Double Login with websiteMembership
6 posts by 2 authors in: Forums > CMS Builder: Plugins & Add-ons
Last Post: Yesterday at 2:38pm (RSS)
I have a CMSB-based application that uses websiteMembership. It is set to allow both admin login and separate user log in.
Users of the backend login to perform their admin duties, one of which involves selecting a menu item that is a link to another page outside of the background interface that also requires login.
That page is protect like this:
i$libraryPath = 'xxxxxxx/lib/viewer_functions.php';
$dirsToCheck = ['','../','../../','../../../','../../../../'];
foreach ($dirsToCheck as $dir) {
if (@include_once("$dir$libraryPath")) { break; }
}
if (!function_exists('getRecords')) {
die("Couldn't load viewer library.");
}
if (!$CURRENT_USER) { websiteLogin_redirectToLogin(); }
if(!$CURRENT_USER['isCME_director'] && !$CURRENT_USER['isCME_staff'] && !$CURRENT_USER['isAdmin']) {
redirectBrowserToUrl("access_denied.php?msg=This feature is for administrators only.");
exit;
}
The problem I am having is that the logged in user who clicks the link taking him to this page is then presented with the login form once again and must log in a second time.
Has anyone encountered this behavior?
CMSB v. 3.56
websiteManagement v. 1.13
By Tim - Yesterday at 1:40pm
Hi pgplast,
When you say that you have separate logins, I am assuming you have set the WSM_SEPARATE_LOGIN global variable in websiteMembership.php to "true". This means that logging into CMSB is going to be a separate login than trying to login to pages that are protected by websiteMembership.
Your code there is testing for the websiteMembership login "CURRENT_USER" and if not, redirects them to the login page.
From what I am understand as to what you are saying, the user logs into CMSB as an admin, clicks a link which takes them to that page protected by websiteMembership. There it sees that CURRENT_USER is not set, so immediately redirects the user to the login page. Because the user has logged into CMSB doesn't mean they skip login for the page protected by websiteMembership (when using separate logins).
Am I understanding the process you are going through here? If not, any further clarification would help.
Thanks!
Senior Web Programmer
Interactivetools.com
Yes, Tim. You have it correct. Are you saying that setting $GLOBALS['WSM_SEPARATE_LOGIN'] = false; will allow a logged in backend user to avoid a second login on a websiteMembership protected page?
By pgplast - Yesterday at 2:15pm - edited: Yesterday at 2:16pm
I set it to false and that has eliminated the second login.
I guess I have been misunderstanding the setting itself. For what purpose do folks use the "true" setting of $GLOBALS['WSM_SEPARATE_LOGIN'] ?
By Tim - Yesterday at 2:36pm
Oh good, glad that has helped.
There might be various uses for it to be separate login. When enabled, the two login sessions are completely separate. You can be logged into CMSB and separately be logged into the front end as a different user. Maybe you are a CMSB admin doing some work in the back-end as an admin, but you want to login to the front-end as a normal user to see what they see. When set to false the CMSB user and the front-end use the same login space.
The practical effect of setting it to false is that if you log into CMSB admin, you'd also appear logged in on the website front-end. Of course it doesn't mean that a websiteMembership user could access the CMSB back-end because there are still permission checks etc. in place.
Hopefully that makes sense. :)
Senior Web Programmer
Interactivetools.com