User security for external page

This public forum is for user-to-user discussions of PHPMaker. Note that this is not support forum.
Post Reply
perci100
User
Posts: 58

User security for external page

Post by perci100 »

I remember seeing a post about this deep in a forum string somewhere a while back but I am trying to figure out how to secure an external page. Not a custom page but another page opened externally. How would I test for the user being logged in etc. can I just grab the session info and check against it being blank? I just want to make sure this external page is protected . Adding my code to a custom page is not an option. Any help is greatly appreciated.


mobhar
User
Posts: 11660

Post by mobhar »

Assume you are using v2017, then simply try this:

<?php
if (session_id() == "") session_start(); // Init session data
ob_start(); // Turn on output buffering
?>
<?php include_once "ewcfg13.php" ?>
<?php include_once "phpfn13.php" ?>
<?php
if (!IsLoggedIn()) {
echo "Access denied. Please <a href='login.php'>login</a>!<br>";
} else {
echo "<h1>Welcome to the external page ...</h1>";
// your external content goes here ...
}
?>


perci100
User
Posts: 58

Post by perci100 »

is it similar in v12? I have 2017 but I cant switch my application over yet.

Thank you for your help


mobhar
User
Posts: 11660

Post by mobhar »

Yes, that should be similar to v12. Just change "13" to "12" in the code I gave you before.


perci100
User
Posts: 58

Post by perci100 »

Ok thank you I had thought it might be different , getting a

Fatal error: Class 'GD' not found in /srv/www/htdocs/crm1/phpfn12.php on line 6630

looks like its trying to extend GD but not finding it , Is there an import im missing?


arbei
User
Posts: 9284

Post by arbei »

Fatal error: Class 'GD' not found in /srv/www/htdocs/crm1/phpfn12.php on
line 6630

Double check your php.ini enabled the "GD" extension and try again.


perci100
User
Posts: 58

Post by perci100 »

I dont think that is the case because it works on all other pages just not this external page but thank you. I did double check and GD is installed


mobhar
User
Posts: 11660

Post by mobhar »

There should be no issue, as I've already tried it and it works properly for v12. Make sure you have already used the latest of version 12.0.7, and then regenerated ALL the script files again.


perci100
User
Posts: 58

Post by perci100 »

yes latest version and all files were generated.

maybe because its not in the same root directory? Seems like it wouldn't matter as long as I link the two files you specified. Ill keep messing with it , missing a dependency somewhere.


afandiphd2
User
Posts: 2

Post by afandiphd2 »

I have implemented dynamic security and got a problem/error while on the web. It was smooth and good while on the localhost. I got this error message
"Unable to load user level from config file: /home/user/public_html/project1/{98cb30ac-40ea-4497-9528-652f9b6c4217}.xml

any ideas?
TQ


mobhar
User
Posts: 11660

Post by mobhar »

Make sure the file name is exactly same with the actual file itself. The filename should be case-sensitive.


perci100
User
Posts: 58

Post by perci100 »

I ended up doing this :

if (session_id() == "") session_start(); // Init session data
ob_start(); // Turn on output buffering

if(!$_SESSION["NewVDUSAcrm_status"] == "login")
{
echo "Access Denied - Please login to continue...";
}
else
{

}

The actual session variable seems to be <Project name>_status i could probably test for logging in as well as the original function does but this should work


Post Reply