Link to home
Create AccountLog in
Avatar of NicaInNVA
NicaInNVA

asked on

Dreamweaver CS3 Authentication, how do I retain the query string in the URL

I am developing a system that requires authentication with Dreamweaver CS3, with a MySQL 5.2 back end and PHP 5.2.

The "out of the box" Dreamweaver authentication behavior works well until I try to pass a server variable before authentication is complete (e.g. http://nicasio/managectl.php?CID=999999).  

In this case the query string appears to be dropped as it passes to the logon.php script so when authentication succeeds and control reverts to the managectl.php script, the CID variable is not set and the managectl.php script crashes as it doesn't have the expected value.

Please see the code in managectl.php that handles the redirection to logon.php.

Your assistance will be very appreciated.

Thanks
Mariano
<?php
if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "6,7,8";
$MM_donotCheckaccess = "false";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 

  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) { 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 
    } 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) { 
      $isValid = true; 
    } 
    if (($strUsers == "") && false) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}

$MM_restrictGoTo = "logon.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($_SERVER['$QUERY_STRING']) && strlen($_SERVER['$QUERY_STRING']) > 0) 
  $MM_referrer .= "?" . $_SERVER['$QUERY_STRING'];
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}
?>

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of Jason C. Levine
Jason C. Levine
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of NicaInNVA
NicaInNVA

ASKER

Thanks for the feedback.  Upon closer inspection, I discovered that the variable should be named $_SERVER['QUERY_STRING'], not $QUERY_STRING.  Once I changed that, the code works well in passing the query string to the logon.php script and back upon successful authentication.