Page 1 of 1

Authentication Problems

Posted: Thu Jul 27, 2006 2:00 pm
by Assured99
Ok i am trying to open a page that i want to secure when i open the page i get an Error:

Code: Select all

Fatal error: Call to undefined function: allow_access()
I would assume that this would be a problem with the Function so i looked it over and everything seems to be allright.

Code: Select all

function allow_access($group) 
{ 
        // Check the value of the session vars 'group1' 'group2' 'group3' or 'user_name' 
        if 	($_SESSION['group1'] == $group || 
                $_SESSION['group2'] == $group || 
                $_SESSION['group3'] == $group ||
	$_SESSION['group1'] == "Referrals" ||  
                $_SESSION['group1'] == "Patients" || 
                $_SESSION['group1'] == "Employees" || 
                $_SESSION['group1'] == "Administrators" || 
                $_SESSION['user_name'] == $group) 
        { 
                // Set the var allowed to 'yes' 
                $allowed = "yes"; 
        } else { 
                // Set the var allowed to 'no' 
                $allowed = "no"; 
        } 

        // Return the var allowed 
        return $allowed; 
}

Here is the code from the page im trying to secure

Code: Select all

<?php

//prevents caching
header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: post-check=0, pre-check=0",false);
session_cache_limiter();
session_start();

require('http://www.mydomain.com/secure/config.php');

require('http://www.mydomain.com/secure/functions.php'); 

//this is group name or username of the group or person that you wish to allow access to
// - please be advise that the Administrators Groups has access to all pages.
if (allow_access('Administrators') != "yes")
if (allow_access('Employees') != "no")
if (allow_access('Patients') != "no")
if (allow_access('Referrals') != "no")
if (allow_access('Users') != "no")
{ 
include ('http://www.mydomain.com/secure/no_access.html'); 
exit;
}
?>

Can i use the Multiple Group 1's in the Function because the Access Level is only stored in group1?

Any other ideas will be appreciated

Posted: Thu Jul 27, 2006 2:03 pm
by feyd
requiring or including a file from an external source will not return the code inside them unless they are scripted to do so. Change the paths to local ones.

Posted: Thu Jul 27, 2006 2:04 pm
by Luke
I believe this is your problem...

Code: Select all

require('http://www.mydomain.com/secure/config.php');

require('http://www.mydomain.com/secure/functions.php');
Needs to be relative to the url you are at or a unix path "/something/somethingelse/bla/foo/bar/functions.php"

Posted: Thu Jul 27, 2006 2:06 pm
by Assured99
so Change:

Code: Select all

require('http://www.mydomain.com/secure/config.php'); 

require('http://www.mydomain.com/secure/functions.php');
TO

Code: Select all

require('/secure/config.php'); 

require('/secure/functions.php');
????

Posted: Thu Jul 27, 2006 2:07 pm
by Assured99
Now when you say relative path

How would i get it to go back to a higher folder???

Posted: Thu Jul 27, 2006 2:08 pm
by feyd
../

Posted: Thu Jul 27, 2006 2:11 pm
by Assured99
Now i have this:

Code: Select all

Warning: main(../secure/config.php): failed to open stream: No such file or directory in /home/assuredm/public_html/login/employee/employee.php on line 10

Posted: Thu Jul 27, 2006 2:12 pm
by Assured99
Ok i fixed that issue by adding /home/assuredm/public_html/ before tha path but the web page is still not secure any clues?????

Posted: Thu Jul 27, 2006 2:30 pm
by RobertGonzalez
Can you describe what you mean when you say
Assured99 wrote:the web page is still not secure any clues?????

Posted: Fri Jul 28, 2006 12:07 pm
by Assured99
Everah wrote:Can you describe what you mean when you say
Assured99 wrote:the web page is still not secure any clues?????
Yes, I can log onto the page by typing the URL in directly, There is no prompt for Username and Password or Redirtection to no_access.html. it allows you to view the page.

Eaither one would be fine i believe it it going to no_access.html right now.

Posted: Fri Jul 28, 2006 9:10 pm
by RobertGonzalez
Can you post the code in which you call the authentication function?

Posted: Mon Jul 31, 2006 11:23 am
by Assured99
Everah wrote:Can you post the code in which you call the authentication function?

Code: Select all

<?php

//prevents caching
header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: post-check=0, pre-check=0",false);
session_cache_limiter();
session_start();

require('/home/assuredm/public_html/secure/config.php');

require('/home/assuredm/public_html/secure/functions.php'); 

//this is group name or username of the group or person that you wish to allow access to
// - please be advise that the Administrators Groups has access to all pages.
if (allow_access('Administrators') != "yes")
if (allow_access('Employees') != "no")
if (allow_access('Patients') != "no")
if (allow_access('Referrals') != "no")
if (allow_access('Users') != "no")
{ 
include ('http://www.mydomain.com/secure/no_access.html'); 
exit;
}
?>

Posted: Mon Jul 31, 2006 11:25 am
by Assured99
or did you mean this ?

Code: Select all

function allow_access($group) 
{ 
        // Check the value of the session vars 'group1' 'group2' 'group3' or 'user_name' 
        if 	($_SESSION['group1'] == $group || 
                $_SESSION['group2'] == $group || 
                $_SESSION['group3'] == $group ||
				$_SESSION['group1'] == "Referrals" ||  
                $_SESSION['group1'] == "Patients" || 
                $_SESSION['group1'] == "Employees" || 
                $_SESSION['group1'] == "Administrators" || 
                $_SESSION['user_name'] == $group) 
        { 
                // Set the var allowed to 'yes' 
                $allowed = "yes"; 
        } else { 
                // Set the var allowed to 'no' 
                $allowed = "no"; 
        } 

        // Return the var allowed 
        return $allowed; 
}