Restricting Viewer Access to Logged In Users in 2.53

23 posts by 4 authors in: Forums > CMS Builder
Last Post: May 19, 2013   (RSS)

By Djulia - April 17, 2013

@Jerry -- Excuse me, I had not understood!

@Greg -- The function does not seem to work with 2.53.
I also tried to add "global $CURRENT_USER", but without success (no array()).

Do you have an idea?



@ Jerry,

I think I've found out what the problem is, it looks as if  your code is creating an infinite redirect loop. publicity.php is forwarding to the cmsAdmin area, then CMS Builder is detecting the redirectUrl variable in the URL, and redirecting back to publicity.php, which then redirects back to the CMS Admin area, etc. I would remove the redirectUrl variable from the publicity.php redirect:

  //Get the current CMS users details
  $CMS_USER = getCurrentUserFromCMS(); 
  //redirect the browser if no user is currently logged into the back end
  if (!@$CMS_USER['num']){ 


I've done some quick testing in version 2.53. Have you got the WSM_SEPARATE_LOGIN global set to true in your website membership plugin? If not you can change it on line 33 of websiteMembership.php:

$GLOBALS['WSM_SEPARATE_LOGIN']            = true;         // set this to allow you to login to the website and CMS simultaneously as different users

The test code below should output the front end and CMS user array details:

<?php header('Content-type: text/html; charset=utf-8'); ?>
  /* STEP 1: LOAD RECORDS - Copy this PHP code block near the TOP of your page */
  // load viewer library
  $libraryPath = 'cmsAdmin/lib/viewer_functions.php';
  $dirsToCheck = array('C:/wamp/www/','','../','../../','../../../');
  foreach ($dirsToCheck as $dir) { if (@include_once("$dir$libraryPath")) { break; }}
  if (!function_exists('getRecords')) { die("Couldn't load viewer library, check filepath in sourcecode."); }

  $CMS_USER = getCurrentUserFromCMS(); 





Greg Thomas

PHP Programmer -

Hi Jerry,

Sorry, but I'm not 100% sure where you want non admin users to be taken if they don't have access to the page, should they be redirected to the admin area? Should people who aren't logged in also be redirected to the CMS area? If you're trying to send non admin users to the CMS area to log in, this should work:

  //Get the current CMS users details
  $CMS_USER = getCurrentUserFromCMS();
  //redirect the browser if no user is currently logged into the back end
  if (!@$CMS_USER['isAdmin']){



Greg Thomas

PHP Programmer -

By Djulia - April 19, 2013

Hi Greg

It is perfect!

It is also independent of activation on False or True.

Thanks again!


By gkornbluth - April 20, 2013 - edited: April 20, 2013

Hi Greg,

I see what you mean by your last question.

I have some pages that are open to anyone who can login as a user, but some that are restricted to admins only.

If the entire page is to be hidden from non-admins, I surrounded the restricted code with an if statement as shown in the code below.

*** The only issue that seems to remain is that when I use the logoff code, <a href="">Click Here to Log Out</a>, the previous non-admin login cookie does not get destroyed, and when I return to that page I’m still seeing the restricted message. If I delete the cookie, then things go back to normal.

Any thoughts?


Jerry Kornbluth

<?php if($CMS_USER['isAdmin']): ?>

code for admins only...

 <?php else :?>
Sorry, based on the login credentials you used, you don't have the authority to access this page.

<br />
<br />
To log in with the appropriate credentials, <a class="special" href="">Click Here to Log Out</a>, then return to this page and log in again.<br /> </span>

<?php endif ?>

The first CMS Builder reference book is now available on-line!

Take advantage of a free 3 month trial subscription, only for CMSB users, at:

Hi Jerry,

Could you add some code to destroy the session data if the user isn't logged in your if statement?

 <?php if($CMS_USER['isAdmin']): ?>
   code for admins only...
<?php else :?>
   <?php unset($_SESSION['otherSessonVariable']); ?>
   Sorry, based on the login credentials you used, you don't have the authority to access this page.
   <br />
   <br />
   To log in with the appropriate credentials, <a class="special" href="">Click Here to Log Out</a>, then return to this page and log in again.<br /> </span>
<?php endif ?>

If this doesn't work, could you post all of your code so far so I can see what is being stored in the non-admin session?



Greg Thomas

PHP Programmer -

Hi Greg,

Sorry for the delay.

That added line didn't destroy the login session

I've attached the page code and the 2 cookies that are generated when a non-Admin user logs in. cms_5159ca3da2187_loginsession and cms_5159ca3da2187_PHPSESSION.


Jerry Kornbluth

The first CMS Builder reference book is now available on-line!

Take advantage of a free 3 month trial subscription, only for CMSB users, at:

Hi Jerry,

Could you fill out a second level support request for me so that I can login to the CMS area and recreate the issue? You can find the form here:



Greg Thomas

PHP Programmer -

Thanks Greg.

I've submitted a 2nd level request.

the file that I've been testing with is publicitya.php

Jerry Kornbluth

The first CMS Builder reference book is now available on-line!

Take advantage of a free 3 month trial subscription, only for CMSB users, at: