Restricting Viewer Access to Logged In Users in 2.53
23 posts by 4 authors in: Forums > CMS Builder
Last Post: May 19, 2013 (RSS)
By gkornbluth - April 25, 2013 - edited: April 25, 2013
Greg Thomas has done it again...
He came up with this solution. He said,
“For some reason the server was creating two different sessions depending on if you are logged in at http://your_site.com/ or http://www.your_site.com. As the log off link was to www.your_site.com this was causing an issue if the user had logged in at the non www version. I've got around the problem by adding a rule to your htaccess file that redirects all site visitors to your_site.com. I've also added the session_unset to the if statement that checks if the user is logged in, as this should completely destroy the session.”
The .htaccess rule is:
# Redirect www urls to non-www
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.your_site\.com [NC]
RewriteRule (.*) http://your_site.com/$1 [R=301,L]
The viewer code including the session_unset code is:
<?php
if (!defined('START_SESSION')) { define('START_SESSION', true); }
// load viewer library
$libraryPath = 'cmsAdmin/lib/viewer_functions.php';
$dirsToCheck = array('/path_to_your_server/','','../','../../','../../../');
foreach ($dirsToCheck as $dir) { if (@include_once("$dir$libraryPath")) { break; }}
if (!function_exists('getRecords')) { die("Couldn't load viewer library, check filepath in sourcecode."); }
//Get the current CMS users details
$CMS_USER = getCurrentUserFromCMS();
//redirect the browser if no user is currently logged into the back end
if (!@$CMS_USER['num']){
session_unset();
redirectBrowserToUrl("http://your_site.com/cmsAdmin/admin.php?redirectUrl=" . $_SERVER['REQUEST_URI']);
exit;
}
?>
In the body of my viewer to separate access to the code for users and the code for admins:
<?php if( $CMS_USER['num']): ?>
<a class="special" href="http://your_site.com/cmsAdmin/admin.php?action=logoff">Click Here to Log Out</a><br /><br />
Code for any user...
<?php endif ?>
<br />
<?php if( $CMS_USER['isAdmin']): ?>
Code for admins only...
<?php endif ?>
Hope Greg's solution helps someone else.
Jerry Kornbluth
Take advantage of a free 3 month trial subscription, only for CMSB users, at: http://www.thecmsbcookbook.com/trial.php
By Jason - May 6, 2013
Hi Jerry,
Can you let me know what error you get when you log in as a non admin?
Thanks
Jason Sauchuk - Project Manager
interactivetools.com
Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/
By gkornbluth - May 19, 2013 - edited: May 19, 2013
Hi Jason,
Sorry for the delay.
I get no errors when logged in either as admin or non-admin with the following at the top of the page:
<?php
if (!defined('START_SESSION')) { define('START_SESSION', true); }
// load viewer library
$libraryPath = 'cmsAdmin/lib/viewer_functions.php';
$dirsToCheck = array('/hsphere/local/home/a12345/my_site.com/','','../','../../','../../../');
foreach ($dirsToCheck as $dir) { if (@include_once("$dir$libraryPath")) { break; }}
if (!function_exists('getRecords')) { die("Couldn't load viewer library, check filepath in sourcecode."); }
//Get the current CMS users details
$CMS_USER = getCurrentUserFromCMS();
//redirect the browser if no user is currently logged into the back end
if (!@$CMS_USER['num']){
session_unset();
redirectBrowserToUrl("http://elleschorrphotography.com/cmsAdmin/admin.php?redirectUrl=" . $_SERVER['REQUEST_URI']);
exit;
}
?>
And this in the body:
<?php if( $CMS_USER['isAdmin']): ?>
Code for admins...
<?php elseif( !$CMS_USER['isAdmin']): ?> :?>
Sorry, you're logged in but you're not an admin...
<?php else :?><?php else :?>
Sorry, based on the login credentials you used, you don't have the authority to access this page. <br />
<br />
To log in with the appropriate credentials, <a class="special" href="http://www.my_site.com/cmsAdmin/admin.php?action=logoff">Click Here to Log Out</a>, then return to this page and log in again.<br />
<?php endif ?>
Again, thanks for all your help,
Jerry Kornbluth
Take advantage of a free 3 month trial subscription, only for CMSB users, at: http://www.thecmsbcookbook.com/trial.php