Donna
Posts: 7
|
| Posted: 09/27/2004, 1:32 PM |
|
Major problem. Maybe there's a simple solution. I have a domain and webhosting account that is password protected (all pages but a few). Now, I've added a subdomain for a completely different website. I'm just using leftover web space. Masking that I've setup with the host should take affect soon so the subdomain has it's own url in the address bar.
Here's the problem. Although I use two completely different databases for these domains, once someone signs into the subdomain, their security level also works in the parent domain. Big NO-NO! I think the cause is simple enough but I'm not sure what to do about it. Can I setup a security system in the subdomain that uses letters instead of numbers? Perhaps I could setup the parent domain to have higher numbers than the sub but then, the vistors to the parent can access the sub right? They need to each have exclusive rights. To two shall not mingle.
Lost, please help ASAP!
Thanks!!
|
 |
 |
Karsten
Posts: 57
|
| Posted: 09/27/2004, 4:32 PM |
|
i think this is a issue of your project ->Settings doublecheck, that you REALLY have 2 independent projects/databases
i suggest you to use 2 loginforms(pointing to diff. databases and then switch the use of them by checking wich domain is used(referer)
if yourfirstdomain.thisdomain.com use loginform1
if yourseconddomain.thisdomain.com use loginform2
_________________
If one gives up, he told himself he failed. |
|
|
|
Donna
Posts: 7
|
| Posted: 09/28/2004, 3:35 AM |
|
Thanks for the response Karsten. I do indeed have two separate projects and two separate databases. All pages in the first project are published to my main domain and linked to database1. All pages in the other project are published to one folder in that domain and are linked to a database2. The folder has been setup as a subdomain using my host's web forms.
I have continued my search and came across a 10/05/2002 post that suggests adding a second parameter to the CheckSecurity() function. I will try this and post a request for further assistance if I can't work it out.
Thanks again.
|
|
|
|
Donna
Posts: 7
|
| Posted: 09/28/2004, 5:21 AM |
|
Just for clarity, my pages are not calling to the wrong domain. It's just that once a user signs in, they could type in the url to a page on the other domain (parent or child) and would be granted access.
I am working on a resolution. I have created a new field in the members table of both databases. One database fills the field value with 1, the other with 2. In the "common" event of my module (because I want every page to use the new authenication rule) I have placed the following code...
// Verify user's security level and redirect to login page if needed
//-------------------------------
function check_security($security_level)
{
$return_page = getenv("REQUEST_URI");
if($return_page === "") { $return_page = getenv("SCRIPT_NAME") . "?" . getenv("QUERY_STRING"); }
if(!session_is_registered("UserID"))
{
header ("Location: Login.php?querystring=" . urlencode(getenv("QUERY_STRING")) . "&ret_page=" . urlencode($return_page));
exit;
}
else if(!session_is_registered("UserRights") || get_session("UserRights") < $security_level)
{
header ("Location: Login.php?querystring=" . urlencode(getenv("QUERY_STRING")) . "&ret_page=" . urlencode($return_page));
exit;
}
else if(session_is_registered("UserRights") || get_session("UserRights") == $security_level || get_session("UserRights") > $security_level)
{
$flag = dlookup("members", "flag", "memberid= get_session('UserID')");
if($flag <> 1){
header ("Location: Login.php?querystring=" . urlencode(getenv("QUERY_STRING")) . "&ret_page=" . urlencode($return_page));
exit;
}
}
// end code
I am receiving the following error...
Parse error: parse error, unexpected $ on line 258
Could someone please tell me where I'm going wrong? I'm using cc2 php w/tmp.
Thanks so much for your help!!!!
|
|
|
|
peterr
Posts: 5971
|
| Posted: 09/28/2004, 6:48 AM |
|
This is an issue related to using the same session variables in multiple applications that are on the same server. This was resolved in CodeCharge Studio by allowing developers to specify own names of session variables. I don't remember the solution in CodeCharge, but possibly you may need to run some search and replace program on all your generated scripts and replace "UserID" with "AppnameUserID", and "UserRights" with "AppnameUserRights".
_________________
Peter R.
YesSoftware Forums Moderator
For product support please visit http://support.yessoftware.com |
|
|
|
Donna
Posts: 7
|
| Posted: 09/28/2004, 7:45 AM |
|
Thanks Peter! Would I actually type in Appname or is that a placeholder in your post? If it's a placeholder, is it the project name or what?
Thanks a lot!
|
|
|
|
Ripcrul
|
| Posted: 09/30/2004, 2:32 PM |
|
Can we see an update provided to CodeCharge for this?
|
|
|
|
|
