Restricting access to link based on a user's accesslevel
I've gotten the DW login feature working for restricting
access to pages based on a user's successful login and associated
accesslevel. However, I have some links that open an Excel
spreadsheet and an Outlook calendar. Is there an easy way to
restrict access to a link so that an unauthorized user can't
navigate to the link? Here's my code for the link:
<td height="19" colspan="3"
valign="top"><em><strong><a
href="STI-Intranet/XLS/PROD_SCHED.xls" title="Current Production
Schedule (Read Only)">STI Production Schedule
</a></strong></em></td>
<td height="4%" valign="top"><strong><a href="
http://server_3/public/cal_engineering/"
title="FROM INTRANET"><font size="2" face="Verdana, Arial,
Helvetica,
sans-serif">INT</font></a></strong></td>
What server side language are you using? Do the links need to
be restricted
to just one access level, or multiple levels? Should it be
blocked for only
one level or multiple?
Bryan Ashcraft (remove brain to reply)
Web Application Developer
Wright Medical Technologies, Inc.
=============================
Macromedia Certified Dreamweaver Developer
Adobe Community Expert (DW) ::
http://www.adobe.com/communities/experts/
"mslee1965" <[email protected]> wrote in
message
news:e52o7e$3ak$[email protected]..
> I've gotten the DW login feature working for restricting
access to pages
> based
> on a user's successful login and associated accesslevel.
However, I have
> some
> links that open an Excel spreadsheet and an Outlook
calendar. Is there an
> easy
> way to restrict access to a link so that an unauthorized
user can't
> navigate to
> the link? Here's my code for the link:
>
> <td height="19" colspan="3"
valign="top"><em><strong><a
> href="STI-Intranet/XLS/PROD_SCHED.xls" title="Current
Production Schedule
> (Read
> Only)">STI Production Schedule
</a></strong></em></td>
>
> <td height="4%" valign="top"><strong><a
href="<a target=_blank
> class=ftalternatingbarlinklarge
> href="
http://server_3/public/cal_engineering/"">http://server_3/public/cal_engin
> eering/"</a> title="FROM INTRANET"><font
size="2" face="Verdana, Arial,
> Helvetica,
sans-serif">INT</font></a></strong></td>
>
>
Similar Messages
-
How to restrict access to portal based on entitlements.
Hi,
I am working on weblogic 8.1 portal project. i want to restrict the user to access
the portal based on the entitlements. However when user try to login he is seeing
Weblogic Error 403 forbidden page. How to display custom error page, instead of
weblogic default error page.
How to programatically check whether user has access to portal or not based on
entitlements.
Please give me code.
regards,
-chada-Chada,
The 403 is by design. If you want to place a page in front of one or more
portal desktops and only show links to desktops the current user is entitled
to, review the attachment.
-Phil
"Chada" <[email protected]> wrote in message
news:3fcd6969$[email protected]..
>
Hi,
I am working on weblogic 8.1 portal project. i want to restrict the userto access
the portal based on the entitlements. However when user try to login he isseeing
Weblogic Error 403 forbidden page. How to display custom error page,instead of
weblogic default error page.
How to programatically check whether user has access to portal or notbased on
entitlements.
Please give me code.
regards,
-chada-[login.zip] -
Problems to restrict access to a page when the user belong to more than 1 group
I have realized that Dreamweaver on a coldfusion document only works fine when the user only belongs to a single group, this is because the code supplied by dreamweave when you use the option "Restrict access to a page" at "Server behaviors" it assumes that the user only have one group as you can see on this line created automaticly by dreamweaver:
<cfif MM_Username EQ "" OR MM_UserAuthorization EQ "" OR ListFind("admin",MM_UserAuthorization) EQ 0>
MM_UserAutorization has the value of the field assigned for the list of groups or levels, as you can see it could work if we reverse the parameters of the listfind function but the problem would be if we grant the access to more than one group because the sentence would be like this:
<cfif MM_Username EQ "" OR MM_UserAuthorization EQ "" OR ListFind("Admin,Manager",MM_UserAuthorization) EQ 0>
so both paramethers are lists therefore no user will get access to the page.
I am trying to make a work around to fix this problem but I don't know how to get the name of the page since the Application.cfc so I can validate the access to this page against tables on my database.
Does someone have a work around or a tip how to fix this problem?
Thanks in advance.
AGSeems like you have a problem with your group names.ctxLdap.modifyAttributes(groupName,member);Ensure that the value of your variable groupName is a a valid distinguished name.
Note that an OU (organizationalUnit) is not a group. You do not add users to OU's, you create users in OU's. -
Restricting access to some of the LDAP users in obiee 11g.
Hi Experts,
I have successfully integrated LDAP with OBIEE 11g and user's are Authenticated to login to obiee using their LDAP credentials.
But the case is All the employees in the company who have ldap are able to login(any way this is expected as we integrated ldap with OBIEE)
Is there any way that we can restrict the access to users who don't need OBIEE. If so please suggest me the required steps.
Edited by: MKC on Oct 5, 2012 7:43 AMHandle it in LDAP side, try to create a group in LDAP for BI users and use it in integration so that only this specific group uses sit in bi side.
Pls mark if helps -
How do you restrict access of a pdf to one user at a time?
I need to put pdf's on a shared work server so that users can make their own individual comments on them, and so collate all corrections for me to then pick up in one pdf.
Question is, can I restrict the pdf in some way that prevents it from opening if another user has it open and is in the process of making their comments on it?
ThanksThat's not a good way to do that. You should look into Acrobat's Shared
Review features. -
Restrict access in report based on compnay codes and cost centers
Hi,
We are using a standard report, which is assigend to a Z transaction and assigend to the role.
The report need to be restricted based on the company code and cost center ?
but i could not find any AUTHORITY- CHECK statements in the code ( there is only authority check statement for object G_803J_GJB which has authorization groups and aCTVT field.)
Please let me know what steps need to be followed to restrict the report based on company codes and cost centers.
Thanks for your help in advance.Thanks all for the quick response.
Steps to be followed:
1) incorporatomg AUTHORITY-CHECK statements for K_KOSTL and F_BKPF_BUK objects in the program.
2) adding the objects as check yes in SU24 for the Z transaction.
and restricting in the role.
The program name is "GP3O4ZGOOF3HA68QMGHF8S7I9ER250".
Please let me know if any more steps need to be followed.
Based on this i have to send a estimate to my client.
Thanks,
Sanketh. -
Restrict Access to certain users based on if a variable in the SQL database is set to 1
Hey guys,
I am quite new to PHP and MySQL and I have a question concerning access restriction. For a website project I am experimenting with Dreamweaver's login and restrict access behavior, which works fine. However, on the website I would like to restrict access for users that only have a 1 set in the corresponding MySQL database (which means that e.g. each page has a different variable in the database that can be set to 1, which would allow me to personify access beyond the level of the out-of-the box option, where each user can only have one access level). So it is quite similiar to the out-of-the-box restrict access to page based on user group, but just depending on another variable in the database.
I guess it can be done with an if condition that checks in the database if the logged in user has a 1 in this variable, and if yes give her/him access if not redirect to another page. However, I could not figure out how to implement that.
Your help is highly appreciated!
Thanks in advance!Hello guys,
I spend quite some time on the internet reseaching my wish and redefined my need: I would basically like to have the possibility to assign a user multiple access levels. There would be e.g. 10 pages for each I create an access level. Then a user with e.g. access to pages 2 and 8 can only access these two pages. So my basic question is if and if yes how I can assign a user muliple access levels at a time and store these values in the MySQL database.
Thanks a lot for your help!! -
Data view web part to display the most frequently accessed pages based on the user that is logged in
I am working on a project in which I would like to display the top 5 most accessed pieces of content as links, based on the user that is logged in. Our MOSS 2007 implementation has subsites for all regions that we do business in, as an example North, South, East, and West. When a user visits the North region homepage, I would like a web part to display:
Hello, <username>, here is a listing of your most accessed content:
Link to One
Link to Two
Link to Three
Link to Four
Link to Five
So each user would get a customized list based on their content access. We are not using my sites, but these would not work as we want the list to display on the home page of the region site.
I am thinking that a data view may work here, but I am not sure. Any help is greatly appreciated.If you are running MOSS you may want to take a look at the Relevant Documents web part too.
http://office.microsoft.com/en-us/sharepointserver/HA102410251033.aspx
The Relevant Documents Web Part helps you create a personalized view of the documents that you create, check out, and change. In a large Document Center, the Web Part can save you time and effort by making files easier to find and use. The following figure shows the Web Part: -
Restrict Access To Page Not Working with Different Auth Levels
I have just started playing with the idea of using different auth levels to allow different users access to certain pages on my site.
Within my SQL database I have a authlevel table consisting of 3 possible levels (guest, user, admin)
I am using the Dreamweaver "Log in user" to log in users based on username, pass, and auth level and "Restrict access to page" set to allow user levels 'user' and 'admin'.
The problem, however, occurs when trying to log in. No matter what auth level I try I am redirected to my page where users should be redirected if they are not allowed to enter that page.
I have included below my code from my login page and the page where all authorized users (user and admin) should be directed upon entering the restricted area.
Login Page:
<?php require_once('../Connections/hondovfd.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
return $theValue;
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
session_start();
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
if (isset($_POST['username'])) {
$loginUsername=$_POST['username'];
$password=$_POST['password'];
$MM_fldUserAuthorization = "authlevel";
$MM_redirectLoginSuccess = "/membersonly/membersonly.php";
$MM_redirectLoginFailed = "/membersonly/loginfailed.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_hondovfd, $hondovfd);
$LoginRS__query=sprintf("SELECT username, password, authlevel FROM login WHERE username=%s AND password=%s",
GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));
$LoginRS = mysql_query($LoginRS__query, $hondovfd) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = mysql_result($LoginRS,0,'authlevel');
//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;
if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
header("Location: " . $MM_redirectLoginSuccess );
else {
header("Location: ". $MM_redirectLoginFailed );
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/phptemplate.dwt" codeOutsideHTMLIsLocked="false" -->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<!-- InstanceBeginEditable name="Title" -->
<title>Log In</title>
<!-- InstanceEndEditable -->
<meta name="description" content="Hondo Fire and Rescue serves the Arroyo Hondo and Canada Village areas of Santa Fe County, NM." />
<meta name="keywords" content="hondo, hondo fire, hondo vfd, hondo fire department, santa fe county fire department, santa fe county, volunteer fire department, hondo volunteer fire department" />
<link href="../stylesheet.css" type="text/css" rel="stylesheet" />
<!--[if IE]>
<style type="text/css">
#mainContent, #sidebar1 { zoom: 1;}
</style>
<![endif]-->
<script src="../SpryAssets/SpryMenuBar.js" type="text/javascript"></script>
<link href="../SpryAssets/SpryMenuBarVertical.css" rel="stylesheet" type="text/css" />
</head>
<body class="thrColLiqHdr">
<div id="container">
<div id="header"></div>
<div id="sidebar1">
<h3>Navigation : </h3>
<ul id="MenuBar1" class="MenuBarVertical">
<li><a href="/index.php">Home</a></li>
<li><a href="/support.php">Support Hondo</a></li>
<li><a class="MenuBarItemSubmenu" href="#">Information Menu</a>
<ul>
<li><a href="/people.php">Our People</a></li>
<li><a href="http://www.google.com/maps/ms?ie=UTF8&hl=en&msa=0&msid=101620713606637979698.00045b6ead4ab4ea70b78&z=11" target="_blank">Response Area</a></li>
<li><a href="/medical.php">Medical</a></li>
<li><a href="/apparatus.php">Apparatus</a></li>
<li><a href="/training.php">Training</a></li>
<li><a href="/volunteer.php">Volunteer</a></li>
<li><a href="/statistics.php">Statistics</a></li>
<li><a href="/patchtrading.php">Patch Trading</a></li>
</ul>
</li>
<li><a href="/album.php">Photo Gallery</a></li>
<li><a href="/calendar.php">Calendar</a></li>
<li><a href="/news.php">Blog/News</a></li>
<li><a href="/links.php">Links</a></li>
<li><a href="/contact.php">Contact Us</a></li>
</ul>
<br />
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<span class="lefttext">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="8567201">
<input type="image" src="https://www.paypal.com/en_US/i/btn/btn_donate_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!" />
<img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">
</img></input></input>
</span>
</form>
<span class="lefttext"><br />
</span>
<center>
<span class="lefttext"><a href="http://www.facebook.com/pages/Santa-Fe-NM/Hondo-Volunteer-Fire-Department/74284233488" target="_blank" class="lefttext">Hondo VFD on Facebook</a></span>
</center>
<!-- end #sidebar1 --></div>
<div id="sidebar2">
<p><a href="/membersonly/login.php">Log In</a> | <a href="/membersonly/logout.php">Log Out</a></p>
<p>Call Statistics for <?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/month.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?> as of <?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/date.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?></p>
<table width="90%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="60%">EMS Calls</td>
<td width="40%"><?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/emscalls.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?></td>
</tr>
<tr>
<td>Fire Calls</td>
<td><?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/firecalls.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?></td>
</tr>
</table>
<hr />
<div id="cse" style="width:100%;">Loading</div>
<script src="http://www.google.com/jsapi" type="text/javascript"></script>
<script type="text/javascript">
google.load('search', '1');
google.setOnLoadCallback(function(){
new google.search.CustomSearchControl().draw('cse');
}, true);
</script>
<!-- End Google Search Element -->
</div>
<!-- end #sidebar2 -->
<div id="mainContent">
<div class="top"></div><div class="wrap"><!-- InstanceBeginEditable name="Main Content" -->
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td height="47" class="h2">Members Only Login</td>
</tr>
<tr>
<td><form ACTION="<?php echo $loginFormAction; ?>" id="login" name="login" method="POST">
<table width="40%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="31%">Username:</td>
<td width="69%"><input name="username" type="text" /></td>
</tr>
<tr>
<td>Password</td>
<td><input name="password" type="password" /></td>
</tr>
</table>
<input name="Submit" type="submit" />
</form></td>
</tr>
</table>
<!-- InstanceEndEditable -->
</div>
<div class="bottom"></div>
</div>
<!-- This clearing element should immediately follow the #mainContent div in order to force the #container div to contain all child floats --> <br class="clearfloat" />
<div id="footer">
<p align="center">© Copyright 2009 Hondo Volunteer Fire Department | <a href="mailto:[email protected]">Contact Us</a><a href="http://www.legalhelpers.com/chapter-13-bankruptcy/chapter13.html"></a><br />Hosting provided by <a href="http://studiox.com/" target="_blank">Studio X</a></p>
<!-- end #footer --></div>
<!-- end #container --></div>
<script type="text/javascript">
<!--
var MenuBar1 = new Spry.Widget.MenuBar("MenuBar1", {imgRight:"../SpryAssets/SpryMenuBarRightHover.gif"});
//-->
</script>
<?php include_once("/var/home/hondovfd/hondovfd.org/www/analyticstracking.php"); ?>
</body>
<!-- InstanceEnd --></html>
Other Page:
<?php
if (!isset($_SESSION)) {
session_start();
$MM_authorizedUsers = "user,admin";
$MM_donotCheckaccess = "false";
// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
// For security, start by assuming the visitor is NOT authorized.
$isValid = False;
// When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
// Therefore, we know that a user is NOT logged in if that Session variable is blank.
if (!empty($UserName)) {
// Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
// Parse the strings into arrays.
$arrUsers = Explode(",", $strUsers);
$arrGroups = Explode(",", $strGroups);
if (in_array($UserName, $arrUsers)) {
$isValid = true;
// Or, you may restrict access to only certain users based on their username.
if (in_array($UserGroup, $arrGroups)) {
$isValid = true;
if (($strUsers == "") && false) {
$isValid = true;
return $isValid;
$MM_restrictGoTo = "/membersonly/loginfailed.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {
$MM_qsChar = "?";
$MM_referrer = $_SERVER['PHP_SELF'];
if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
$MM_referrer .= "?" . $QUERY_STRING;
$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
header("Location: ". $MM_restrictGoTo);
exit;
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/phptemplate.dwt" codeOutsideHTMLIsLocked="false" -->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<!-- InstanceBeginEditable name="Title" -->
<title>Members Only Area</title>
<!-- InstanceEndEditable -->
<meta name="description" content="Hondo Fire and Rescue serves the Arroyo Hondo and Canada Village areas of Santa Fe County, NM." />
<meta name="keywords" content="hondo, hondo fire, hondo vfd, hondo fire department, santa fe county fire department, santa fe county, volunteer fire department, hondo volunteer fire department" />
<link href="../stylesheet.css" type="text/css" rel="stylesheet" />
<!--[if IE]>
<style type="text/css">
#mainContent, #sidebar1 { zoom: 1;}
</style>
<![endif]-->
<script src="../SpryAssets/SpryMenuBar.js" type="text/javascript"></script>
<link href="../SpryAssets/SpryMenuBarVertical.css" rel="stylesheet" type="text/css" />
</head>
<body class="thrColLiqHdr">
<div id="container">
<div id="header"></div>
<div id="sidebar1">
<h3>Navigation : </h3>
<ul id="MenuBar1" class="MenuBarVertical">
<li><a href="/index.php">Home</a></li>
<li><a href="/support.php">Support Hondo</a></li>
<li><a class="MenuBarItemSubmenu" href="#">Information Menu</a>
<ul>
<li><a href="/people.php">Our People</a></li>
<li><a href="http://www.google.com/maps/ms?ie=UTF8&hl=en&msa=0&msid=101620713606637979698.00045b6ead4ab4ea70b78&z=11" target="_blank">Response Area</a></li>
<li><a href="/medical.php">Medical</a></li>
<li><a href="/apparatus.php">Apparatus</a></li>
<li><a href="/training.php">Training</a></li>
<li><a href="/volunteer.php">Volunteer</a></li>
<li><a href="/statistics.php">Statistics</a></li>
<li><a href="/patchtrading.php">Patch Trading</a></li>
</ul>
</li>
<li><a href="/album.php">Photo Gallery</a></li>
<li><a href="/calendar.php">Calendar</a></li>
<li><a href="/news.php">Blog/News</a></li>
<li><a href="/links.php">Links</a></li>
<li><a href="/contact.php">Contact Us</a></li>
</ul>
<br />
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<span class="lefttext">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="8567201">
<input type="image" src="https://www.paypal.com/en_US/i/btn/btn_donate_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!" />
<img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">
</img></input></input>
</span>
</form>
<span class="lefttext"><br />
</span>
<center>
<span class="lefttext"><a href="http://www.facebook.com/pages/Santa-Fe-NM/Hondo-Volunteer-Fire-Department/74284233488" target="_blank" class="lefttext">Hondo VFD on Facebook</a></span>
</center>
<!-- end #sidebar1 --></div>
<div id="sidebar2">
<p><a href="/membersonly/login.php">Log In</a> | <a href="/membersonly/logout.php">Log Out</a></p>
<p>Call Statistics for <?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/month.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?> as of <?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/date.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?></p>
<table width="90%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="60%">EMS Calls</td>
<td width="40%"><?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/emscalls.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?></td>
</tr>
<tr>
<td>Fire Calls</td>
<td><?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/firecalls.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?></td>
</tr>
</table>
<hr />
<div id="cse" style="width:100%;">Loading</div>
<script src="http://www.google.com/jsapi" type="text/javascript"></script>
<script type="text/javascript">
google.load('search', '1');
google.setOnLoadCallback(function(){
new google.search.CustomSearchControl().draw('cse');
}, true);
</script>
<!-- End Google Search Element -->
</div>
<!-- end #sidebar2 -->
<div id="mainContent">
<div class="top"></div><div class="wrap"><!-- InstanceBeginEditable name="Main Content" -->
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td height="47" class="h2">Members Only Area</td>
</tr>
<tr>
<td><p><a href="/membersonly/documents.php">Useful Documents</a></p>
<p><a href="/membersonly/IncidentCount01_08.pdf">Current Call Statistics</a> as of 9/3/09</p>
</td>
</tr>
</table>
<script type="text/javascript">
<!--
var MenuBar1 = new Spry.Widget.MenuBar("MenuBar1", {imgRight:"../SpryAssets/SpryMenuBarRightHover.gif"});
//-->
</script><!-- InstanceEndEditable -->
</div>
<div class="bottom"></div>
</div>
<!-- This clearing element should immediately follow the #mainContent div in order to force the #container div to contain all child floats --> <br class="clearfloat" />
<div id="footer">
<p align="center">© Copyright 2009 Hondo Volunteer Fire Department | <a href="mailto:[email protected]">Contact Us</a><a href="http://www.legalhelpers.com/chapter-13-bankruptcy/chapter13.html"></a><br />Hosting provided by <a href="http://studiox.com/" target="_blank">Studio X</a></p>
<!-- end #footer --></div>
<!-- end #container --></div>
<script type="text/javascript">
<!--
var MenuBar1 = new Spry.Widget.MenuBar("MenuBar1", {imgRight:"../SpryAssets/SpryMenuBarRightHover.gif"});
//-->
</script>
<?php include_once("/var/home/hondovfd/hondovfd.org/www/analyticstracking.php"); ?>
</body>
<!-- InstanceEnd --></html>you don't need all that bloat. set a session during login of some kind of uniquely identifying id. i.e.
$_SESSION['id'] = $row_rs['id'];
then on the pages you need to protect, check it like this....
<?php
session_start();
if (!(isset($_SESSION['id']) && $_SESSION['id'] != '')) {
die(header("Location: http://www.notinprotectedareas.com")); }
?>
you can use an include file i.e.
<?php require_once('login_check.php'); ?>
where file is name login_check.php to make your auth controls clean on your protected pages. -
Restricted access to attachments in SRM 7.0 web applications
Hi,
We have a very specific problem regarding the handling of attachments with SRM 7.0 web applications. The system is configured to use ArchiveLink for storing documents on a remote content server, which is working fine.
Now we have a requirement which should restrict access to certain documents to specific user groups. As an example you could say that a Purchase order has (besides others) two documents attached, e.g.
- signed contract
- meeting minutes
The contract should only be visible to a limited number of people, whereas the Meeting Minutes are accessible to everybody.
Our problem is that apparently only one Content Category ("BBPFILESYS") is used by the SRM web applications for an upload. When granting authorizations on this content category, we cannot distinguish between contracts and meeting minutes anymore.
Comparing this with the config in ECC we can freely define document types which can be used in AUTH profiles. Is there any similar solution that can be used in SRM 7.0?
Any help would be greatly appreciated.
Cheers,
MarkHello,
Have a look at note 1334202. It provides some inputs.
Regards,
Ricardo -
Best way to restrict access to documents (outside of the group or library level)
Hi, we're thinking of implementing SharePoint Server 2013 Standard Edition for our organization. Many of our employees are research scientists working on proprietary information. From the (admittedly little) I understand about SharePoint, if a user wants
to restrict access to a particular document to the 2 or 3 people with whom they're collaborating (and also have it not appear in the search results), they will have to email their power user to request that a new document library be created in which they can
store their documents. Is that correct? In this case, what is the best way to handle item-level permissions? Users absolutely want to have the freedom to restrict access to their documents themselves rather than being forced to go to their power user. Thanks.Hi,
Per my knowledge, if you want to restrict access to the documents to some users, then you need to have Manage Permissions permission to modify other users’ permission on the documents.
If you do not have the Manage Permissions permission, I recommend to ask the site administrator to create a workflow as below to remove the corresponding users’ permission on the documents which you uploaded. You can start the workflow on the document you
upload and then the permission of the users set on the workflow will be removed from the document.
Best regards.
Thanks
Victoria Xia
TechNet Community Support -
Access control - Restricted access not working
Hi
I have an application I have created an Access Control administration page in. I have set the application mode to 'Restricted access. Only users defined in the access control list are allowed'. I have defined two users one with administrator and one with edit privileges. I have a third workspace user who is not listed on the access control page.
I have added the authorisation scheme to the tabs, pages and page items I require. This appears to work fine if I change the privilege of one of the listed users to 'view' the items disappear and cannot be accessed.
The issue I have is that the workspace user who is not listed can still log into the application, and has the same access as 'view' privilege. My understanding is that the 'Restricted Access' application mode should prevent this user from accessing this application as they are not explicitly listed?
Have I missed some set-up, misunderstood the meaning of 'restricted access' or is it some sort of bug? I am assuming I have missed some set-up somewhere.
PS This is APEX 4.0.2 on 11g
Edited by: tlane on 15/02/2011 19:43I have set the application up on apex.Oracle.com
http://apex.oracle.com/pls/apex/f?p=48123:101:506666493527664
four users have been defined :
control_admin
control_edit
control_view
control_na
The first 3 are defined on the access control page available on the user_admin tab when you login as control_admin user.
user control_na is not listed but can still access the application.
password for all users is : demo1234
Thanks in advance for all help with this issue. -
Restricting Access only for APPS account using SQLNET
Dear Friends,
Recently we have an incident that a functional consultant has cracked the Apps password. I don't know how.
Now what we are planning is to restrict the database access to only the dba team using sqlnet.ora file and its tcp.validnode_checking parameter.
However, the problem is that we want to continue the APPSRO(which is an Apps Read Only Account) access to them.
Is there any way possible to restrict access only for a particular database user account using sqlnet.ora
please help.
Thanks.Recently we have an incident that a functional consultant has cracked the Apps password. I don't know how.
Now what we are planning is to restrict the database access to only the dba team using sqlnet.ora file and its tcp.validnode_checking parameter.
However, the problem is that we want to continue the APPSRO(which is an Apps Read Only Account) access to them.
Is there any way possible to restrict access only for a particular database user account using sqlnet.ora
Now what we are planning is to restrict the database access to only the dba team using sqlnet.ora file and its tcp.validnode_checking parameter.
However, the problem is that we want to continue the APPSRO(which is an Apps Read Only Account) access to them.
Is there any way possible to restrict access only for a particular database user account using sqlnet.oraNo (and even if it exists, I believe this does not fix the main issue with the apps password which could be cracked again).
The proper way would be changing the apps password and meet the security requirements in these docs.
Secure Configuration Guide for Oracle E-Business Suite 11i [ID 189367.1]
Secure Configuration Guide for Oracle E-Business Suite Release 12 [ID 403537.1]
FNDCPASS Utility New Feature: Enhance Security With Non-Reversible Hash Password [ID 457166.1
Thanks,
Hussein -
Restrict access to Time Machine Disk?
I'm hoping I'm missing something simple here, perhaps someone can enlighten me:
I've set up an external drive on a new dual band Extreme Base Station to act as the Time Machine volume for all of my family's computers.
In order to get the backups working without user intervention I have to enable file sharing on the disk in Airport Utility, and then because I have "Secure Shared Disks" enabled, I had to make sure the password was saved in each user's keychain (at least 1 per computer).
My problem is that this now allows users access to the sparse images on the time Machine Disk.
Can anybody suggest a way to restrict access while maintaining automatic Time Machine backups in the background? Like I said, I feel like I'm probably missing something as this seems like it should be a standard feature, no?
Thanks!
JakeHmm, two points come to mind (again, with the caveat that I don't have any of the equipment and can't test or check anything).
..."I think the reason this doesn't work as we'd expect is that it would kill the ability of TM to back up to the network disk when logged in as anything other than the Admin user."...
I don't think that's right -- if the password is stored in the "System" keychain, it shouldn't matter whether or not anyone is logged in. Just to make sure we aren't talking about different things, I was referring to the "System" keychain, not any individual users' keychain, including "admin" users or the "root" user. A user's login keychain would not normally be unlocked (requiring the user's password) unless they log in, but the system should have access to the "System" keychain whenever it needs it.
..."Even if I could hide just that particular share in the Finder sidebar, I'd be happy with that."...
That raises an important point that I had previously overlooked -- initially, when I had raised the possibility of restricting file access to the backup itself, I suggested that restricting access to the password would be better. However, upon further consideration, it would probably be preferable to do both, because while restricting access to the password would limit users' ability to mount the share and look at backups whenever they felt like it, it might not prevent them from browsing backups while the system has mounted the remote volume and is in the process of performing the backup. That too would depend on how things are mounted (which I have no way of checking).
Just something to keep in mind while you are experimenting... -
Is it possible to restrict access to specific IOS apps based on the WIFI profile that a user has connected to?
you might be able to block it if the app uses Internet access
and depending on your wireless you might be able to block a specific user
accessing the backend host that the app uses
some firewalls offer application filtering but I'm not aware of any that work with ios apps
Maybe you are looking for
-
I bought an airport express after being assured that I will be able to AirPrint from my IPad. I have set up airport utility on my Hp laptop and configured it properly with the express. But still I'm not able to detect the printer attached to the USB
-
I've tried to install Xcode update two times already, but it's like stuck. It has been stuck in the same place for 24 hours already and is still saying "Less than a minute" What can I do to install the update finally?
-
Dear friends, once maintenance order has been released,I am unable to put deletation flag for that order. is there any option to put deletion flag after releasing maint order other than locking your response is highly appriciated. Regards, K.Sunil
-
getting error messeges and my computer has prompt me to reinstall extended player, but i dont know how
-
Using BASIS data for system monitoring.
Hi, We are looking for some BASIS transactions data(ex ST02,SM21) to be captured and send out of SAP. is there any existing functionality via which the output of the transactions can be captured from the output screen. Is any way using ABAP program b