Jump to content


Photo

Purpose of DW Auth Variable $MM_donotCheckaccess


  • Please log in to reply
1 reply to this topic

#1 mmtalon

mmtalon
  • Members
  • PipPip
  • Member
  • 20 posts

Posted 23 February 2006 - 02:01 AM

Does anyone have an idea how the variable "$MM_donotCheckaccess" in Dreamweaver's authentication restriction code is used, the when, where, why and how it's used. I am sure you have seen the code many times over. However, here it is again (below) with the variable in question at the fourth line. FYI, I am using DW 2K4MX.

P.S. This question is of utmost importance because I'm banging my head out of pure curiosity to know, so please help before curiosity kills the cat!!

Thank you in advance.

Here's the all so common code:

<?php
session_start();
$MM_authorizedUsers = "Sellers,builders,agents";
$MM_donotCheckaccess = "true";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
// For security, start by assuming the visitor is NOT authorized.
$isValid = False;

// When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
// Therefore, we know that a user is NOT logged in if that Session variable is blank.
if (!empty($UserName)) {
// Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
// Parse the strings into arrays.
$arrUsers = Explode(",", $strUsers);
$arrGroups = Explode(",", $strGroups);
if (in_array($UserName, $arrUsers)) {
$isValid = true;
}
// Or, you may restrict access to only certain users based on their username.
if (in_array($UserGroup, $arrGroups)) {
$isValid = true;
}
if (($strUsers == "") && true) {
$isValid = true;
}
}
return $isValid;
}

$MM_restrictGoTo = "myaccount.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {
$MM_qsChar = "?";
$MM_referrer = $_SERVER['PHP_SELF'];
if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
$MM_referrer .= "?" . $QUERY_STRING;
$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
header("Location: ". $MM_restrictGoTo);
exit;
}
?>

#2 glaughton

glaughton
  • New Members
  • Pip
  • Newbie
  • 1 posts

Posted 29 January 2009 - 02:38 PM

I was likewise banging my head out of curiosity so I had a good look at the code. The short answer is that the $MM_donotCheckaccess variable does NOT seem to be used although it's value is set to TRUE or FALSE depending on whether 'username, pasword and access level' or just 'username and password' is selected in the Restrict Access server behavior dialogue box.

Likewise the following line of code:

if (($strUsers == "") && false) {

contains true or false accordingly and this is what actually controls whether user has access or not. So, if I am right then the 'false' in the above satement could be replaced with the variable $MM_donotCheckaccess - this would make the code easier to read and make use of the variable. Otherwise it seems to be entirely redundant!

Hope this helps. Better late than never!

Graham

 




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users