Restricting Viewer Access to Logged In Users in 2.53
23 posts by 4 authors in: Forums > CMS Builder
Last Post: May 19, 2013 (RSS)
By gkornbluth - April 16, 2013
Hi All,
I’ve been restricting viewer access to logged in users only using the following code:
<?php
if (!defined('START_SESSION')) { define('START_SESSION', true); }
require_once "/path_to_your/cmsAdmin/lib/viewer_functions.php";
if (!@$_SESSION['username']) { header("Location: http://mydomain.com/cmsAdmin/admin.php?redirectUrl=" . $_SERVER['REQUEST_URI']); exit; }
?>
But after upgrading from 2.17 to 2.53, that code returns a “page not redirecting properly error “ in FF and a “cannot display web page” in IE
Any suggestions on the changes required for the new version?
Thanks,
Jerry Kornbluth
Take advantage of a free 3 month trial subscription, only for CMSB users, at: http://www.thecmsbcookbook.com/trial.php
By gregThomas - April 16, 2013
Hi Jerry,
The most likely cause is that the page has already sent the headers in the newer version CMSB for some reason, and so can't change the header to send the page to a new location.
Try changing your code to this:
<?php
if (!defined('START_SESSION')) { define('START_SESSION', true); }
require_once "/path_to_your/cmsAdmin/lib/viewer_functions.php";
if (!@$_SESSION['username']) {
redirectBrowserToUrl("http://mydomain.com/cmsAdmin/admin.php?redirectUrl=" . $_SERVER['REQUEST_URI']);
exit;
}
?>
The redirectBrowerToUrl function detects if the page headers have already been sent, and uses HTML or JavaScript to redirect the browser instead if required.
Let me know if this doesn't work.
Thanks!
Greg
PHP Programmer - interactivetools.com
By gkornbluth - April 16, 2013 - edited: April 16, 2013
Sorry Greg,
With the code you recommended (below) I get the same error.
The protected page is http://elleschorrphotography.com/publicity.php
If I'm lot logged in, the URL is http://elleschorrphotography.com/cmsAdmin/admin.php?redirectUrl=/publicity.php and I get redirected to the login page.
The URL that comes up after login is still http://elleschorrphotography.com/cmsAdmin/admin.php?redirectUrl=/publicity.php but I get the same error as before.
I've tried a few sites with the same result.
Jerry
<?php
if (!defined('START_SESSION')) { define('START_SESSION', true); }
// load viewer library
$libraryPath = 'cmsAdmin/lib/viewer_functions.php';
$dirsToCheck = array('/hsphere/local/home/a887307/elleschorrphotography.com/','','../','../../','../../../');
foreach ($dirsToCheck as $dir) { if (@include_once("$dir$libraryPath")) { break; }}
if (!function_exists('getRecords')) { die("Couldn't load viewer library, check filepath in sourcecode."); }
if (!@$_SESSION['username']) {
redirectBrowserToUrl("http://elleschorrphotography.com/cmsAdmin/admin.php?redirectUrl=" . $_SERVER['REQUEST_URI']);
exit; }
?>
Take advantage of a free 3 month trial subscription, only for CMSB users, at: http://www.thecmsbcookbook.com/trial.php
By gregThomas - April 16, 2013
Hi Jerry,
Are you still having issues with the page redirecting on some browsers?
I hadn't noticed earlier, but CMS Builder empties out the $_SESSION array and stores all user data in $CURRENT_USER for security reasons. So to detect if a user is logged in or not I would do this:
if (!defined('START_SESSION')) { define('START_SESSION', true); }
// load viewer library
$libraryPath = 'cmsAdmin/lib/viewer_functions.php';
$dirsToCheck = array('/hsphere/local/home/a887307/elleschorrphotography.com/','','../','../../','../../../');
foreach ($dirsToCheck as $dir) { if (@include_once("$dir$libraryPath")) { break; }}
if (!function_exists('getRecords')) { die("Couldn't load viewer library, check filepath in sourcecode."); }
if (!@$CURRENT_USER['num']){
redirectBrowserToUrl("http://elleschorrphotography.com/cmsAdmin/admin.php?redirectUrl=" . $_SERVER['REQUEST_URI']);
exit;
}
So as the $CURRENT_USER['num'] is a field that can't be changed, I've used it to detect if a user is logged in or not.
Thanks!
Greg
PHP Programmer - interactivetools.com
By gkornbluth - April 16, 2013
Hi Greg,
Sorry, but That didn't change anything. the result is identical.
I thought $CURRENT_USER was only valid when using the membership plugin. I guess not.
Jerry
Take advantage of a free 3 month trial subscription, only for CMSB users, at: http://www.thecmsbcookbook.com/trial.php
By gkornbluth - April 17, 2013
Hi Greg,
Any new insights on this?
Jerry Kornbluth
Take advantage of a free 3 month trial subscription, only for CMSB users, at: http://www.thecmsbcookbook.com/trial.php
By Djulia - April 17, 2013 - edited: April 17, 2013
Hi Jerry,
If you use version 2.53, you must check that the variable $GLOBALS [“WSM_SEPARATE_LOGIN”] is on "false" (in websiteMembership).
<?php
if (!defined('START_SESSION')) { define('START_SESSION', true); }
require_once "/path_to_your/cmsAdmin/lib/viewer_functions.php";
if (!isset($CURRENT_USER['username'])) { header("Location: /"); exit; }
?>
Hope that helps!
Djulia
By gkornbluth - April 17, 2013
Thanks Djulia,
I'm not using website membership on these sites
I'll keep that in mind though.
Jerry Kornbluth
Take advantage of a free 3 month trial subscription, only for CMSB users, at: http://www.thecmsbcookbook.com/trial.php
By gregThomas - April 17, 2013
Hi Jerry,
Sorry for a delay in the reply.
I've just discovered there is a new function you can use to get the current CMS user, and it works if you don't have the website membership plugin:
//Get the current CMS users details
$CMS_USER = getCurrentUserFromCMS();
//redirect the browser if no user is currently logged into the back end
if (!@$CMS_USER['num']){
redirectBrowserToUrl("http://elleschorrphotography.com/cmsAdmin/admin.php?redirectUrl=" . $_SERVER['REQUEST_URI']);
exit;
}
So the getCurrentUserFromCMS function returns an array that looks similar to the $CURRENT_USER array, but contains the CMS users information.
Thanks!
Greg
PHP Programmer - interactivetools.com
By gkornbluth - April 17, 2013
Hi Greg,
Thanks for discovering that. It seems to work.
One more question...
When I try to restrict access to admins by changing !@$CMS_USER ['num'] to !@$CMS_USER ['isAdmin'], if I log in as an admin the redirect works as it's supposed to, but if I log in as a non Admin it crashes with the same error as before.
Any thoughts?
Thanks,
Jerry Kornbluth
Take advantage of a free 3 month trial subscription, only for CMSB users, at: http://www.thecmsbcookbook.com/trial.php