Dreamweaver CS3 Authentication, how do I retain the query string in the URL

I am developing a system that requires authentication with Dreamweaver CS3, with a MySQL 5.2 back end and PHP 5.2.

The "out of the box" Dreamweaver authentication behavior works well until I try to pass a server variable before authentication is complete (e.g. http://nicasio/managectl.php?CID=999999).  

In this case the query string appears to be dropped as it passes to the logon.php script so when authentication succeeds and control reverts to the managectl.php script, the CID variable is not set and the managectl.php script crashes as it doesn't have the expected value.

Please see the code in managectl.php that handles the redirection to logon.php.

Your assistance will be very appreciated.

Thanks
Mariano
<?php
if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "6,7,8";
$MM_donotCheckaccess = "false";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 

  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) { 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 
    } 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) { 
      $isValid = true; 
    } 
    if (($strUsers == "") && false) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}

$MM_restrictGoTo = "logon.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($_SERVER['$QUERY_STRING']) && strlen($_SERVER['$QUERY_STRING']) > 0) 
  $MM_referrer .= "?" . $_SERVER['$QUERY_STRING'];
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}
?>

Open in new window

NicaInNVAAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jason C. LevineDon't talk to me.Commented:
Hi NicaInNVA,

I'm not following the sequence of events.  If a non-logged in user hits the code above, an existing query string should be preserved by lines 39-40:

  if (isset($_SERVER['$QUERY_STRING']) && strlen($_SERVER['$QUERY_STRING']) > 0)
  $MM_referrer .= "?" . $_SERVER['$QUERY_STRING'];

But you say "In this case the query string appears to be dropped as it passes to the logon.php script" which indicates that a user is attempting to login with the query string already present in the URL.  The code above is the Page Access Check code, not the code that processes a login attempt.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
NicaInNVAAuthor Commented:
Thanks for the feedback.  Upon closer inspection, I discovered that the variable should be named $_SERVER['QUERY_STRING'], not $QUERY_STRING.  Once I changed that, the code works well in passing the query string to the logon.php script and back upon successful authentication.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.