Jump to content

Please Help...


Recommended Posts

I am having some big problems with the Dreamweaver MX 2004 PHP User Authentication feature...Nobody on Macromedia .com seems to be able to help me so I am turning to all of you...I am running out of time and my fustration level is getting high!! I would appritiate any help getting through this problem...

 

Everytime I put a restriction on a page my whole login system stops working almost like it reverts back to the login screen even if my username and password is correct...I have read something on google saying that you need to change the php.ini file to turn the register_globals on...But I can't do this...And nobody has a fix for me...I am going to post my php and I am in hopes someone can give me a hand...It will be sooo Appritiated!!

 

THE CODE FROM MY LOGIN PAGE IS AS FOLLOWS: (this is the code that dreamweaver server behaviors has created for me)

 

<?php require_once('Connections/Login.php'); ?>

<?php

// *** Validate request to login to this site.

session_start();

 

$loginFormAction = $_SERVER['PHP_SELF'];

if (isset($accesscheck)) {

$GLOBALS['PrevUrl'] = $accesscheck;

session_register('PrevUrl');

}

 

if (isset($_POST['mem_number'])) {

$loginUsername=$_POST['mem_number'];

$password=$_POST['password'];

$MM_fldUserAuthorization = "";

$MM_redirectLoginSuccess = "membersonly2a.php";

$MM_redirectLoginFailed = "membersonly1al.php";

$MM_redirecttoReferrer = false;

mysql_select_db($database_Login, $Login);

 

$LoginRS__query=sprintf("SELECT username, password FROM login WHERE username='%s' AND password='%s'",

get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password));

 

$LoginRS = mysql_query($LoginRS__query, $Login) or die(mysql_error());

$loginFoundUser = mysql_num_rows($LoginRS);

if ($loginFoundUser) {

$loginStrGroup = "";

 

//declare two session variables and assign them

$GLOBALS['MM_Username'] = $loginUsername;

$GLOBALS['MM_UserGroup'] = $loginStrGroup;

 

//register the session variables

session_register("MM_Username");

session_register("MM_UserGroup");

 

if (isset($_SESSION['PrevUrl']) && false) {

$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];

}

header("Location: " . $MM_redirectLoginSuccess );

}

else {

header("Location: ". $MM_redirectLoginFailed );

}

}

?>

 

 

THE CODE FROM MY RESTRICTED PAGE IS AS FOLLOWS:

 

<?php

session_start();

$MM_authorizedUsers = "";

$MM_donotCheckaccess = "true";

 

// *** Restrict Access To Page: Grant or deny access to this page

function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {

// For security, start by assuming the visitor is NOT authorized.

$isValid = False;

 

// When a visitor has logged into this site, the Session variable MM_Username set equal to their username.

// Therefore, we know that a user is NOT logged in if that Session variable is blank.

if (!empty($UserName)) {

// Besides being logged in, you may restrict access to only certain users based on an ID established when they login.

// Parse the strings into arrays.

$arrUsers = Explode(",", $strUsers);

$arrGroups = Explode(",", $strGroups);

if (in_array($UserName, $arrUsers)) {

$isValid = true;

}

// Or, you may restrict access to only certain users based on their username.

if (in_array($UserGroup, $arrGroups)) {

$isValid = true;

}

if (($strUsers == "") && true) {

$isValid = true;

}

}

return $isValid;

}

 

$MM_restrictGoTo = "membersonly1al.php";

if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {

$MM_qsChar = "?";

$MM_referrer = $_SERVER['PHP_SELF'];

if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";

if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)

$MM_referrer .= "?" . $QUERY_STRING;

$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);

header("Location: ". $MM_restrictGoTo);

exit;

}

?>

 

Link to comment
Share on other sites

Its true. You will need globals on. If you have no access to this then the only option is to write your own code, or you could use freaks login membership tutorial code and hack to suit your needs.

 

Alternatively try removing offending lines that require the globals and create new session values for sessions and what you have should work. I dont need to point them out do I.

 

Link to comment
Share on other sites

  • 3 weeks later...

Sorry for those who thought this is a reply!

 

I just want to join in with a "Oh jes I would like to see that answer too!".

 

This is a strangely overlooked topic. I have been searching for 2 days now, for a solution to this same problem . And I too did't find anything in Macromedia, though it would seem to be a fairly important issue!

Their new login server behaviors not working on apache servers with latest PHP...

 

Please anyone, a script-rewrite might even make you famous - there has to be quite a demand from newbies -

 

thanks anyway

Link to comment
Share on other sites

  • 3 weeks later...

OK, I just stumbled into this Dreamweaver MX 2004 much touted new 'feature' that doesn't freakin' work!

 

Here's what I did to make it work:

 

1) Read the PHP Manual ;) - This was rather painful as I usually only consult the snippets for the php functions, but there are a whole whack of functions for session handling that only apply if register_globals is enabled. After reading through the introduction and examples (at least three times) I finally figured it out. I think. More or less...

 

2) Change the way variables are stored in the DW pages. Here's your code, with notes and changes:

 

<?php require_once('Connections/Login.php'); ?>
<?php
// *** Validate request to login to this site.
session_start();

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {

// Here's where it starts - GLOBALS aren't enabled! so comment out this line
//$GLOBALS['PrevUrl'] = $accesscheck;

// Likewise, session_register() is not used if register_globals is disabled
//session_register('PrevUrl');

// Gotta replace it with something... Let's use the $_SESSION "superglobal array"! 
$_SESSION['PrevUrl'] = $accesscheck;

}

if (isset($_POST['mem_number'])) {
$loginUsername=$_POST['mem_number'];
$password=$_POST['password'];
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "membersonly2a.php";
$MM_redirectLoginFailed = "membersonly1al.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_Login, $Login);

$LoginRS__query=sprintf("SELECT username, password FROM login WHERE username='%s' AND password='%s'",
get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password)); 

$LoginRS = mysql_query($LoginRS__query, $Login) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = "";

/* All this cr@p has to be replaced!
//declare two session variables and assign them
$GLOBALS['MM_Username'] = $loginUsername;
$GLOBALS['MM_UserGroup'] = $loginStrGroup; 

//register the session variables
session_register("MM_Username");
session_register("MM_UserGroup");
*/

// replace it with the use of $_SESSION vars again
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup; 


if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl']; 
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>

 

Now the restricted page should work as expected. Here's the section that changes for logout:

 

<?php
if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
 //to fully log out a visitor we need to clear the session varialbles

 // This doesn't work with $_SESSION !!
 // session_unregister('MM_Username');
 // session_unregister('MM_UserGroup');

 // we have to do it another way...
 $_SESSION = array();

 // I think this does the job as required (it replaces the DW code perfectly)
 // but I'm not sure if one should then call session_destroy() or just leave it at that.
 // Any thoughts?

 $logoutGoTo = "login.php";
 if ($logoutGoTo) {
   header("Location: $logoutGoTo");
   exit;
 }
}
?>

 

That should do it... Like I said, I'm not sure if one should call session_destroy() after destroying the session vars, but I welcome any comments. :)

 

I don't think there is anything that needs changing in the other DW PHP behavior "check new login name" but I'll have a look when I get that far.

 

Miles

Link to comment
Share on other sites

  • 1 month later...
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.