restricting access a page...
I followed a tutorial for Dreamweaver restrict access to a page on my site that will contain sensitive data. I have a login form using the login server behavior. It works very well - to direct me to the page appropriate for successful and failed logons. I have the connected mySql database and uses php.
The next step, limiting access to a page does not work. I select the html page, add the server behavior in DW, select username password. He created the php page. Update is made to the login page for now toward the restricted php page, but even on a successful login, I am sent to the login page failed. I looked on several published Adobe articles on this and I am confident, that I followed the steps.
Is there a php configuration setting required on my server? or is there a step I'm missing in dreamweaver? anyone with some insight on where to seek a solution, your help is greatly apprecaited.
soulfunkifiedjazz wrote:
even on a successful login, I am sent to the login page failed.
Read what you just wrote. It is not sensible. If the connection is successful, you will be sent to the page successfully. The fact that you are sent to the page failure means that the connection has failed.
What you need to do is to find out why the connection fails. No doubt you are convinced that the username and password are correct, that's why you think that the connection was successful. Because it worked without limiting access to Page Server behavior, it sounds as if there is no problem with the database connection or the login user server behavior.
The most likely cause is that the session variables are not stored. Check your PHP configuration by viewing the output of the phpinfo() function. Scroll the page to the session section near the bottom. Make sure that the session support is enabled. Also, check the value of the session.save_path. The record that there are listed there?
Another thing to check is the display_errors value in the central section of the configuration of PHP page. Make sure that it is. There could be a problem with the headers have already been sent (see http://kb2.adobe.com/community/publishing/505/cpsid_50572.html for an explanation).
Tags: Dreamweaver
Similar Questions
-
Restricting access to pages through restriction IP 4000
We would like to limit access to the APEX 4000 pages to a specific IP address so that any attempt to access the pages of 4000 would result in a page not found message. I heard that this could be done via an entry in Apache. Anyone know how I can go about this?
Published by: Ed S on January 16, 2009 14:51Now disable the Admin Login defined on no, I am able to limit just the Admin by IP pages
And as long as disable workspace Login is also set to Yes, the IP allows you to restrict access by IP for all applications in the suite Application Express, some of which are applications admin and others who understand the admin pages.
Scott
-
Hi all.
My web adf of application consists of three pages, one of them has a region with a stubborn workflow.
It is at checkpoints to enter the page, one for the admin, other users. This boths pages must be visible from the outside.
http://localhost:7101/MyApp/faces/login.JSPX.
http://localhost:7101/MyApp/faces/admin.JSPX.
If someone writes to this url, the pages will be charged.
When a user is logged on, the other page is loaded with his information in Session.
http://localhost:7101/MyApp/faces/main.JSPX.
The problem is that if I write the url:
http://localhost:7101/MyApp/faces/main.JSPX.
It is also responsible, and it cannot be loaded because the user must be connected.
The ideal feature is if some user writes this url in the browser and the user is not connected, the application is loaded by default
http://localhost:7101/MyApp/faces/login.JSPX.
Any help please?
Thank you very much
Published by: user13038749 on October 7, 2011 0:59Hello
You use the ADF security in your application?
http://download.Oracle.com/docs/CD/E12839_01/core.1111/e12889/secapps.htm
Use the security of the ADF, you can grant permission to users and roles-based pages.
Arun-
-
Restrict access to the error page
Recently, I created two pages based on the same template within two minutes apart and added access to Server page both behaviors.
Created one page the following code:
"< %@LANGUAGE="JAVASCRIPT "CODEPAGE ="65001"% >
< %
Restrict access to Page: grant or deny access to this page
var MM_authorizedUsers = "Administrators";
"var MM_authFailedURL ="... / index.html ";
var MM_grantAccess = false;
If (String (Session("MM_Username"))! = 'undefined') {}
If (false |) (String (Session("MM_UserAuthorization")) == "") | ((MM_authorizedUsers.indexOf (String (Session("MM_UserAuthorization"))) > = 0)) {
MM_grantAccess = true;
}
}
If (!.) MM_grantAccess) {}
var MM_qsChar = '? ';
If (MM_authFailedURL.indexOf("?") > = 0) MM_qsChar = "&";
var MM_referrer is Request.ServerVariables ("URL");.
If (String (Request.QueryString () .length > 0) MM_referrer = MM_referrer + "?" + String (Request.QueryString ());
MM_authFailedURL = MM_authFailedURL + MM_qsChar + "accessdenied =" + Server.URLEncode (MM_referrer);
Response.Redirect (MM_authFailedURL);
}
% >
---------------------------------------
The second product this code:
"< %@LANGUAGE="JAVASCRIPT "CODEPAGE ="65001"% >
< %
' * Restrict access to Page: grant or deny access to this page
MM_authorizedUsers = "Administrators".
"MM_authFailedURL ="... / index.html.
MM_grantAccess = false
If Session("MM_Username") <>"" then
If (false or CStr (Session("MM_UserAuthorization")) = "") or _
(InStr (1, MM_authorizedUsers, Session("MM_UserAuthorization")) > = 1) Then
MM_grantAccess = true
End If
End If
If not MM_grantAccess then
MM_qsChar = '? '.
If (InStr(1,MM_authFailedURL,"?") (> = 1) then MM_qsChar = "&".
MM_referrer = Request.ServerVariables ("URL")
If (Len (Request.QueryString ()) > 0) then MM_referrer = MM_referrer & "?" & Request.QueryString)
MM_authFailedURL = MM_authFailedURL & MM_qsChar & "accessdenied =" & Server.URLEncode (MM_referrer)
Response.Redirect (MM_authFailedURL)
End If
% >
The latter has failed with an error:
Microsoft JScript compilation (0x800A03F7)
Unfinished string constant
/ fEBC/MJ/Odd code/aprecdeleted.asp, line 3, column 64
' * Restrict access to Page: grant or deny access to this page
---------------------------------------------------------------^
Delete and re this coding, even copy the code from the first to the second had little effect.
I deleted the file and repeat the procedure and the correct code has been entered and worked perfectly. It seems strange that in seemingly identical circumstances, CS3 should produce a different code.
Someone else had this problem?
It seems that you have selected the wrong type of page - ASP-javascript rather
that VBScript-ASP.--
Murray - ICQ 71997575
Adobe Community Expert
(If you * MUST * write me, don't don't LAUGH when you do!)
==================
http://www.projectseven.com/go - DW FAQs, tutorials & resources
http://www.dwfaq.com - DW FAQs, tutorials & resources
=================="whatalotofrubbish" wrote in message
News:fjok2f$RCO$1@forums. Macromedia.com...
> I recently created two pages based on the same template in two minutes
> of
> each other and added the restriction of access to page server behavior to
> both.
> A single page created the following code:
>
>< %@LANGUAGE="JAVASCRIPT » CODEPAGE = « 65001 » % > %@language=""> %@LANGUAGE="JAVASCRIPT » CODEPAGE = « 65001 » % >>
> < %=""> < br=""> > / / * restrict access to Page: grant or deny access to this page < br=""> > var MM_authorizedUsers = "Administrators"; "" < br=""> > var MM_authFailedURL = "... index.html";
> var MM_grantAccess = false; < br=""> > if (String (Session("MM_Username"))! = 'undefined') {< br=""> > > if (false |)} (String (Session("MM_UserAuthorization")) == "") | < br=""> > (MM_authorizedUsers.indexOf (String (Session("MM_UserAuthorization"))) > = 0)) < br=""> > {< br=""> > > MM_grantAccess = true;} < br=""> >} < br=""> >} < br=""> > if ( ! MM_grantAccess) {< br=""> > > var MM_qsChar = '? ';} < br=""> > if (MM_authFailedURL.indexOf("?") > = 0) MM_qsChar = "&";. " < br=""> > var MM_referrer = Request.ServerVariables ("URL"); < br=""> > if (String (Request.QueryString () .length > 0) MM_referrer = MM_referrer < br=""> > + < br=""> > "?" + String (Request.QueryString ()); < br=""> > MM_authFailedURL = MM_authFailedURL + MM_qsChar + "accessdenied =" + < br=""> > Server.URLEncode (MM_referrer); < br=""> > Response.Redirect (MM_authFailedURL); < br=""> >} < br=""> > %>
>
> ---------------------------------------
> The second product this code:
>< %@language="JAVASCRIPT » CODEPAGE = « 65001 » % >
> < % < br / > > ' *** restreindre l’accès à la Page : subvention ou refuser l’accès à cette page < br / > > MM_authorizedUsers = « administrateurs » < br / > > MM_authFailedURL = »... /index.html">
> MM_grantAccess = false < br=""> > Session("MM_Username") If <> >"" then < br=""> > if (false or CStr (Session("MM_UserAuthorization")) = "") or _ < br=""> > (InStr (1, MM_authorizedUsers, Session("MM_UserAuthorization")) > = 1) < br=""> > then < br=""> > MM_grantAccess = true < br=""> > End If < br=""> > End If < br=""> > If Not MM_grantAccess then < br=""> > MM_qsChar = '? '. < br=""> > if (InStr(1,MM_authFailedURL,"?") (> = 1) then MM_qsChar = "&" < br=""> > MM_referrer = Request.ServerVariables ("URL") < br=""> > if (Len (Request.QueryString ()) > 0) then MM_referrer = MM_referrer & "?" < br=""> > & < br=""> > Request.QueryString () < br=""> > MM_authFailedURL = MM_authFailedURL & MM_qsChar & "accessdenied =" & < br=""> > Server.URLEncode (MM_referrer) < br=""> > Response.Redirect (MM_authFailedURL) < br=""> > End If < br=""> > %>
>
> Last operation failed with an error:
>
> Microsoft JScript compilation (0x800A03F7)
> Unfinished string constant
>/febc/mj/odd code/aprecdeleted.asp, line 3, column 64
> ' * Restrict access to Page: grant or deny access to this page
> ---------------------------------------------------------------^
>
> Remove and re this coding, even copy the code from the first to the
> second have little effect.
> I deleted the file and repeat the procedure and the correct code has been
> inserted
> and worked perfectly. It seems strange that, in what appear to be identical
> circumstances, CS3 should produce a different code.
>
> Anyone else had this problem?
>
> -
Restrict access works sometimes
With DW CS3 on Mac 10.4.11 & PHP 4.4.7 & MySQL 4.1.21 - standard on Apache 1.3.37 on a UNIX server.
I've implemented "Log In User" SB. Works fine.
I've set up "Restricting access" SB on PHP pages dummy (based on the model, but with little content, no other PHP or SBs on the page) and "restricting access" works very well.
Then, I put "Restricting access" with pages PHP contain RecordSets and other PHP code (using the standard DW SB). When I try to access the page, it just crashes if I am connected.
An orientation or direction will be GREATLY appreciated!
Thank you
Here is the code for a page that does NOT work:
Found the answer to my own question. I changed the line 1 of the 'virtual' to 'require_once' and everything works fine!
-
How to restrict access to certain pages of a user group
I want to restrict access to certain pages in my application to a set of users only. How can I achieve this.
use the authorization scheme for permission to the users group"
See also follows her
Schema authorization using the APEX authentication scheme
security - authorization roles and user in Oracle Apex? -Stack overflow
How to create the schema for permission for the users group.
Leave.
-
Hello
Appreciate if some web developers who are more experienced can help a beginner like me:
I already used the Dreamweaver Server behavior to restrict access to a page... for example, localhost/xxx/xxx.php
However, when I have a link that has a php echo as localhost/xxx/xxx.php?id= <? PHP echo $row_rsListing ["ListingID'];? ">" > < button type = "button" class = "btn, btn - sm btn - default" style = "background-color: #add8e6" > change list < / button > < / has > and I click on the link and it goes to a URL that says localhost/xxx/xxx.php?id=1, I can then go to the URL line and changed manually to localhost/xxx/xxx.php?id=5 which is under a different user and page restrict access doesn't stop me access to this page.
What should I do to prevent this?
Thanks in advance.
Peter
The best advice you can get as a beginner is to stop using Dreamweaver server behaviors. They have been deprecated by Adobe many years ago and have been removed from Dreamweaver, because PHP code they use is not reliable. All the database-driven server behaviors rely on what is called the original MySQL extension in PHP, which has been removed from PHP 7. Even if your site currently still support the original MySQL extension, you will be forced to redo all your code when it is upgraded to PHP 7.
Adobe has not created versions updates to server behaviors. You must either learn how to manually code PHP yourself (not particularly difficult) or buy third-party extensions created by DMXZone or WebAssist.
-
Restrict access to esxi welcome / getting started page possible?
In my reading, I was not able to find an answer, so I thought that it is better to ask the collective. Is it possible to restrict access to the page began to welcome esxi / obtaining (page you get to by typing the address of the esxi server in your browser)? ID like it if an ordinary user cannot even see this page.
Thank you
In ESX, it was easy to make (http://vmetc.com/2008/10/15/modify-virtualcenter-and-esx-web-interface-to-prevent-vi-client-downloads/) but do not have access to the root file system (in ESXi) you won't be able to take this path.
That said, you should really look at restricting access to the ESXi hosts themselves by isolating them with VLAN, then only authorized systems can access. You can see the Security Hardening Best Practices Guide for advice on securing your installation.
-
Restrict access to the Page of the user in the relational database
I have a relational database with two tables on a common ID field. The user can access all their entries in the child table with simple SQL queries and then select from a list of correspondence which of its documents records in the child table that they wish to change (i.e. ['ID'] ParentTable, ChildTable ['ID'])). Registration is then displayed using $_GET passed through the URL as parameter "recordID". However, when the user is connected and accessing a folder that matches the query, they can then enter another "RecordID" number in the URL and go to any record in the table child whether they are 'owner' of the record or not.
I tried to put a statement of equivalence in the authorization user code to restrict the access to the child records users since ParentTable ['ID'] == ['ID'] ChildTable only when you are connected the user accesses the records they created previously. (In other words, when a user type a different "RecordID" in the URL, the ParentTable ['ID'] and ChildTable ['ID] are not equivalent.) The code that I entered in the authentication of the user generated by DW is as follows:
If ((isset ($HTTP_SESSION_VARS ["MM_Username"]) & & ($row_ParentTable ['ID'] == ['ID'] $row_ChildTable))) {}
...
Is still not accessible, even if tests show the ParentTable ['ID'] and ChildTable ['ID'] are not equivalent
Any ideas on how to restrict access to the child records "unknown"? I'm sure it's relatively simple, but I'm having trouble to get through this obstacle.
Thank youThank you, Philo. In fact I got it to work by initializing a session variable of tha parent ID of the table and comparing it to the variable ID of child table, then using a header redirect in case of inequality. Part of my problem was where I put the code in the page. Anyway, it works now. It seems that the answer is always just after you have posted the question.
-
restrict access to the php page problems
I'm trying to use the dreamweaver php restrict access server behavior and will have success on both my local maching and my own host. However, the same script does not work on the server of a customer hosted by Verio on a Windows shared hosting plan.
index.php = login page
Login.php = forwarding connection failed
client.php = page with a script to restrict access.
If I remove the script of restricted access, I was able to connect fine and see page client.php. However, if I understand the access restricted in the client.php script, I get kicked to the login.php page. I only check the username and password, not the user level.
Here is a brief overview of the two assemblies
localhost:
MacBook pro running apache
PHP 5.2.0, mysql 5.0.22
register_globals = Off
Client server:
Host = verio
Windows shared hosting plan
PHP 5.2.0, mysql 5.0.24a
register_globals = Off
Session settings are the same as the file phpinfo.php (with the exception of the local value of the session.save_path to the verio server)
I can return the value of the username (and pass) using the {print $_SESSION ['MM_Username'] ;} on client.php page when I comment on the script to access restricted on the client files.}
I wonder if there is a php setting that is causing the problem?
Any help is greatly appreciated.
Kind regards
Mike
According to media, the current windows has limited hosting plan supports for php scripts.
-
IPSEC RA - activate crossed but restrict access to the web
ASA5520 8.2 (5) 30
Greetings,
I have an IPSEC RA strategy that has implemented to tunnel all traffic (no split tunnel) by the ASA (which ends on the external interface). I need to be able to allow VPN users to access a web page (crossed) thesesame on the external interface.
++++++++++++++++++++++++++++++
Here are the current settings:
Group Policy Admins L internal
attributes of Group Policy L_Admins
value of server WINS 172.16.0.33 172.16.0.9
value of 172.16.0.33 DNS server 172.16.0.9
VPN-idle-timeout 60
VPN-session-timeout 480
VPN-value filter-admin-l
IP 172.30.4.0 allow Access-list l-admin-test-filter extended 255.255.255.252 host 172.16.0.33
IP 172.30.4.0 allow Access-list l-admin-test-filter extended 255.255.255.252 host 172.16.0.9
IP 172.30.4.0 allow Access-list l-admin-test-filter extended 255.255.252.252 172.16.1.4 host
IP 172.30.4.0 allow Access-list l-admin-test-filter extended 255.255.252.252 welcome 172.16.1.2
access-list extended l-admin-test-filter permit ip 172.30.4.0 255.255.252.252 10.24.0.0 255.252.0.0
IP 172.30.4.0 allow Access-list l-admin-test-filter extended 255.255.252.252 the host 172.16.0.233
Protocol-tunnel-VPN IPSec
Split-tunnel-policy tunnelall
value by default-field IHI.local
type tunnel-group L_Admins remote access
attributes global-tunnel-group L_Admins
address ili_global pool
PhoneFactor authentication-server-group
Group Policy - by default-L_Admins
IPSec-attributes tunnel-group L_Admins
pre-shared-key *.
++++++++++++++++++++++
Crossed is not currently enabled, so I guess I have to add:
permit same-security-traffic inter-interface
and (I guess)
mask IP local pool l_admins 172.30.4.1 - 172.30.4.2 255.255.255.252
Global (outside) 1 interface * PAT IP
NAT (outside) 1 mask 172.30.4.1 - 172.30.4.2 255.255.255.252
But from there I don't know how to restrict access to a single external IP on the web on port 80.
Hello
Enter the correct command to permit traffic and the same interface of leave is
permit same-security-traffic intra-interface
The command you posted allow traffic between 2 different interfaces that have the same value of 'security level'
permit same-security-traffic inter-interface
What about PAT Dynamics for Internet traffic
If you have already
Global 1 interface (outside)
Then you will need the command "nat" for the VPN pool
NAT (outside) 1 172.30.4.0 255.255.255.252
In what concerns the control of Internet traffic, should not be able to simply add this destination IP address to the VPN filter ACL you have ever used? I mean the ACL named "l-admin-test-filter".
For example
L-admin-test-filter access list note allow the external server connection
access-list l-admin-filter-test permit tcp 172.30.4.0 255.255.255.252 host eq 80
access-list l-admin-filter-test permit tcp 172.30.4.0 255.255.255.252 host eq 443
access-list l-admin-filter-test permit tcp 172.30.4.0 255.255.255.252 host eq 8080
-Jouni
-
How to restrict access to the service web application deployed on weblogic for user group only
I built the web service application in jdevelopler 11.1.1.7. Their security policy applied in the web service of the default Oracle policy which is (policy: Wssp1.2 - 2007-Https-UsernameToken - Plain.xml)
Now all want to access the web service application must provide the name of user and password in the header section of the SOAP request to meet the requirement of the policy.
the following steps I'm trying to restrict access to the application of web service with a specific group of users among users of weblogic:
Connect to the weblogic administration console
Create user or group of users
Click on the links of deployments
Select your web service
Click the Security tab
Click the sub-tab political
Choose your authorization provider in the menu drop-down (looks like by default)
Choose Add Conditions-> Group-> Type in the name of the Group
Finishing
But access is always available for all weblogic users (IE users not in the group specified in the above security configuration). How can I restrict access to only authorized group? Any thing lacking in my approach?
There is nothing wrong with the steps mentioned in the question. In addition, you must do the following
At the time of the application deployment with regard to the security part, there is a list in the title of the question (which security template you want to use with this application?)
You must select (Advanced: use a custom template that you have configured on the page of configuration of the Kingdom) a configuration mentioned in the question will be work
-
Can Adobe Muse cause editors of numerator of a website with restricted access levels?
Can Muse of ADobe cause several editors of a website with restricted access levels?
Hi Cindyw73540197,
Unfortunately the Muse do not support collaborative environment at this point of time.
I advise you to post this as an idea on the page of the idea of the Muse. More voice to an idea increases its chances to be included in future versions. Ideas for features in Adobe Muse
Note: If your site is hosted on BusinessCatalyst then you can create users with different access to change online.
Kind regards
Vivek
-
Error accessing the page of the instructor
Hi all
I encounter the following error when I try to access the self-service page instructor.
Will be grateful for any guidance.
Error
The application are not identified, so you can not access the instructor homepage. Contact your system administrator.
STEPS FOLLOWED:
I created the KFF learning resource and created a trainer by the CE to a person.
I booked the teacher as a resource for a regular class.
I assigned the responsibility for training instructor Self Service to the person.
I put options of the profile of this responsibility (safety, Type of user and Business Group)
I also gave to the person a formative role learning using the RBAC User Management link.
Concerning
-Manish
Published by: 904775 on January 10, 2012 23:58Error
The application are not identified, so you can not access the instructor homepage. Contact your system administrator
Please see these documents.
Access learning instructor Home > Application does not recognize you [ID 371505.1]
Trainer cannot function to access learner home learning instructor [ID 361223.1]
How do I create users with restricted access to OLM [ID 423241.1]Thank you
Hussein -
Restrict access to forms or areas?
I have a client who has a garage and a box customer. Is there a way to:
- restrict access to a form or an area of the site with connections/username (Distributor only)
- allow different types of records for customers and distributors
- allow a dealer identified review and change his request/order/inquiry
This area would be separate from the admin.
On another issue, BC may have forums? I don't see this feature.
Hello
It must be addressed on the help of the safe areas. This feature allows you to require a connection to any web page that requires a client can access. You can insert a form on a page and associate the page for a SZ to ensure the connection is required. You can make several areas for different types of customers and provide access accordingly. Customers can view existing orders, but some customers of associated edition data (address, name, etc.) by using the customer service areas.
BC has under Modules-> Forums forums. However if you do not see it, it could be that your system does not provide this feature.
http://KB.worldsecuresystems.com/kb/add-secure-area-your-site.html
http://KB.worldsecuresystems.com/kb/customer-service-area-orders.html
http://KB.worldsecuresystems.com/133/bc_133.html
http://KB.worldsecuresystems.com/kb/allowing-customers-view-update-CRM.html
http://KB.worldsecuresystems.com/kb/add-Forum.html
I hope this helps!
-Sidney
Maybe you are looking for
-
How can I clean the keyboard on Satellite A210-127?
After a week of use for non computer keys on my keyboard "cvbn_" became sticky (but still working)? What I need to replace the keyboard, or I can clean it by myself? Please tell me * how can I under key *? Do I have to remove all the computer or the
-
Question stupid yoga 900 Re: GPS
The Y900 has a GPS chip?
-
My Vista computer has a lot wrong with it
I'll try to make this simple as possible, but there seems to be a lot of trouble with my windows vista (32 bit SP2) machine. I would try to solve each of them and see if they are related. Windows update fails with an error 80080005 you try to run ser
-
Wireless 4000 mouse causes screens will be jerky!
I replaced my old mouse that stop working with a mobile mouse 4000 M/S wireless and whenever I'm in any open screen, the screen jump from top down.
-
type of file KVM appear not video on vlc
I downloaded a movie and file type is KVM but it does not show the video, it only plays the sound please what I do?