Page 1 of 1

Dreamweaver login server behavior - variable in login

Posted: Tue Jul 15, 2008 4:28 pm
by damianjames
Hi -

I've been searching everywhere, including this site, and I can't seem to find an answer to the issue I'm having. I'm using the (somewhat dreaded) Dreamweaver server behavior for logging in a user, and I can't get it to pass a variable with login success, or login failure. I'm trying to set language preference using a variable in the URL, and am setting it in the session (or at least I think I'm setting it) that Dreamweaver is creating to try and propagate it between the pages. No matter what, the variable comes back as null when I authenticate or fail to authenticate on the page.

Here is the page that contains the login form:

Code: Select all

<?php require_once('Connections/COMPANY.php'); require_once('includes/config.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
 
  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
 
  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}
  $_SESSION['lang'] = $_GET['lang'];
  $lang = $_SESSION['lang'];
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}
if (isset($_POST['user'])) {
  $loginUsername=$_POST['user'];
  $password=$_POST['password'];
  $MM_fldUserAuthorization = "";
  $MM_redirectLoginSuccess = "/private/materials.php?lang=" . $lang;
  $MM_redirectLoginFailed = "login.php?" . $lang . "&loginfailed=true";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_Cuadros, $Cuadros);
  
  $LoginRS__query=sprintf("SELECT `user`, password FROM users WHERE `user`=%s AND password=%s",
    GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); 
   
  $LoginRS = mysql_query($LoginRS__query, $Cuadros) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
     $loginStrGroup = "";
    
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;       
 
    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];  
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>
    <?php
        echo("COMPANY - $logintitle");
    ?>
</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<?php 
    require_once("includes/heading.php");
 ?>
 <style type="text/css">
    .contact {
        background:url(<?php echo("images/login_bg_$lang.jpg"); ?>) top left;
        width:1000px;
        min-height:520px;
    }
    .contact_form {
        position:absolute;
        top:200px;
        left:300px;
    }
</style>
<div id="content">
  <div id="content_float">
    <div class="contact">
      <form ACTION="<?php echo $loginFormAction; ?>" method="POST" name="login">
<table class="contact_form">
<tr><td><?php echo $_SESSION['lang']; ?><br /><?php echo $lang ?></td></tr>
                <tr>
                    <td class="signinlabel"><?php echo $userlabel ?></td><td class="signinlabel"><input type="text" size="30" name="user" /></td>
                </tr>
                <tr>
                    <td class="signinlabel"><?php echo $passlabel ?></td><td class="signinlabel"><input type="password" size="30" name="password" /></td>
                </tr>
                <tr>
                    <td>&nbsp;</td><td><input type="submit" value="<?php echo $signinlabel ?>" /></td>
                </tr>
                <tr>
                    <td>&nbsp;</td><td class="errortext"><?php
                                        $loginfailed = $_GET['loginfailed'];
                                        if ($loginfailed == "true") {
                                            echo ("$failmsg");
                                        }
                                    ?>
                    </td>
                </tr>
            </table>
        </form>
    </div>
  </div>
</div>
 <div id="footer">
    <div class="footer_float">
        COPYRIGHT
    </div>
</div>
<body>
</body>
</html>
 
Config.php just sets a default language when there is none, and heading.php sets up the navigation.

Within the code, I'm trying to force $lang (the selected language of the user) into the session by:

Code: Select all

 
  $_SESSION['lang'] = $_GET['lang'];
  $lang = $_SESSION['lang'];
 
Then I'm displaying it for debugging purposes right now within the visible portion of the page to make sure it's being set in the variable and in the session:

Code: Select all

 
<tr><td><?php echo $_SESSION['lang']; ?><br /><?php echo $lang ?></td></tr>
 
These are both reporting correctly, as the URL is login.php?lang=eng and the page when rendered says:

eng
eng

The restricted page is materials.php. Here is the code for that:

Code: Select all

 
<?php
//initialize the session
if (!isset($_SESSION)) {
  session_start();
}
 
// ** Logout the current user. **
$_SESSION['lang'] = $_GET['lang'];
$lang = $_SESSION['lang'];
$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){
  $logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);
}
 
if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
  //to fully log out a visitor we need to clear the session variables
  $_SESSION['MM_Username'] = NULL;
  $_SESSION['MM_UserGroup'] = NULL;
  $_SESSION['PrevUrl'] = NULL;
  unset($_SESSION['MM_Username']);
  unset($_SESSION['MM_UserGroup']);
  unset($_SESSION['PrevUrl']);
    
  $logoutGoTo = "../login.php?lang=$lang";
  if ($logoutGoTo) {
    header("Location: $logoutGoTo");
    exit;
  }
}
?>
<?php
if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "user,admin";
$MM_donotCheckaccess = "true";
 
// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 
 
  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) { 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 
    } 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) { 
      $isValid = true; 
    } 
    if (($strUsers == "") && true) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}
 
$MM_restrictGoTo = "../login.php?lang=$lang";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) 
  $MM_referrer .= "?" . $QUERY_STRING;
  $MM_restrictGoTo = $MM_restrictGoTo . $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  $lang = $_GET['lang'];
  header("Location: ". $MM_restrictGoTo);
  exit;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<?php 
    switch($lang) {
        case "eng":
            $lang = "eng";
            break;
        default:
            $lang = "esp";
            break;
    }
    if ( $lang == "eng" ) {
        include("../languages/eng.php"); 
    }
    else {
        include("../languages/esp.php"); 
    }
?>
<title>
    <?php
        echo("COMPANY - $mattitle");
    ?>
</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<?php 
    require_once("../includes/heading.php");
 ?>
 <style type="text/css">
    .materials {
        background:url(<?php echo("/images/materials_bg_$lang.jpg"); ?>) top left;
        width:1000px;
        min-height:586px;
    }
</style>
<div id="content">
    <div id="content_float">
        <div class="materials">
            <div class="mat_content_left">
                <?php
                    echo ("<h2>$mat_content_left_header</h2><p>$mat_content_left_text</p>");
                ?>
            </div>
            <div id="logout">
            <a href="<?php echo $logoutAction ?>" name="logout"><?php echo $logout ?></a>
            </div>
            <div class="mat_content_right">
A BUNCH OF LINKS
            </div>
        </div>
    </div>
 </div>
<div id="footer">
    <div class="footer_float">
        &copy;2008 COMPANY  All Rights Reserved.
    </div>
</div>
</body>
</html>
 
I am again trying to force the $lang variable into the session, since I'm a bit desperate at this point :banghead:

The logout link actually works properly and maintains the variable setting through the next page.

the switch at the top is because includes/config.php doesn't want to work correctly for me, even with "/includes/config.php" but that's ok for now. eng.php and esp.php are the language files.

So with all that set, the debug code in to make sure the variables are being set, the best I can get when I submit a form is ?lang= with no value assigned. I'm sure I'm missing something small, and I would appreciate any assistance anyone can lend me!

Re: Dreamweaver login server behavior - variable in login

Posted: Tue Jul 15, 2008 7:14 pm
by damianjames
This was solved by adding the lang variable to loginformaction:

Code: Select all

 
  $loginFormAction = $_SERVER['PHP_SELF']."?lang=$lang";
 
And changing 'QUERY_STRING' to $_SERVER['QUERY_STRING'] in the isAuthorized function:

Code: Select all

 
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0)