Restrict Access To Page / php MySQL / DW

This is a discussion on "Restrict Access To Page / php MySQL / DW" within the Databases section. This forum, and the thread "Restrict Access To Page / php MySQL / DW are both part of the Program Your Website category.



Go Back   Webforumz.com > Main Forums > Program Your Website > Databases
Reload this Page Restrict Access To Page / php MySQL / DW

Notices
Please Register!
Webforumz.com is an education based community supporting web designers, developers and those who are new and learning. If you are a designer, developer, learning web design or are thinking about a career in web design then you have come to the right place. Register for free now to access more information and to participate in discussion and debate.


Reply
 
LinkBack Thread Tools
  #1 (permalink)  
Old Feb 17th, 2006, 17:16
Reputable Member
Join Date: May 2005
Location: Sheffield
Posts: 104
Thanks: 0
Thanked 0 Times in 0 Posts
Restrict Access To Page / php MySQL / DW
Working through a Dreamweaver tutorial.

I have connected to a MySQL database using PHP.
Set up Registration and Sign in Pages.
These save to the database fine.

Now I want to restrict access to pages before users sign in. I am using Dreamweaver Restrict Access To Page, server behaviour, but even when logged in, it restricts access and redirects to the sign in page??

All I can think is it is a session variable problem, I have copied the completed tutorial files onto my server and they still dont work.

Is there a way to test if session variables are working??

The tutorial is pretty much the same as on here:
http://www.macromedia.com/devnet/dre..._users_08.html

Let me know if you want to see any code...........
Last edited by Andy K; Feb 17th, 2006 at 18:22.
Reply With Quote

  #2 (permalink)  
Old Feb 18th, 2006, 09:35
Junior Member
Join Date: Feb 2006
Age: 40
Posts: 18
Thanks: 0
Thanked 0 Times in 0 Posts
Re: Restrict Access To Page / php MySQL / DW
This example assumes that the login page sets the session 'MM_level' retrieved from the db and that admin is level 1 and clients are level 0 and that you wish to restrict clients from lets say the admin area and redirect them to the clients area.
Quote:
admin_area.php (and any page you want restricted)
PHP: Select all

session_start();
//if there is no session set then redirect to login page
if(!isset($_SESSION['MM_level'])){
  header("Location: login.php");

//if the session MM_level is equal to 0 then redirect them to the clients area
else 
{
  if($_SESSION['MM_level'] == 0){
    header("Location: clients_area.php");
  }
Personally I then do a 2nd check of their username using another session set on the login page, you could also use the level not equal to 0 or else.
Quote:
clients_area.php (and any page you want only clients to see)
PHP: Select all

session_start();
//if there is no session set then redirect to login page
if(!isset($_SESSION['MM_user'])){
    header("Location: login.php");
The above example will allow users with assigned level of 1 to view the admin area, though users with level 0 clearance will be sent to the clients area and if there is no session then they are returned to the login page.

A quick test of whether a session is being passed is to set up 3 pages all beginning with session_start();. On the 1st page set the session and then either redirect to the 2nd page or have a basic link. On the 2nd page just have a basic link to the 3rd. On the 3rd page echo the session from the 1st page.
Reply With Quote
  #3 (permalink)  
Old Feb 18th, 2006, 10:36
Reputable Member
Join Date: May 2005
Location: Sheffield
Posts: 104
Thanks: 0
Thanked 0 Times in 0 Posts
Re: Restrict Access To Page / php MySQL / DW
Hi, thanks great help, but I am still having problems with the session variables.

I applied your code and it redirects correctly, or at least back to the login page.

So I tried what you suggested for testing the session. 3 Pages, each with session_start(); at the top.

signin.php
This snipet of code declares the session variables,
PHP: Select all

 //declare two session variables and assign them
$GLOBALS['MM_Username'] = $loginUsername;
$GLOBALS['MM_UserGroup'] = $loginStrGroup
//register the session variables
session_register("MM_Username");
session_register("MM_UserGroup"); 
welcome.php
This is the page users are directed to after successfull sign in.
I setup a variable:
PHP: Select all

$MYusername $_SESSION['MM_Username']; 
Then in the html echo:
<p> <?php echo $MYusername; ?> </p>

But nothing appears......

restricted.php
This page is accessed via a link on the welcome page. And includes access code.
PHP: Select all

<?php session_start(); 
require_once('Connections/conn_cup.php'); 
//if there is no session set then redirect to login page
if(!isset($_SESSION['MM_UserGroup'])){
header("Location: signin.php");

//if the session MM_level is equal to 0 then redirect them to the clients area
else 
{
if($_SESSION['MM_UserGroup'] == 'visitor'){
header("Location: restricted.php");
}

?>
Here............ if($_SESSION['MM_UserGroup'] == 'visitor'){

my UserGroup is set to either admin or visitor..

Is there anyting you can see which might be wrong? Does this look like the sessions are not active?
Reply With Quote
  #4 (permalink)  
Old Feb 18th, 2006, 11:01
Junior Member
Join Date: Feb 2006
Age: 40
Posts: 18
Thanks: 0
Thanked 0 Times in 0 Posts
Re: Restrict Access To Page / php MySQL / DW
This will be quick as I have to go out, but it looks like the session is not being registered:

Code: Select all
<?php session_start();
$loginUsername="Test";
$loginStrGroup="Visitor"; 
$GLOBALS['MM_Username'] = $loginUsername;
$GLOBALS['MM_UserGroup'] = $loginStrGroup; 
//register the session variables
session_register("MM_Username");
session_register("MM_UserGroup");  
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>
</head>

<body>
<a href="session2.php">Go to page 2.</a></body>
</html>
Code: Select all
<?php session_start();
$MYusername = $_SESSION['MM_Username'];  
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>
</head>

<body>
<?php echo $MYusername; ?>

</html>
Returns Test on the 2nd page. Have you checked your privacy settings on your browser? I'll check back on my return.
Reply With Quote
  #5 (permalink)  
Old Feb 18th, 2006, 11:06
Junior Member
Join Date: Feb 2006
Age: 40
Posts: 18
Thanks: 0
Thanked 0 Times in 0 Posts
Re: Restrict Access To Page / php MySQL / DW
A quick test to check go to:

http://www.choosespain.com/session1.php

and click the link you should be shown the word Test on its own.

Right gotta go...
Reply With Quote
  #6 (permalink)  
Old Feb 18th, 2006, 12:34
Reputable Member
Join Date: May 2005
Location: Sheffield
Posts: 104
Thanks: 0
Thanked 0 Times in 0 Posts
Re: Restrict Access To Page / php MySQL / DW
Thanks I will test after the match!!
Reply With Quote
  #7 (permalink)  
Old Feb 18th, 2006, 14:13
Reputable Member
Join Date: May 2005
Location: Sheffield
Posts: 104
Thanks: 0
Thanked 0 Times in 0 Posts
Re: Restrict Access To Page / php MySQL / DW
Ok! Your link works correctly, the word 'Text' is shown.

I have done an exact copy on my server and it does not work.....
http://www.graphicallies.com/test1.php

...... So it must be a server config issue..?

I am running on Windows 2003 server with php installed, but I am not sure what version of php it is, waiting for my isp to get back to me.

A quick search on the web at http://uk2.php.net/session , I found info about

Quote:
session.save_path

Note: Prior to PHP 4.3.6, Windows users had to change this variable in order to use PHP's session functions. A valid path must be specified, e.g.: c:/temp.
Worth giving that a go do you think?
Reply With Quote
  #8 (permalink)  
Old Feb 18th, 2006, 15:31
Reputable Member
Join Date: May 2005
Location: Sheffield
Posts: 104
Thanks: 0
Thanked 0 Times in 0 Posts
Re: Restrict Access To Page / php MySQL / DW
I have successfully changed the path using session_save_path

I assigned to variable walkPATH to check using echo....

Code: Select all
 
<?php 
session_save_path("/domains/mydomain.com/sess");
session_start();
$walkPATH = session_save_path();
...
...
...
<body>
<p><a href="session2.php">Go to page 2.</a>
</p>
<p><? echo $walkPATH; ?></p>
</body>
</html>
I have put

session_save_path("/domains/mydomain.com/sess");
session_start();

At the start of each page.

However the session vars are still not being passed. So another search on the net and I found:

To be able to use session variables in sites on a windows environments, you have to set session_set_cookies = 1 in php.ini.

Im running off a commercial server, so I guess access to php.ini will be restricted, so I will contact my host providers.

Am I on the right track here? Are there any security issues involved with changing this?

This is really a php topic now, but with it involving a database I posted it in here.
Reply With Quote
  #9 (permalink)  
Old Feb 18th, 2006, 17:05
Junior Member
Join Date: Feb 2006
Age: 40
Posts: 18
Thanks: 0
Thanked 0 Times in 0 Posts
Re: Restrict Access To Page / php MySQL / DW
I'm not sure how much of the php.ini files you can change, but it can be done either in script or htaccess using ini_set() http://www.php.net/manual/en/function.ini-set.php
however this is at the limit of my knowledge since I've not had the need to use it.

To find out what version of php and the ini settings your server runs, create a blank php page with the code

PHP: Select all

<?php phpinfo();
?>
Place on server and call the page to view the results.
Reply With Quote
Reply

Tags
restrict, access, page, php, mysql

« Connected to DB in Dreamweaver but no tables shown?? | msql Connectons in Dreamweaver »
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
Best way to prevent access to page B except via page A? Donny Bahama PHP Forum 1 Apr 3rd, 2008 02:15
How to connect the microsoft access database using HTML page mazenbluee Databases 5 Nov 21st, 2007 06:49
Restrict Access Mike Henson JavaScript Forum 17 Sep 10th, 2007 09:47
Printing single record from Access via Report in Web Page Neotekk JavaScript Forum 0 Jun 18th, 2007 15:20
Access a HTML InputBox through the Code-Page bwalker ASP.NET Forum 5 Nov 10th, 2005 12:58


All times are GMT. The time now is 01:32.

Contact Us - Web Design & Development Forums - Archive - Top

Sleep Study Scoring :: Free Bet :: Online Betting :: Bookmakers :: Funny Quotes :: Internet Recruitment Software :: Microsoft CRM Experts :: Online Casino :: Decorated Christmas Trees :: Midwife Forums :: Football Betting :: Web Development India :: Ecommerce Software :: Football Stats :: Dry Cleaning Collection :: Free Bets :: xtreme wales - extreme clothing :: Apuestas :: SEO Company India :: Werbeartikel :: Sharepoint Consultants :: Search Engine Optimisation :: Office Clearance London :: Sharepoint Experts :: Sports Betting :: Casino :: Website Templates :: Online Gambling

Powered by vBulletin®
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.2.0 RC8
© 2003-2008 Webforumz.com : All Rights Reserved

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43