Block/Restrict access request page on CUP

Hi All,
I've an interesting requirement.
We use a CUP 5.3 SP7. We would be using the IDM webservices to create access requests to CUP and we want all our requests to be initiated ONLY through our IDM solution. Is there a way we can restrict the /AE/index.jsp page access to only the users with a AEAdmin role? (Assuming the Admins follow the rules !!!)
I've succeeded in taking out the Create Request and Copy Request from the AEApprover role mby adjusting the UME actions, but the same user can still access the /AE/index.jsp page to create a request.
Any insight/work around is greatly appreciated.
Thanks & Regards,
Anil

Anil,
You can edit the index_left_nav.jsp page on the GRC server to disable the request access link on the Index page. To achieve this open the index_left_nav.jsp page and comment the whole tr and th lines containing the following words.
LocaleUtil.getLabel(AELabels.LBL_IDX_NAV_REQUESTACCESS
Commenting is done by the following characters .
- Naveen

Similar Messages

Restrict Access To Page Not Working with Different Auth Levels

I have just started playing with the idea of using different auth levels to allow different users access to certain pages on my site.
Within my SQL database I have a authlevel table consisting of 3 possible levels (guest, user, admin)
I am using the Dreamweaver "Log in user" to log in users based on username, pass, and auth level and "Restrict access to page" set to allow user levels 'user' and 'admin'.
The problem, however, occurs when trying to log in. No matter what auth level I try I am redirected to my page where users should be redirected if they are not allowed to enter that page.
I have included below my code from my login page and the page where all authorized users (user and admin) should be directed upon entering the restricted area.
Login Page:
<?php require_once('../Connections/hondovfd.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
return $theValue;
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
session_start();
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
if (isset($_POST['username'])) {
$loginUsername=$_POST['username'];
$password=$_POST['password'];
$MM_fldUserAuthorization = "authlevel";
$MM_redirectLoginSuccess = "/membersonly/membersonly.php";
$MM_redirectLoginFailed = "/membersonly/loginfailed.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_hondovfd, $hondovfd);
$LoginRS__query=sprintf("SELECT username, password, authlevel FROM login WHERE username=%s AND password=%s",
GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));
$LoginRS = mysql_query($LoginRS__query, $hondovfd) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
    $loginStrGroup = mysql_result($LoginRS,0,'authlevel');
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;
    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
    header("Location: " . $MM_redirectLoginSuccess );
else {
    header("Location: ". $MM_redirectLoginFailed );
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />

<title>Log In</title>

<meta name="description" content="Hondo Fire and Rescue serves the Arroyo Hondo and Canada Village areas of Santa Fe County, NM." />
<meta name="keywords" content="hondo, hondo fire, hondo vfd, hondo fire department, santa fe county fire department, santa fe county, volunteer fire department, hondo volunteer fire department" />
<link href="../stylesheet.css" type="text/css" rel="stylesheet" />

<script src="../SpryAssets/SpryMenuBar.js" type="text/javascript"></script>
<link href="../SpryAssets/SpryMenuBarVertical.css" rel="stylesheet" type="text/css" />
</head>
<body class="thrColLiqHdr">
<div id="container">
<div id="header"></div>
<div id="sidebar1">
<h3>Navigation : </h3>
<ul id="MenuBar1" class="MenuBarVertical">
<li><a href="/index.php">Home</a></li>
<li><a href="/support.php">Support Hondo</a></li>
<li><a class="MenuBarItemSubmenu" href="#">Information Menu</a>
    <ul>
      <li><a href="/people.php">Our People</a></li>
      <li><a href="http://www.google.com/maps/ms?ie=UTF8&hl=en&msa=0&msid=101620713606637979698.00045b6ead4ab4ea70b78&z=11" target="_blank">Response Area</a></li>
      <li><a href="/medical.php">Medical</a></li>
      <li><a href="/apparatus.php">Apparatus</a></li>
      <li><a href="/training.php">Training</a></li>
      <li><a href="/volunteer.php">Volunteer</a></li>
      <li><a href="/statistics.php">Statistics</a></li>
      <li><a href="/patchtrading.php">Patch Trading</a></li>
    </ul>
</li>
<li><a href="/album.php">Photo Gallery</a></li>
<li><a href="/calendar.php">Calendar</a></li>
<li><a href="/news.php">Blog/News</a></li>
<li><a href="/links.php">Links</a></li>
<li><a href="/contact.php">Contact Us</a></li>
</ul>
<br />
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<span class="lefttext">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="8567201">
<input type="image" src="https://www.paypal.com/en_US/i/btn/btn_donate_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!" />
<img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">
</img></input></input>
</span>
</form>
<span class="lefttext"><br />
</span>
<center>
<span class="lefttext"><a href="http://www.facebook.com/pages/Santa-Fe-NM/Hondo-Volunteer-Fire-Department/74284233488" target="_blank" class="lefttext">Hondo VFD on Facebook</a></span>
</center>
</div>
<div id="sidebar2">
    <p><a href="/membersonly/login.php">Log In</a> | <a href="/membersonly/logout.php">Log Out</a></p>
    <p>Call Statistics for <?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/month.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?> as of <?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/date.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?></p>
<table width="90%" border="0" cellspacing="0" cellpadding="0">
<tr>
    <td width="60%">EMS Calls</td>
    <td width="40%"><?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/emscalls.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?></td>
</tr>
<tr>
    <td>Fire Calls</td>
    <td><?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/firecalls.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?></td>
</tr>
</table>
<hr />
    <div id="cse" style="width:100%;">Loading</div>
<script src="http://www.google.com/jsapi" type="text/javascript"></script>
<script type="text/javascript">
google.load('search', '1');
google.setOnLoadCallback(function(){
    new google.search.CustomSearchControl().draw('cse');
}, true);
</script>
     
</div>

<div id="mainContent">
<div class="top"></div><div class="wrap">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
    <td height="47" class="h2">Members Only Login</td>
</tr>
<tr>
    <td><form ACTION="<?php echo $loginFormAction; ?>" id="login" name="login" method="POST">
    <table width="40%" border="0" cellspacing="0" cellpadding="0">
<tr>
    <td width="31%">Username:</td>
    <td width="69%"><input name="username" type="text" /></td>
</tr>
<tr>
    <td>Password</td>
    <td><input name="password" type="password" /></td>
</tr>
</table>
<input name="Submit" type="submit" />
    </form></td>
</tr>
</table>

</div>
<div class="bottom"></div>
</div>
      <br class="clearfloat" />
<div id="footer">
    <p align="center">© Copyright 2009 Hondo Volunteer Fire Department | <a href="mailto:[email protected]">Contact Us</a><a href="http://www.legalhelpers.com/chapter-13-bankruptcy/chapter13.html"></a><br />Hosting provided by <a href="http://studiox.com/" target="_blank">Studio X</a></p>
</div>
</div>
<script type="text/javascript">

</script>
<?php include_once("/var/home/hondovfd/hondovfd.org/www/analyticstracking.php"); ?>
</body>
</html>
Other Page:
<?php
if (!isset($_SESSION)) {
session_start();
$MM_authorizedUsers = "user,admin";
$MM_donotCheckaccess = "false";
// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
// For security, start by assuming the visitor is NOT authorized.
$isValid = False;
// When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
// Therefore, we know that a user is NOT logged in if that Session variable is blank.
if (!empty($UserName)) {
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
    // Parse the strings into arrays.
    $arrUsers = Explode(",", $strUsers);
    $arrGroups = Explode(",", $strGroups);
    if (in_array($UserName, $arrUsers)) {
      $isValid = true;
    // Or, you may restrict access to only certain users based on their username.
    if (in_array($UserGroup, $arrGroups)) {
      $isValid = true;
    if (($strUsers == "") && false) {
      $isValid = true;
return $isValid;
$MM_restrictGoTo = "/membersonly/loginfailed.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {
$MM_qsChar = "?";
$MM_referrer = $_SERVER['PHP_SELF'];
if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
$MM_referrer .= "?" . $QUERY_STRING;
$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
header("Location: ". $MM_restrictGoTo);
exit;
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />

<title>Members Only Area</title>

<meta name="description" content="Hondo Fire and Rescue serves the Arroyo Hondo and Canada Village areas of Santa Fe County, NM." />
<meta name="keywords" content="hondo, hondo fire, hondo vfd, hondo fire department, santa fe county fire department, santa fe county, volunteer fire department, hondo volunteer fire department" />
<link href="../stylesheet.css" type="text/css" rel="stylesheet" />

<script src="../SpryAssets/SpryMenuBar.js" type="text/javascript"></script>
<link href="../SpryAssets/SpryMenuBarVertical.css" rel="stylesheet" type="text/css" />
</head>
<body class="thrColLiqHdr">
<div id="container">
<div id="header"></div>
<div id="sidebar1">
<h3>Navigation : </h3>
<ul id="MenuBar1" class="MenuBarVertical">
<li><a href="/index.php">Home</a></li>
<li><a href="/support.php">Support Hondo</a></li>
<li><a class="MenuBarItemSubmenu" href="#">Information Menu</a>
    <ul>
      <li><a href="/people.php">Our People</a></li>
      <li><a href="http://www.google.com/maps/ms?ie=UTF8&hl=en&msa=0&msid=101620713606637979698.00045b6ead4ab4ea70b78&z=11" target="_blank">Response Area</a></li>
      <li><a href="/medical.php">Medical</a></li>
      <li><a href="/apparatus.php">Apparatus</a></li>
      <li><a href="/training.php">Training</a></li>
      <li><a href="/volunteer.php">Volunteer</a></li>
      <li><a href="/statistics.php">Statistics</a></li>
      <li><a href="/patchtrading.php">Patch Trading</a></li>
    </ul>
</li>
<li><a href="/album.php">Photo Gallery</a></li>
<li><a href="/calendar.php">Calendar</a></li>
<li><a href="/news.php">Blog/News</a></li>
<li><a href="/links.php">Links</a></li>
<li><a href="/contact.php">Contact Us</a></li>
</ul>
<br />
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<span class="lefttext">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="8567201">
<input type="image" src="https://www.paypal.com/en_US/i/btn/btn_donate_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!" />
<img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">
</img></input></input>
</span>
</form>
<span class="lefttext"><br />
</span>
<center>
<span class="lefttext"><a href="http://www.facebook.com/pages/Santa-Fe-NM/Hondo-Volunteer-Fire-Department/74284233488" target="_blank" class="lefttext">Hondo VFD on Facebook</a></span>
</center>
</div>
<div id="sidebar2">
    <p><a href="/membersonly/login.php">Log In</a> | <a href="/membersonly/logout.php">Log Out</a></p>
    <p>Call Statistics for <?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/month.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?> as of <?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/date.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?></p>
<table width="90%" border="0" cellspacing="0" cellpadding="0">
<tr>
    <td width="60%">EMS Calls</td>
    <td width="40%"><?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/emscalls.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?></td>
</tr>
<tr>
    <td>Fire Calls</td>
    <td><?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/firecalls.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?></td>
</tr>
</table>
<hr />
    <div id="cse" style="width:100%;">Loading</div>
<script src="http://www.google.com/jsapi" type="text/javascript"></script>
<script type="text/javascript">
google.load('search', '1');
google.setOnLoadCallback(function(){
    new google.search.CustomSearchControl().draw('cse');
}, true);
</script>
     
</div>

<div id="mainContent">
<div class="top"></div><div class="wrap">
    <table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
    <td height="47" class="h2">Members Only Area</td>
</tr>
<tr>
    <td><p><a href="/membersonly/documents.php">Useful Documents</a></p>
      <p><a href="/membersonly/IncidentCount01_08.pdf">Current Call Statistics</a> as of 9/3/09</p>
      </td>
</tr>
</table>
<script type="text/javascript">

</script>
</div>
<div class="bottom"></div>
</div>
      <br class="clearfloat" />
<div id="footer">
    <p align="center">© Copyright 2009 Hondo Volunteer Fire Department | <a href="mailto:[email protected]">Contact Us</a><a href="http://www.legalhelpers.com/chapter-13-bankruptcy/chapter13.html"></a><br />Hosting provided by <a href="http://studiox.com/" target="_blank">Studio X</a></p>
</div>
</div>
<script type="text/javascript">

</script>
<?php include_once("/var/home/hondovfd/hondovfd.org/www/analyticstracking.php"); ?>
</body>
</html>

you don't need all that bloat. set a session during login of some kind of uniquely identifying id. i.e.
$_SESSION['id'] = $row_rs['id'];
then on the pages you need to protect, check it like this....
<?php
session_start();
if (!(isset($_SESSION['id']) && $_SESSION['id'] != '')) {
die(header("Location: http://www.notinprotectedareas.com")); }
?>
you can use an include file i.e.
<?php require_once('login_check.php'); ?>
where file is name login_check.php to make your auth controls clean on your protected pages.

How to delete i.e. clear the pending access requests list from Access request page in SharePoint 2013

Hi Team,
I am site collection admin of a SP13 site. The issue is we have added some of the users manually after we got requests from them for site access. But this has left those users as pending on Access requests page. We don't want that list to stack up.
I can not decline those requests as those users will be notified with declined mail. I searched for clearing the list of those pending requests but did't find any guidelines for this.
Is there any way I can do this. Any help is appreciated thanks in advance

You might consider using PowerShell to remove unwanted items from the "Access Requests" list of the web site. This list holds all of the access requests including pending, declined and approved. The following example demonstrates removing
the first item from the list. Please note, I'm not aware whether or not there are any negative side effects to removing items from this list so doing so would be at your own risk.
$web = get-spweb https://yoursharepointsite
$list = $web.lists["Access Requests"]
$list.items[0].delete()

Restrict Access to Page Issue...

Hi this is my first time on Adobe forums, im regard myself as
new to web design, im making my first proper website, for portfolio
purposes. www.imaginationwebdesign.co.uk/port2 is the website..
I am using Dreamweaver CS3 coding with HTML / PHP / MySQL
My Issue:
I have implemented Restrict Access to Page dependant upon
User / Pass / Access Level.
Access Levels are 1 and 3 and are stored on my MySQL
Database.
3 = Full Admin Rights
1 = Minimal Admin Rights.
Now, Whilst the Restrict access works, when Access Level 1
attempts to display page only for Access Level 3, It's not
redirecting to the "AccessDenied.php" page... instead a blank white
page is being displayed and unless i press Back, it just stays
blank and doesnt redirect.
I have used the Server Behaviour Panel so the code is
automatically generated but the source is:
<?php
if (!isset($_SESSION)) {
session_start();
$MM_authorizedUsers = "3";
$MM_donotCheckaccess = "false";
// *** Restrict Access To Page: Grant or deny access to this
page
function isAuthorized($strUsers, $strGroups, $UserName,
$UserGroup) {
// For security, start by assuming the visitor is NOT
authorized.
$isValid = False;
// When a visitor has logged into this site, the Session
variable MM_Username set equal to their username.
// Therefore, we know that a user is NOT logged in if that
Session variable is blank.
if (!empty($UserName)) {
// Besides being logged in, you may restrict access to only
certain users based on an ID established when they login.
// Parse the strings into arrays.
$arrUsers = Explode(",", $strUsers);
$arrGroups = Explode(",", $strGroups);
if (in_array($UserName, $arrUsers)) {
$isValid = true;
// Or, you may restrict access to only certain users based
on their username.
if (in_array($UserGroup, $arrGroups)) {
$isValid = true;
if (($strUsers == "") && false) {
$isValid = true;
return $isValid;
$MM_restrictGoTo = "AccessDeniedAdmin.php";
if (!((isset($_SESSION['MM_Username'])) &&
(isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'],
$_SESSION['MM_UserGroup'])))) {
$MM_qsChar = "?";
$MM_referrer = $_SERVER['PHP_SELF'];
if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
if (isset($QUERY_STRING) && strlen($QUERY_STRING)
> 0)
$MM_referrer .= "?" . $QUERY_STRING;
$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar .
"accesscheck=" . urlencode($MM_referrer);
header("Location: ". $MM_restrictGoTo);
exit;
?>
any help would be great to get the redirection working...
I've tried this on several pages and it still doesnt work.
Thank you and sorry if this is posted in the wrong area.
David.

Davidbirkin wrote:
> I finally managed to solve the issue.. although, to me
it was a rather strange
> issue..
Strange to you, perhaps, but it's a very common issue.
> Before the Validation to check for Access level i had
this line of code...
>
> <?php require_once('Connections/con1.php'); ?>
>
> No, i have moved that line of code to appear AFTER the
access level validation
> check, and it's all working fine... maybe it's the order
i added the dynamic
> functions to the Page, but now it is working...
As I said in my original reply, the problem was almost
certainly caused
by an error that you couldn't see because the display of
errors is
turned off for security reasons. The Restrict Access to Page
server
behavior uses session_start(), which must come before there
is any
output to the browser. "Output" includes new lines or
whitespace outside
PHP tags. There is almost certainly an extra line at the end
of
con1.php, which would prevent the session from starting. In
turn, that
would generate an error, resulting in your blank page.
The problem is closely related to the "headers already sent"
error
message that confuses most PHP beginners. Read about it here:
http://docs.php.net/manual/en/function.header.php
By the way, it sounds as though you are testing everything on
a remote
server, rather than testing locally before deploying to a
remote server.
That's a very bad idea, particularly if the display of errors
is turned
off. You should test files in a safe, local environment with
error
reporting turned to the highest level, and eliminate all
errors before
deploying to a live server. If you're testing locally, make
sure that
error_reporting in php.ini is set to E_ALL, and that
display_errors is on.
David Powers, Adobe Community Expert
Author, "The Essential Guide to Dreamweaver CS3" (friends of
ED)
Author, "PHP Solutions" (friends of ED)
http://foundationphp.com/

ToJSONString Showing Up in Restrict Access to Page List

Working in DW CS3 with ADDT using PHP and MySQL. I'm having a issue which I don't think I had before when I use the Restrict Access to Page server behavior. I'm working with user access levels pulled from the 'levels' field in my database and everything appears to be working as expected. I can select any number of available integers to restrict access to those pages. However, I've noticed that if I go back to edit that list of access levels, a new entry appears below the last integer in the list called "toJSONString". (toJSONString does not show up when I initially add the server behavior, only if I go back in to change it).
I did a quick search and turned up this info:"The JSONString interface allows a toJSONString() method so that a class can change the behavior of JSONObject.toString(), JSONArray.toString(), and JSONWriter.value(Object). The toJSONString method will be used instead of the default behavior of using the Object's toString() method and quoting the result." Unfortunately, I don't understand any of that.
I don't know why toJSONString is showing up in the list and if I should be concerned. (Mac OS 10.5.5; DW CS3 (v( Build 3481] and ADDT 1.0.0)

tyler4iq wrote:
> OK. I'm trying to authenticate users through a log in
page, but it always fail.
It's a known bug in MX 2004:
http://friendsofed.infopop.net/2/OpenTopic?a=tpc&s=989094322&f=8033053165&m=324102421
David Powers, Adobe Community Expert
Author, "Foundation PHP for Dreamweaver 8" (friends of ED)
Author, "PHP Solutions" (friends of ED)
http://foundationphp.com/

Restrict Access to Page Using a password.php Instead of Server Behavior

I previously used "log in" and "restrict access to page" server behaviors for my client portal when I only had one client. I had my username and password stored in mySQL database. I recently have gained more clients that all needed to be redirected to their own customized landing page when logged in. Because of this, I used a password.php to store the usernames and passwords and to redirect to different pages. Now, I am wondering how I can restrict access to these pages (i.e. someone won't be able to access the pages by typing the url) since I will not be connecting to a database anymore.

I'm also confused by your statements.
>Now, I am wondering how I can restrict access to these pages
>(i.e. someone won't be able to access the pages by typing the url)
>since I will not be connecting to a database anymore.
It doesn't matter where you store the credentials - database or php file - the techniques for restricting access will be similar. I really don't understand why you moved away from the database when you got more clients. The more data you need to manage, the more reason to store it in a database.
After logging in, most sites direct users to the same page, yet pull user specific data from the database. If for some reason you can't do this and need to built individual pages for each client, then store the 'landing' page for the client in the php file or database. Restrict access to each page by comparing the logged in name with an allowed login name. Or a more dynamic approach would be to dynamically pass the page name to a database query that validates that it's ok for the logged in user to access.
Also, these questions are more appropriate for the app dev forum.

Problem with Restrict Access to Page with access level using ASP

I'm using Dreamweaver CS3 with ASP-VBScript and an Access
database. The pages were created from scratch for this project,
using those tools all the way through.
I've created a login page, an admin homepage, and add, edit,
and list records pages for three tables. The login page uses the
Server Behavior "Log in User", all other pages use the Server
Behavior "Restrict Access to Page". All of these are based on an
Access Level.
Login seems to work correctly, and redirects to the admin
homepage. From the admin homepage, I can open any other page as
expected, and they initially display correctly. On the add and edit
pages, however,
submitting the form often results in getting logged out, but
not always.
Once this happens, I can log back in, but other problems will
sometimes occur during that second login session. Sometimes,
logouts will occur on pages that worked fine during the first login
session. Sometimes, another session variable that I've setup
manually will change when it shouldn't...as if there were two
values stored for my session variable, and reloading the page
changes to the other value.
This
post seems closest to my experience, but it doesn't look like
there was really an answer beyond "I had to fight with it for a bit
to get it to work":
I suspected that there is some problem with session settings
on the server. We have an almost identical tool on the same server
that was developed with an older version of DW that works more
reliably; it sometimes has problems with the initial login, but
never has a problem after that.
Has anyone experienced problems like this? Any suggestions
for what to check? I'm really pulling my hair out since it's so
unreliable...the kind of problem that goes away when you try to
show someone and comes back when they leave.

Hello,
I was thinking that all I would need would be the username, although username and paswsword would be more secure. There are about 50 users and no groups or levels. They are all equal ... same level.
The website is private and there is a general content area for all users and then there will be private areas for each user where proprietary documents will be held. I need to be able to ensure that user 'A' can only see the user 'A' pages, user 'B' can only see user 'B', etc.
I don't really understand what the Dreamweaver script is doing, but the overview sounded like it was the right tool to accomplish what I'm trying to do.
Any assistance greatly appreciated.
thanks.

Help! php Restrict Access to Page() in dw cs5 problem

I have an admin.php page which takes me to other pages where i can update my info displayed on the website. All was working well until I added the restrict access to page behaviour. When i log in successfully, I am supposed to be taken to those update pages. If the log in is not successful, I am led back to the login page (the "restricted" page). However, even if I log in successfully, I am being taken to the "restricted" page when I try to access the update pages! I do not understand what is going wrong. Any help?

anb_newbie wrote:
I have a login page which either takes me to the update info page or will take me to the "restricted" page. The problem is even with a successful login, I am taken to the 'restricted' page.
How do you know the login is successful? If you're taken to the restricted page, it means that the login failed.
There doesn't appear to be anything wrong with the code you posted here. Possible reasons for the failure include getting the username or password wrong (they're usually case-sensitive). It's also possible that sessions haven't been enabled on your server, or that PHP can't write to the directory where sessions are stored.

Restrict access to pages

Hi all.
My adf application web consists on three pages, one of them has a region with a bounded task flow.
There are to points to enter in the page, one for the admin, another for the users. This boths pages must be visible from the outside.
http://localhost:7101/MyApp/faces/login.jspx.
http://localhost:7101/MyApp/faces/admin.jspx.
If somebody writes this url`s, the pages will be loaded.
When a user is logged in, the other page is loaded with his info in Session.
http://localhost:7101/MyApp/faces/main.jspx.
The problem is that if I write the url:
http://localhost:7101/MyApp/faces/main.jspx.
it is also loaded, and it cannot be loaded because the user must be logged in.
The ideal feature is if some user writes this url in the navigator and the user is not logged in, the application loads by default
http://localhost:7101/MyApp/faces/login.jspx.
Any help please?
Thanks a lot
Edited by: user13038749 on 07-oct-2011 0:59

ifyou are trying to access a pagefragment from a bounded taskflow then you dont have to worry about the user login... if in the bounded taskflow the user will be asked to login when he is not safe to use the page.
if you are not havign a bounded taskflow and you want to restrict the access to the page then you have to give the security for that particular page in the jazn-data.xml to authenticated-role to view the page..

Restrict access to page in Dreamweaver MX 2004 PHP

OK. I'm trying to authenticate users through a log in page,
but it always fail.
I have a index.php, which ask for username and password. It
checks for username password in a MySQL table.
Then I have update.php, once authenticated users can update
some data on a form, and submit changes.
When I enter wrong username/pass, it goes straight to
error.php, which is good.
When I enter correct username/pass, it goes to
....error.php?accesscheck=%2.....
Thanks so much.

tyler4iq wrote:
> OK. I'm trying to authenticate users through a log in
page, but it always fail.
It's a known bug in MX 2004:
http://friendsofed.infopop.net/2/OpenTopic?a=tpc&s=989094322&f=8033053165&m=324102421
David Powers, Adobe Community Expert
Author, "Foundation PHP for Dreamweaver 8" (friends of ED)
Author, "PHP Solutions" (friends of ED)
http://foundationphp.com/

Creating a restricted access page.

I need to create a restricted access page within my website, so that a username and password are required to access. The Dreamweaver instructions ask me to go to the Server Behaviors panel (Window > Server Behaviors), click the plus button and choose User Authentication > Restrict Access To Page. However, the Server Behaviors panel does not provide me with an available plus button to choose. What can I do about this?

CC is the current version of DW. It was released this year and Server Behaviors were removed from it because they are outdated. Before that was CS6, CS5.5, and CS5. CS4 was released in Fall of 2008.
Password Protecting a page or folder on your server can usually be done very quickly through your remote server's Admin or C-Panel.
Or if your host server is Linux, you could do it with just 2 files: .htaccess and .htpasswd
http://www.htaccesstools.com/articles/password-protection/
Nancy O.

Restricting access to link based on a user's accesslevel

I've gotten the DW login feature working for restricting
access to pages based on a user's successful login and associated
accesslevel. However, I have some links that open an Excel
spreadsheet and an Outlook calendar. Is there an easy way to
restrict access to a link so that an unauthorized user can't
navigate to the link? Here's my code for the link:
<td height="19" colspan="3"
valign="top"><em><strong><a
href="STI-Intranet/XLS/PROD_SCHED.xls" title="Current Production
Schedule (Read Only)">STI Production Schedule
</a></strong></em></td>
<td height="4%" valign="top"><strong><a href="
http://server_3/public/cal_engineering/"
title="FROM INTRANET"><font size="2" face="Verdana, Arial,
Helvetica,
sans-serif">INT</font></a></strong></td>

What server side language are you using? Do the links need to
be restricted
to just one access level, or multiple levels? Should it be
blocked for only
one level or multiple?
Bryan Ashcraft (remove brain to reply)
Web Application Developer
Wright Medical Technologies, Inc.
=============================
Macromedia Certified Dreamweaver Developer
Adobe Community Expert (DW) ::
http://www.adobe.com/communities/experts/
"mslee1965" <[email protected]> wrote in
message
news:e52o7e$3ak$[email protected]..
> I've gotten the DW login feature working for restricting
access to pages
> based
> on a user's successful login and associated accesslevel.
However, I have
> some
> links that open an Excel spreadsheet and an Outlook
calendar. Is there an
> easy
> way to restrict access to a link so that an unauthorized
user can't
> navigate to
> the link? Here's my code for the link:
>
> <td height="19" colspan="3"
valign="top"><em><strong><a
> href="STI-Intranet/XLS/PROD_SCHED.xls" title="Current
Production Schedule
> (Read
> Only)">STI Production Schedule
</a></strong></em></td>
>
> <td height="4%" valign="top"><strong><a
href="<a target=_blank
> class=ftalternatingbarlinklarge
> href="
http://server_3/public/cal_engineering/"">http://server_3/public/cal_engin
> eering/"</a> title="FROM INTRANET"><font
size="2" face="Verdana, Arial,
> Helvetica,
sans-serif">INT</font></a></strong></td>
>
>

Change access request email

Hello,
By default the change access request email is set to [email protected]
We want to change that to our own email, for obvious reasons. So we use this piece of powershell:
$webapp = Get-SPWebApplication "http://sharepointtest"
$currentEmail = "[email protected]";
$newEmail = "[email protected]";
foreach($site in $webapp.Sites)
foreach($web in $site.AllWebs)
$url = $web.url
Write-host $url
if (!$web.HasUniquePerm)
Write-Host "Access Request Settings is inherted from parent."
elseif($web.RequestAccessEnabled)
Write-Host "Access Request Settings is enabled."
write-host $web.RequestAccessEmail
if ($web.RequestAccessEmail -eq $currentEmail)
Write-Host "Email needs to be updated."
$web.RequestAccessEmail = $newEmail
$web.Update()
Write-Host "Email changed successfully!"
else
Write-Host "Access Request Settings not enabled."
However in order for this to work... under our web application, SharePoint - 80 under user permissions we have to have "Manage Permissions" (under site permissions) checked. However in our environment we DO NOT want that checked! Without this step
power shell errors with access denied.
Unless there is an easier way of doing this what I would like to do is automate the checking of that box to go before my script and the unchecking of that box after the above script runs. However I do not possess the knowledge to do that.
Requesting help, if someone knows the code? OR an alternative easier way of changing the default email.

Hello Yes I did get it working.
However a small issue occurs. Once you run this and have someone access site, they should get the page that has them type in why they want access to the site.
The first time someone goes to the link to do this, there is a 403 Forbidden error, once you submitted the details describing why you need access. IF you refresh you will then see the access request page again BUT it will show what you previously typed.
HOWEVER, that doesn't get sent out in an email, you must insert another block of text into the access request field then click submit, which then sends out an email.
Hope that makes sense, and if anyone knows why it does that?
Here is the code:
Add-PSSnapin -name "Microsoft.SharePoint.PowerShell"
$webApp = Get-SPWebApplication -Identity http://sharepointtest/
#if enable: $true;
#if disable: $false;
$allowManagePermissions = $true
$newPermissions=$null
if ($allowManagePermissions)
$newPermissions=[Microsoft.SharePoint.SPBasePermissions]($webApp.RightsMask -bor [Microsoft.SharePoint.SPBasePermissions]::ManagePermissions)
else
$newPermissions=[Microsoft.SharePoint.SPBasePermissions]($webApp.RightsMask -band [System.Int64](-bnot ([System.Int64][Microsoft.SharePoint.SPBasePermissions]::EmptyMask -bor [System.Int64][Microsoft.SharePoint.SPBasePermissions]::ManagePermissions)))
$webApp.RightsMask = $newPermissions
$webApp.Update()
Start-Sleep -s 05
$webapp = Get-SPWebApplication "http://sharepointtest"
$currentEmail = "[email protected]";
$newEmail = "The email you want to change to";
foreach($site in $webapp.Sites)
foreach($web in $site.AllWebs)
$url = $web.url
Write-host $url
if (!$web.HasUniquePerm)
Write-Host "Access Request Settings is inherted from parent."
elseif($web.RequestAccessEnabled)
Write-Host "Access Request Settings is enabled."
write-host $web.RequestAccessEmail
if ($web.RequestAccessEmail -eq $currentEmail)
Write-Host "Email needs to be updated."
$web.RequestAccessEmail = $newEmail
$web.Update()
Write-Host "Email changed successfully!"
else
Write-Host "Access Request Settings not enabled."
Start-Sleep -s 05
$webApp = Get-SPWebApplication -Identity http://sharepointtest/
#if enable: $true;
#if disable: $false;
$allowManagePermissions = $false
$newPermissions=$null
if ($allowManagePermissions)
$newPermissions=[Microsoft.SharePoint.SPBasePermissions]($webApp.RightsMask -bor [Microsoft.SharePoint.SPBasePermissions]::ManagePermissions)
else
$newPermissions=[Microsoft.SharePoint.SPBasePermissions]($webApp.RightsMask -band [System.Int64](-bnot ([System.Int64][Microsoft.SharePoint.SPBasePermissions]::EmptyMask -bor [System.Int64][Microsoft.SharePoint.SPBasePermissions]::ManagePermissions)))
$webApp.RightsMask = $newPermissions
$webApp.Update()

Customize Access Requried page with code behind attached to it in sharepoint 2010

Hi,
I have modified default AccessDenied page to my custom accessdenied.aspx page and put Request Access button on it and javascript client side redirection to my requestaccess (reqestaccess.aspx, reqestaccess.aspx.cs) application page.
Here the problem is whenever i try to redirect to custom requesaccess page in _layouts it again shows me accessdenied page since user is not having access.
I changed requrestaccess to my custom requestaccess through Powershell command (UpdateMapping - 5). I can only modify the UI part of requestaccess.aspx and can not bind code behind where i want user to select combination of what access is required
on the site, there are lots of controls on requestaccess page e.g. dropdown that fetches data from list\external list and so on.
I tried many things to attach code behind to requestaccess page e.g. <%@ Page Inherits="codebehind.cs" /> and all.
Q - How can i redirect user to custom request access page (includes both aspx, aspx.cs) and allow user to interact with custom page? Is there any way OR WORKAROUND to do this in Sharepoint 2010?
OR
Can we overide with ElevetedPermissions in UI\CodeBehind and show the application page to user?
OR
Can user access application page even though they donot have rights to access site? Anything will do.
OR
In short, I need to redirect a user to some .aspx\.aspx.cs page from AccessDenied page, irrespective of user having access or not.
I hope question is clear enough to understand the issue. :)
Regards,
Rahul

Hi,
According to your post, my understanding is that you had an issue about the custom Access Required page.
Microsoft supported using code behind, but for these pages it seemed some difference.
However, as a workaround, we can put all the functionality to the aspx page directly.
http://umbraes-tower.blogspot.com/2011/10/custom-request-access-page-in.html
More reference:
http://onlinecoder.blogspot.com/2011/05/how-to-customize-requestaccess.html
http://oszakiewski.net/eric/customizing-the-access-request-page-in-sharepoint-2010
Thanks & Regards,
Jason
Jason Guo
TechNet Community Support

Restrict access to Purchase Co-ordinators by Vendors in ME51N

Hi Experts,
Please let me know how to restrict the access to Purchase Co-ordinators by displaying only limited Vendors(by Vendor Account Group) in ME51N.

Davidbirkin wrote:
> I finally managed to solve the issue.. although, to me
it was a rather strange
> issue..
Strange to you, perhaps, but it's a very common issue.
> Before the Validation to check for Access level i had
this line of code...
>
> <?php require_once('Connections/con1.php'); ?>
>
> No, i have moved that line of code to appear AFTER the
access level validation
> check, and it's all working fine... maybe it's the order
i added the dynamic
> functions to the Page, but now it is working...
As I said in my original reply, the problem was almost
certainly caused
by an error that you couldn't see because the display of
errors is
turned off for security reasons. The Restrict Access to Page
server
behavior uses session_start(), which must come before there
is any
output to the browser. "Output" includes new lines or
whitespace outside
PHP tags. There is almost certainly an extra line at the end
of
con1.php, which would prevent the session from starting. In
turn, that
would generate an error, resulting in your blank page.
The problem is closely related to the "headers already sent"
error
message that confuses most PHP beginners. Read about it here:
http://docs.php.net/manual/en/function.header.php
By the way, it sounds as though you are testing everything on
a remote
server, rather than testing locally before deploying to a
remote server.
That's a very bad idea, particularly if the display of errors
is turned
off. You should test files in a safe, local environment with
error
reporting turned to the highest level, and eliminate all
errors before
deploying to a live server. If you're testing locally, make
sure that
error_reporting in php.ini is set to E_ALL, and that
display_errors is on.
David Powers, Adobe Community Expert
Author, "The Essential Guide to Dreamweaver CS3" (friends of
ED)
Author, "PHP Solutions" (friends of ED)
http://foundationphp.com/

Block/Restrict access request page on CUP

Similar Messages

Maybe you are looking for