Restricting Viewer Access to Logged In Users in 2.53

23 posts by 4 authors in: Forums > CMS Builder
Last Post: May 19, 2013   (RSS)

Hi Jerry,

The most likely cause is that the page has already sent the headers in the newer version CMSB for some reason, and so can't change the header to send the page to a new location.

Try changing your code to this:

<?php
  if (!defined('START_SESSION')) { define('START_SESSION', true); }
  require_once "/path_to_your/cmsAdmin/lib/viewer_functions.php";
  if (!@$_SESSION['username']) { 
    redirectBrowserToUrl("http://mydomain.com/cmsAdmin/admin.php?redirectUrl=" . $_SERVER['REQUEST_URI']);
    exit; 
  }
?>

The redirectBrowerToUrl function detects if the page headers have already been sent, and uses HTML or JavaScript to redirect the browser instead if required.

Let me know if this doesn't work.

Thanks!

Greg

Greg Thomas







PHP Programmer - interactivetools.com

By gkornbluth - April 16, 2013 - edited: April 16, 2013

Sorry Greg,

With the code you recommended (below) I get the same error.

The protected page is http://elleschorrphotography.com/publicity.php

If I'm lot logged in, the URL is http://elleschorrphotography.com/cmsAdmin/admin.php?redirectUrl=/publicity.php and I get redirected to the login page.

The URL that comes up after login is still http://elleschorrphotography.com/cmsAdmin/admin.php?redirectUrl=/publicity.php but I get the same error as before.

I've tried a few sites with the same result.

Jerry

<?php
 
 if (!defined('START_SESSION')) { define('START_SESSION', true); }
  // load viewer library
  $libraryPath = 'cmsAdmin/lib/viewer_functions.php';
  $dirsToCheck = array('/hsphere/local/home/a887307/elleschorrphotography.com/','','../','../../','../../../');
  foreach ($dirsToCheck as $dir) { if (@include_once("$dir$libraryPath")) { break; }}
  if (!function_exists('getRecords')) { die("Couldn't load viewer library, check filepath in sourcecode."); }
  if (!@$_SESSION['username']) {
    redirectBrowserToUrl("http://elleschorrphotography.com/cmsAdmin/admin.php?redirectUrl=" . $_SERVER['REQUEST_URI']);
    exit; }
?>

The first CMS Builder reference book is now available on-line!







Take advantage of a free 3 month trial subscription, only for CMSB users, at: http://www.thecmsbcookbook.com/trial.php

Hi Jerry,

Are you still having issues with the page redirecting on some browsers?

I hadn't noticed earlier, but CMS Builder empties out the $_SESSION array and stores all user data in $CURRENT_USER for security reasons. So to detect if a user is logged in or not I would do this:

   if (!defined('START_SESSION')) { define('START_SESSION', true); }
  // load viewer library
  $libraryPath = 'cmsAdmin/lib/viewer_functions.php';
  $dirsToCheck = array('/hsphere/local/home/a887307/elleschorrphotography.com/','','../','../../','../../../');
  foreach ($dirsToCheck as $dir) { if (@include_once("$dir$libraryPath")) { break; }}
  if (!function_exists('getRecords')) { die("Couldn't load viewer library, check filepath in sourcecode."); }
  if (!@$CURRENT_USER['num']){ 
    redirectBrowserToUrl("http://elleschorrphotography.com/cmsAdmin/admin.php?redirectUrl=" . $_SERVER['REQUEST_URI']);
    exit;
  }

So as the $CURRENT_USER['num'] is a field that can't be changed, I've used it to detect if a user is logged in or not. 

Thanks!

Greg

Greg Thomas







PHP Programmer - interactivetools.com

Hi Greg,

Sorry, but That didn't change anything. the result is identical.

I thought $CURRENT_USER was only valid when using the membership plugin. I guess not.

Jerry

The first CMS Builder reference book is now available on-line!







Take advantage of a free 3 month trial subscription, only for CMSB users, at: http://www.thecmsbcookbook.com/trial.php

Hi Greg,

Any new insights on this?

Jerry Kornbluth

The first CMS Builder reference book is now available on-line!







Take advantage of a free 3 month trial subscription, only for CMSB users, at: http://www.thecmsbcookbook.com/trial.php

By Djulia - April 17, 2013 - edited: April 17, 2013

Hi Jerry,

If you use version 2.53, you must check that the variable $GLOBALS [“WSM_SEPARATE_LOGIN”] is on "false" (in websiteMembership).

<?php
  if (!defined('START_SESSION')) { define('START_SESSION', true); }
  require_once "/path_to_your/cmsAdmin/lib/viewer_functions.php";
  if (!isset($CURRENT_USER['username'])) { header("Location: /"); exit; }
?>

Hope that helps!

Djulia

Thanks Djulia,

I'm not using website membership on these sites

I'll keep that in mind though.

Jerry Kornbluth

The first CMS Builder reference book is now available on-line!







Take advantage of a free 3 month trial subscription, only for CMSB users, at: http://www.thecmsbcookbook.com/trial.php

Hi Jerry, 

Sorry for a delay in the reply. 

I've just discovered there is a new function you can use to get the current CMS user, and it works if you don't have the website membership plugin:

  //Get the current CMS users details
  $CMS_USER = getCurrentUserFromCMS(); 
  
  //redirect the browser if no user is currently logged into the back end
  if (!@$CMS_USER['num']){ 
    redirectBrowserToUrl("http://elleschorrphotography.com/cmsAdmin/admin.php?redirectUrl=" . $_SERVER['REQUEST_URI']);
    exit;
  }

So the getCurrentUserFromCMS function returns an array that looks similar to the $CURRENT_USER array, but contains the CMS users information. 

Thanks!

Greg

Greg Thomas







PHP Programmer - interactivetools.com

Hi Greg,

Thanks for discovering that. It seems to work.

One more question...

When I try to restrict access to admins by changing !@$CMS_USER ['num'] to !@$CMS_USER ['isAdmin'], if I log in as an admin the redirect works as it's supposed to, but if I log in as a non Admin it crashes with the same error as before.

Any thoughts?

Thanks,

Jerry Kornbluth

The first CMS Builder reference book is now available on-line!







Take advantage of a free 3 month trial subscription, only for CMSB users, at: http://www.thecmsbcookbook.com/trial.php