Hi Will.
Thank you so much for the great software. I have a problem accessing the user acls from any page other than the one that performed the login operation. I AM testing all of this on a localhost - perhaps paths or sessions are not set up correctly?
Any suggestions?
Thanks!
Joseph
Hi Joseph
Could you post your code?
Best, Michael
Hi Michael,
In config.php:
define('DOC_ROOT', realpath(dirname(__FILE__) . '/../'));
define('URL_ROOT', substr(DOC_ROOT, strlen(realpath($_SERVER['DOCUMENT_ROOT']))));
error_reporting(E_STRICT | E_ALL);
fCore::enableErrorHandling('html');
fCore::enableExceptionHandling('html');
fTimestamp::setDefaultTimezone('Asia/Bangkok');
fAuthorization::setLoginPage(URL_ROOT);
// This prevents cross-site session transfer
fSession::setPath(DOC_ROOT . '/data/session/');
In init.php:
include dirname(__FILE__) . '/config.php';
$db = new fDatabase('mysql', 'lv_repository', 'root', 'root');
fORMDatabase::attach($db);
fSession::open();
In index.php (where the login occurs, and in one directory higher than config.php and init.php):
$valid_pass = fCryptography::checkPasswordHash(fRequest::get('password'), $user->getPassword());
if ($valid_pass) {
$level = new UserLevel($user->getLevelId());
fAuthorization::setUserACLs(
array(
'level' => $level->getLevelName(),
'process_asset' => $user->getAccessProcessAsset(),
'delete_asset' => $user->getAccessDeleteAsset(),
'approve_asset' => $user->getAccessApproveAsset(),
'link_asset' => $user->getAccessLinkAsset(),
'manage_category' => $user->getAccessManageCategory(),
'translate_category' => $user->getAccessTranslateCategory(),
'manage_user' => $user->getAccessManageUser(),
'assign_task' => $user->getAccessAssignTask(),
'report' => $user->getAccessReport()
)
);
} else {
fMessaging::create('error', fURL::get(), 'The password entered is incorrect');
}
And finally in my page trying to access the ACLs:
include './inc/init.php';
if (fAuthorization::checkACL('level', 'super_admin')) {
Please let me know if there is anything else you need. Thank you SO SO much for your help!
Joseph
Did anyone have a chance to look over this? I am very grateful for any insights!
As a side note - it does not seem like the session data is being deleted (unless this happens infrequently)...
Thanks in advance,
Joseph
All of the user details for fAuthorization are stored in the session. My initial thought it that something about the session cookie is causing issues. Can you check and see what is contained in the session by calling:
fCore::expose($_SESSION);
Hi Will.
Even though fAuthorization has been called - the only thing that seems to be in the session is:
Array ( fSession::type => normal fSession::expires => 1294018005 )
Thanks so much for your help.
So there is definitely a problem with session data being persisted. My first hunch would be a session cookie. You can use the session_id()
function to get your session id and then print it to the page. Check to make sure it is the same when you reload the page. You can also use your browser to see if localhost is sending you cookies.
Hi Will.
I put the fExpose call on the index.php page and saw an error this time around:
Warning
-------
{doc_root}\\lastvoices\\index.php(37): fAuthorization::setUserACLs(Array)
{doc_root}\\lastvoices\\inc\\flourish\\fAuthorization.php(439): fSession::regenerateID()
{doc_root}\\lastvoices\\inc\\flourish\\fSession.php(440): session_regenerate_id()
[internal function]
session_regenerate_id(): Cannot regenerate session id - headers already sent
The ACLs seem to still be set for that page, but are not in the session variable. Does anything in the code below look like it would modify the header?
include './inc/init.php';
$action = fRequest::get('action');
// --------------------------------- //
if ('log_out' == $action) {
fAuthorization::destroyUserInfo();
fMessaging::create('success', fURL::get(), 'You were successfully logged out');
fURL::redirect(fURL::get());
}
// --------------------------------- //
if ('log_in' == $action && fRequest::isPost()) {
if (validateEmail(fRequest::get('email'))) {
try {
$user = new User(array('email' => fRequest::get('email')));
} catch (fNotFoundException $e) {
fMessaging::create('error', fURL::get(), $e->printMessage());
}
$valid_pass = fCryptography::checkPasswordHash(fRequest::get('password'), $user->getPassword());
if ($valid_pass) {
$level = new UserLevel($user->getLevelId());
$accessArray = array(
'level' => $level->getLevelName(),
'process_asset' => $user->getAccessProcessAsset(),
'delete_asset' => $user->getAccessDeleteAsset(),
'approve_asset' => $user->getAccessApproveAsset(),
'link_asset' => $user->getAccessLinkAsset(),
'manage_category' => $user->getAccessManageCategory(),
'translate_category' => $user->getAccessTranslateCategory(),
'manage_user' => $user->getAccessManageUser(),
'assign_task' => $user->getAccessAssignTask(),
'report' => $user->getAccessReport()
);
fAuthorization::setUserACLs(
$accessArray
);
} else {
fMessaging::create('error', fURL::get(), 'The password entered is incorrect');
}
} else {
fMessaging::create('error', fURL::get(), 'The email entered is invalid');
}
}
I don't know if you ever solved this, but here are a few thoughts for people having trouble in the future.