <?php require_once('Connections/claudechalhoubconx.php'); ?>
      <?php
      if (!isset($_SESSION)) {
        session_start();
      }
      $MM_authorizedUsers = "";
      $MM_donotCheckaccess = "true";

      // *** Restrict Access To Page: Grant or deny access to this page
      function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
        // For security, start by assuming the visitor is NOT authorized.
        $isValid = False;

        // When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
        // Therefore, we know that a user is NOT logged in if that Session variable is blank.
        if (!empty($UserName)) {
          // Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
          // Parse the strings into arrays.
          $arrUsers = Explode(",", $strUsers);
          $arrGroups = Explode(",", $strGroups);
          if (in_array($UserName, $arrUsers)) {
            $isValid = true;
          }
          // Or, you may restrict access to only certain users based on their username.
          if (in_array($UserGroup, $arrGroups)) {
            $isValid = true;
          }
          if (($strUsers == "") && true) {
            $isValid = true;
          }
        }
        return $isValid;
      }

      $MM_restrictGoTo = "login.php";
      if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {  
        $MM_qsChar = "?";
        $MM_referrer = $_SERVER['PHP_SELF'];
        if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
        if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0)
        $MM_referrer .= "?" . $_SERVER['QUERY_STRING'];
        $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
        header("Location: ". $MM_restrictGoTo);
        exit;
      }
      ?>