I built a login page(login.php) to view a database content page (mainpage.php). Everything was fine, until I set mainpage.php as restricted page, so that when users type in the direct http address, they will be redirect to login.php.

However, after I set the restriction, I won't be able to login anymore as it keeps redirecting me back to login.php.

Why?? Thanks for you help.

Hi Din,

Might have a access level set? For example if you have the site restricted to a user level of "members" and your user name does not have the access level set in the database it would redirect... Paste the code you have for your login script here and I may be able to determine the problem...

Hope it helps...

Regs

Allan

On the login page, this is what I have:

<?php require_once('../Connections/connEnquiries.php'); ?>
<?php
// *** Validate request to login to this site.
session_start();
$_SESSION['logged_in'] = 'no';
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {
$GLOBALS['PrevUrl'] = $accesscheck;
session_register('PrevUrl');
}

if (isset($_POST['name'])) {
$loginUsername=$_POST['name'];
$password=$_POST['pw'];
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "admin_main.php";
$MM_redirectLoginFailed = "admin_login.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_connEnquiries, $connEnquiries);

$LoginRS__query=sprintf("SELECT Name, Password FROM admin_users WHERE Name='%s' AND Password='%s'",
get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password));

$LoginRS = mysql_query($LoginRS__query, $connEnquiries) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = "";

//declare two session variables and assign them
$GLOBALS['MM_Username'] = $loginUsername;
$GLOBALS['MM_UserGroup'] = $loginStrGroup;

//register the session variables
session_register("MM_Username";
session_register("MM_UserGroup";

if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>

On the content page which i want to set restriction, this is it:

<?php
session_start();
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
// For security, start by assuming the visitor is NOT authorized.
$isValid = False;

// When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
// Therefore, we know that a user is NOT logged in if that Session variable is blank.
if (!empty($UserName)) {
// Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
// Parse the strings into arrays.
$arrUsers = Explode(",", $strUsers);
$arrGroups = Explode(",", $strGroups);
if (in_array($UserName, $arrUsers)) {
$isValid = true;
}
// Or, you may restrict access to only certain users based on their username.
if (in_array($UserGroup, $arrGroups)) {
$isValid = true;
}
if (($strUsers == "" && true) {
$isValid = true;
}
}
return $isValid;
}

$MM_restrictGoTo = "admin_login.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {
$MM_qsChar = "?";
$MM_referrer = $_SERVER['PHP_SELF'];
if (strpos($MM_restrictGoTo, "?") $MM_qsChar = "&";
if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
$MM_referrer .= "?" . $QUERY_STRING;
$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
header("Location: ". $MM_restrictGoTo);
exit;
}
?>

I believe I didn't set access level, restriction just set based on username and password.

Thank you thank you very much!!!

too easy.... well done Din.