Jump to content


Photo

Please Help...


  • Please log in to reply
6 replies to this topic

#1 Nicolem213

Nicolem213
  • New Members
  • Pip
  • Newbie
  • 2 posts

Posted 20 October 2004 - 01:46 PM

I am having some big problems with the Dreamweaver MX 2004 PHP User Authentication feature...Nobody on Macromedia .com seems to be able to help me so I am turning to all of you...I am running out of time and my fustration level is getting high!! I would appritiate any help getting through this problem...

Everytime I put a restriction on a page my whole login system stops working almost like it reverts back to the login screen even if my username and password is correct...I have read something on google saying that you need to change the php.ini file to turn the register_globals on...But I can't do this...And nobody has a fix for me...I am going to post my php and I am in hopes someone can give me a hand...It will be sooo Appritiated!!

THE CODE FROM MY LOGIN PAGE IS AS FOLLOWS: (this is the code that dreamweaver server behaviors has created for me)

<?php require_once('Connections/Login.php'); ?>
<?php
// *** Validate request to login to this site.
session_start();

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {
$GLOBALS['PrevUrl'] = $accesscheck;
session_register('PrevUrl');
}

if (isset($_POST['mem_number'])) {
$loginUsername=$_POST['mem_number'];
$password=$_POST['password'];
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "membersonly2a.php";
$MM_redirectLoginFailed = "membersonly1al.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_Login, $Login);

$LoginRS__query=sprintf("SELECT username, password FROM login WHERE username='%s' AND password='%s'",
get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password));

$LoginRS = mysql_query($LoginRS__query, $Login) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = "";

//declare two session variables and assign them
$GLOBALS['MM_Username'] = $loginUsername;
$GLOBALS['MM_UserGroup'] = $loginStrGroup;

//register the session variables
session_register("MM_Username");
session_register("MM_UserGroup");

if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>


THE CODE FROM MY RESTRICTED PAGE IS AS FOLLOWS:

<?php
session_start();
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
// For security, start by assuming the visitor is NOT authorized.
$isValid = False;

// When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
// Therefore, we know that a user is NOT logged in if that Session variable is blank.
if (!empty($UserName)) {
// Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
// Parse the strings into arrays.
$arrUsers = Explode(",", $strUsers);
$arrGroups = Explode(",", $strGroups);
if (in_array($UserName, $arrUsers)) {
$isValid = true;
}
// Or, you may restrict access to only certain users based on their username.
if (in_array($UserGroup, $arrGroups)) {
$isValid = true;
}
if (($strUsers == "") && true) {
$isValid = true;
}
}
return $isValid;
}

$MM_restrictGoTo = "membersonly1al.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {
$MM_qsChar = "?";
$MM_referrer = $_SERVER['PHP_SELF'];
if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
$MM_referrer .= "?" . $QUERY_STRING;
$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
header("Location: ". $MM_restrictGoTo);
exit;
}
?>


#2 morpheus.100

morpheus.100
  • Members
  • PipPipPip
  • Advanced Member
  • 145 posts

Posted 20 October 2004 - 04:39 PM

Its true. You will need globals on. If you have no access to this then the only option is to write your own code, or you could use freaks login membership tutorial code and hack to suit your needs.

Alternatively try removing offending lines that require the globals and create new session values for sessions and what you have should work. I dont need to point them out do I.


#3 Nicolem213

Nicolem213
  • New Members
  • Pip
  • Newbie
  • 2 posts

Posted 20 October 2004 - 05:31 PM

Alright...Now I feel like a real pain...Could you point them out...This is the first thing I have ever done with php so it is all new to me...Appritiated...
Nicole

#4 kamvik

kamvik
  • New Members
  • Pip
  • Newbie
  • 2 posts

Posted 10 November 2004 - 07:18 PM

Sorry for those who thought this is a reply!

I just want to join in with a "Oh jes I would like to see that answer too!".

This is a strangely overlooked topic. I have been searching for 2 days now, for a solution to this same problem . And I too did't find anything in Macromedia, though it would seem to be a fairly important issue!
Their new login server behaviors not working on apache servers with latest PHP...

Please anyone, a script-rewrite might even make you famous - there has to be quite a demand from newbies -

thanks anyway

#5 kamvik

kamvik
  • New Members
  • Pip
  • Newbie
  • 2 posts

Posted 10 November 2004 - 07:18 PM

please disregard this - I just happened to post this reply twice..

#6 MilesM

MilesM
  • New Members
  • Pip
  • Newbie
  • 1 posts

Posted 29 November 2004 - 11:10 PM

OK, I just stumbled into this Dreamweaver MX 2004 much touted new 'feature' that doesn't freakin' work!

Here's what I did to make it work:

1) Read the PHP Manual ;) - This was rather painful as I usually only consult the snippets for the php functions, but there are a whole whack of functions for session handling that only apply if register_globals is enabled. After reading through the introduction and examples (at least three times) I finally figured it out. I think. More or less...

2) Change the way variables are stored in the DW pages. Here's your code, with notes and changes:

<?php require_once('Connections/Login.php'); ?>
<?php
// *** Validate request to login to this site.
session_start();

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {

// Here's where it starts - GLOBALS aren't enabled! so comment out this line
//$GLOBALS['PrevUrl'] = $accesscheck;

// Likewise, session_register() is not used if register_globals is disabled
//session_register('PrevUrl');

// Gotta replace it with something... Let's use the $_SESSION "superglobal array"! 
$_SESSION['PrevUrl'] = $accesscheck;

}

if (isset($_POST['mem_number'])) {
$loginUsername=$_POST['mem_number'];
$password=$_POST['password'];
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "membersonly2a.php";
$MM_redirectLoginFailed = "membersonly1al.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_Login, $Login);

$LoginRS__query=sprintf("SELECT username, password FROM login WHERE username='%s' AND password='%s'",
get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password)); 

$LoginRS = mysql_query($LoginRS__query, $Login) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = "";

/* All this cr@p has to be replaced!
//declare two session variables and assign them
$GLOBALS['MM_Username'] = $loginUsername;
$GLOBALS['MM_UserGroup'] = $loginStrGroup; 

//register the session variables
session_register("MM_Username");
session_register("MM_UserGroup");
*/

// replace it with the use of $_SESSION vars again
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup; 


if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl']; 
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>

Now the restricted page should work as expected. Here's the section that changes for logout:

<?php
if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
  //to fully log out a visitor we need to clear the session varialbles

  // This doesn't work with $_SESSION !!
  // session_unregister('MM_Username');
  // session_unregister('MM_UserGroup');

  // we have to do it another way...
  $_SESSION = array();

  // I think this does the job as required (it replaces the DW code perfectly)
  // but I'm not sure if one should then call session_destroy() or just leave it at that.
  // Any thoughts?
	
  $logoutGoTo = "login.php";
  if ($logoutGoTo) {
    header("Location: $logoutGoTo");
    exit;
  }
}
?>

That should do it... Like I said, I'm not sure if one should call session_destroy() after destroying the session vars, but I welcome any comments. :)

I don't think there is anything that needs changing in the other DW PHP behavior "check new login name" but I'll have a look when I get that far.

Miles

#7 Incessant-Logic

Incessant-Logic
  • Members
  • Pip
  • Newbie
  • 9 posts

Posted 13 January 2005 - 10:20 PM

You may also want to check out this tutorial!

I may be wrong but looking at the examples and the manual page, search for register_globals. It would seem that you could escape the pages that you wnat when you want....

IL




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users