Restricting Viewer Access to Logged In Users in 2.53

23 posts by 4 authors in: Forums > CMS Builder
Last Post: May 19, 2013   (RSS)

By gkornbluth - April 25, 2013 - edited: April 25, 2013

Greg Thomas has done it again...

He came up with this solution. He said,

“For some reason the server was creating two different sessions depending on if you are logged in at http://your_site.com/ or http://www.your_site.com. As the log off link was to www.your_site.com this was causing an issue if the user had logged in at the non www version. I've got around the problem by adding a rule to your htaccess file that redirects all site visitors to your_site.com. I've also added the session_unset to the if statement that checks if the user is logged in, as this should completely destroy the session.”

The .htaccess rule is:


# Redirect www urls to non-www
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.your_site\.com [NC]
RewriteRule (.*) http://your_site.com/$1 [R=301,L]

The viewer code including the session_unset code is:

<?php
    if (!defined('START_SESSION')) { define('START_SESSION', true); }
  // load viewer library
  $libraryPath = 'cmsAdmin/lib/viewer_functions.php';
  $dirsToCheck = array('/path_to_your_server/','','../','../../','../../../');
  foreach ($dirsToCheck as $dir) { if (@include_once("$dir$libraryPath")) { break; }}
  if (!function_exists('getRecords')) { die("Couldn't load viewer library, check filepath in sourcecode."); }
 
//Get the current CMS users details
  $CMS_USER = getCurrentUserFromCMS();
 
  //redirect the browser if no user is currently logged into the back end
  if (!@$CMS_USER['num']){
    session_unset();
    redirectBrowserToUrl("http://your_site.com/cmsAdmin/admin.php?redirectUrl=" . $_SERVER['REQUEST_URI']);
    exit;
  }
 ?>

In the body of my viewer to separate access to the code for users and the code for admins:

<?php if( $CMS_USER['num']): ?>
 <a class="special" href="http://your_site.com/cmsAdmin/admin.php?action=logoff">Click Here to Log Out</a><br /><br />
Code for any user...
      <?php endif ?>
<br />
 <?php if( $CMS_USER['isAdmin']): ?>
Code for admins only...
<?php endif ?>

Hope Greg's solution helps someone else.

Jerry Kornbluth

The first CMS Builder reference book is now available on-line!







Take advantage of a free 3 month trial subscription, only for CMSB users, at: http://www.thecmsbcookbook.com/trial.php

By Jason - May 6, 2013

Hi Jerry,

Can you let me know what error you get when you log in as a non admin?

Thanks

---------------------------------------------------
Jason Sauchuk - Project Manager
interactivetools.com

Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/