PHP Blog trouble

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
WolfpactVI
Forum Newbie
Posts: 2
Joined: Mon Jan 24, 2005 10:32 am
Location: Dún na nGall

PHP Blog trouble

Post by WolfpactVI »

Hello all!

This is my first time using these forums, so I'm not sure if this is the right place to post this. But I use a Mac, so at least it's a start.

My problem is this: I've been woking on building a blog for my website based on this tutorial for Dreamweaver. In the second part, it goes over user authentification and creating an admin section for editing and deleting entries and topics. Trouble is, after I finished part 2 and uploaded everything, I cant access any of the pages that contain the forms for updating and such. What happens is that when I click on a link, I'm asked (again) for my username and password, and then directed back to the admin index.php page instead of the update_art.php page.

The tutorial has all the finished pages available for download. I checked the PHP code that Dreamweaver generated when I was finished to the finished product available to download. They were identical.

Now I think it either must be faulty PHP code that Dreamweaver generated, or else I have something commented or uncommented that shouldn't be in Apache's config files (my website is hosted on my home computer - for fun!).

Unfortunately I'm at school right now, so I can't get at my files until tonight. However, this person had the same problem as me, and the code is posted.

Any help would be greatly appreciated! I'm very new to all of this - PHP, MySQL, Apache, etc. I'm thoroughly enjoying learning it, but dont know nearly enough to solve a problem like this.

- Wolf
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Welcome to DevNet.


Moved to PHP - Code.
WolfpactVI
Forum Newbie
Posts: 2
Joined: Mon Jan 24, 2005 10:32 am
Location: Dún na nGall

Post by WolfpactVI »

OK, here is the code from the admintemplate file, which controls the user authentification and redirects users to different pages. For some reason, it is stuck always redirecting to the admin index page, and will not let me into the other pages. The first bit is for a "logout user" feature, the second is supposed to be for authentication, and for storing the entered username and password.

Code: Select all

<?php
//initialize the session
session_start();

// ** Logout the current user. **
$logoutAction = $_SERVER&#1111;'PHP_SELF']."?doLogout=true";
if ((isset($_SERVER&#1111;'QUERY_STRING'])) && ($_SERVER&#1111;'QUERY_STRING'] != ""))&#123;
  $logoutAction .="&". htmlentities($_SERVER&#1111;'QUERY_STRING']);
&#125;

if ((isset($_GET&#1111;'doLogout'])) &&($_GET&#1111;'doLogout']=="true"))&#123;
  //to fully log out a visitor we need to clear the session varialbles
  session_unregister('MM_Username');
  session_unregister('MM_UserGroup');
	
  $logoutGoTo = "/blog/index.php";
  if ($logoutGoTo) &#123;
    header("Location: $logoutGoTo");
    exit;
  &#125;
&#125;
?>
<?php
session_start();
$MM_authorizedUsers = "admin";
$MM_donotCheckaccess = "false";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) &#123; 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 

  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) &#123; 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) &#123; 
      $isValid = true; 
    &#125; 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) &#123; 
      $isValid = true; 
    &#125; 
    if (($strUsers == "") && false) &#123; 
      $isValid = true; 
    &#125; 
  &#125; 
  return $isValid; 
&#125;

$MM_restrictGoTo = "/admin/login.php";
if (!((isset($_SESSION&#1111;'MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION&#1111;'MM_Username'], $_SESSION&#1111;'MM_UserGroup'])))) &#123;   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER&#1111;'PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) 
  $MM_referrer .= "?" . $QUERY_STRING;
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
&#125;
?>
I forget where the Apache config file is, so if someone could give me the location again, so I can check through it, that would be great.

- Wolf
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

the problem I see is isAuthorized() is expecting a list of user and group names that are allowed access. But your call does not give it said list of valid users, therefore it fails your authorization.


my apologies for taking a while to reply.
Post Reply