4 Replies Latest reply on Jul 17, 2008 12:26 PM by Davidbirkin

    Restrict Access to Page Issue...

    Davidbirkin
      Hi this is my first time on Adobe forums, im regard myself as new to web design, im making my first proper website, for portfolio purposes. www.imaginationwebdesign.co.uk/port2 is the website..

      I am using Dreamweaver CS3 coding with HTML / PHP / MySQL

      My Issue:

      I have implemented Restrict Access to Page dependant upon User / Pass / Access Level.
      Access Levels are 1 and 3 and are stored on my MySQL Database.

      3 = Full Admin Rights
      1 = Minimal Admin Rights.

      Now, Whilst the Restrict access works, when Access Level 1 attempts to display page only for Access Level 3, It's not redirecting to the "AccessDenied.php" page... instead a blank white page is being displayed and unless i press Back, it just stays blank and doesnt redirect.

      I have used the Server Behaviour Panel so the code is automatically generated but the source is:

      <?php
      if (!isset($_SESSION)) {
      session_start();
      }
      $MM_authorizedUsers = "3";
      $MM_donotCheckaccess = "false";

      // *** Restrict Access To Page: Grant or deny access to this page
      function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
      // For security, start by assuming the visitor is NOT authorized.
      $isValid = False;

      // When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
      // Therefore, we know that a user is NOT logged in if that Session variable is blank.
      if (!empty($UserName)) {
      // Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
      // Parse the strings into arrays.
      $arrUsers = Explode(",", $strUsers);
      $arrGroups = Explode(",", $strGroups);
      if (in_array($UserName, $arrUsers)) {
      $isValid = true;
      }
      // Or, you may restrict access to only certain users based on their username.
      if (in_array($UserGroup, $arrGroups)) {
      $isValid = true;
      }
      if (($strUsers == "") && false) {
      $isValid = true;
      }
      }
      return $isValid;
      }

      $MM_restrictGoTo = "AccessDeniedAdmin.php";
      if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {
      $MM_qsChar = "?";
      $MM_referrer = $_SERVER['PHP_SELF'];
      if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
      if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
      $MM_referrer .= "?" . $QUERY_STRING;
      $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
      header("Location: ". $MM_restrictGoTo);
      exit;
      }
      ?>

      any help would be great to get the redirection working... I've tried this on several pages and it still doesnt work.

      Thank you and sorry if this is posted in the wrong area.

      David.
        • 1. Re: Restrict Access to Page Issue...
          Level 7
          Davidbirkin wrote:
          > Now, Whilst the Restrict access works, when Access Level 1 attempts to display
          > page only for Access Level 3, It's not redirecting to the "AccessDenied.php"
          > page... instead a blank white page is being displayed and unless i press Back,
          > it just stays blank and doesnt redirect.

          If you're getting a blank page, it suggests that the redirect is
          working, but that there's an error on the page it's trying to load. Many
          security conscious hosting companies now turn off the display of errors
          on PHP sites. If there's a parse error or other fatal error, you get
          nothing onscreen.

          Test AccessDeniedAdmin.php in your local testing environment, and track
          down any errors in the page.

          --
          David Powers, Adobe Community Expert
          Author, "The Essential Guide to Dreamweaver CS3" (friends of ED)
          Author, "PHP Solutions" (friends of ED)
          http://foundationphp.com/
          • 2. Re: Restrict Access to Page Issue...
            Davidbirkin Level 1
            I finally managed to solve the issue.. although, to me it was a rather strange issue..

            Before the Validation to check for Access level i had this line of code...

            <?php require_once('Connections/con1.php'); ?>

            No, i have moved that line of code to appear AFTER the access level validation check, and it's all working fine... maybe it's the order i added the dynamic functions to the Page, but now it is working... Thanks for your reply tho David.
            • 3. Re: Restrict Access to Page Issue...
              Level 7
              Davidbirkin wrote:
              > I finally managed to solve the issue.. although, to me it was a rather strange
              > issue..

              Strange to you, perhaps, but it's a very common issue.

              > Before the Validation to check for Access level i had this line of code...
              >
              > <?php require_once('Connections/con1.php'); ?>
              >
              > No, i have moved that line of code to appear AFTER the access level validation
              > check, and it's all working fine... maybe it's the order i added the dynamic
              > functions to the Page, but now it is working...

              As I said in my original reply, the problem was almost certainly caused
              by an error that you couldn't see because the display of errors is
              turned off for security reasons. The Restrict Access to Page server
              behavior uses session_start(), which must come before there is any
              output to the browser. "Output" includes new lines or whitespace outside
              PHP tags. There is almost certainly an extra line at the end of
              con1.php, which would prevent the session from starting. In turn, that
              would generate an error, resulting in your blank page.

              The problem is closely related to the "headers already sent" error
              message that confuses most PHP beginners. Read about it here:

              http://docs.php.net/manual/en/function.header.php

              By the way, it sounds as though you are testing everything on a remote
              server, rather than testing locally before deploying to a remote server.
              That's a very bad idea, particularly if the display of errors is turned
              off. You should test files in a safe, local environment with error
              reporting turned to the highest level, and eliminate all errors before
              deploying to a live server. If you're testing locally, make sure that
              error_reporting in php.ini is set to E_ALL, and that display_errors is on.

              --
              David Powers, Adobe Community Expert
              Author, "The Essential Guide to Dreamweaver CS3" (friends of ED)
              Author, "PHP Solutions" (friends of ED)
              http://foundationphp.com/
              • 4. Re: Restrict Access to Page Issue...
                Davidbirkin Level 1
                Yes you are correct, i am testing on a remote server. I guess your correct also in saying this is bad. I will take into consideration your reply and begin testing locally from this point onwards.

                Thank you for your replies to my issue, it's helped alot and local testing is safer than remote testing as the hosting company i am currently with does not allow access to php.ini

                Thank you.