Announcement

Collapse
No announcement yet.

UnAuthorized !!!!!!

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • UnAuthorized !!!!!!

    Hello Everyone,

    I have a problem with the security module found in the OnValidateSuccess:

    PHP Code:
    //Codes auto-generated by scriptcase
    $sql "SELECT 
            app_name,
            priv_access,
            priv_insert,
            priv_delete,
            priv_update,
            priv_export,
            priv_print
              FROM sec_groups_apps
              WHERE group_id IN
                  (SELECT
                   group_id
               FROM
                   sec_users_groups 
               WHERE
                   login = '"
    . [usr_login] ."')";
            
        
    sc_select(rs$sql);
    if ({
    rs} !== false)
    {
        while (!
    $rs->EOF)
        {
            if( 
    $rs->fields[1] == 'Y')
            {
                
    sc_apl_status($rs->fields[0], 'on');
            }
            else
            {
                
    sc_apl_status($rs->fields[0], 'off');
            }

            
    sc_apl_conf($rs->fields[0], 'insert'has_priv($rs->fields[2]));
            
    sc_apl_conf($rs->fields[0], 'delete'has_priv($rs->fields[3]));
            
    sc_apl_conf($rs->fields[0], 'update'has_priv($rs->fields[4]));
            
    //export
            
    $export_permission 'btn_display_'has_priv($rs->fields[5]);
            
    sc_apl_conf($rs->fields[0], $export_permission'xls');
            
    sc_apl_conf($rs->fields[0], $export_permission'word');
            
    sc_apl_conf($rs->fields[0], $export_permission'pdf');
            
    sc_apl_conf($rs->fields[0], $export_permission'xml');
            
    sc_apl_conf($rs->fields[0], $export_permission'csv');
            
    sc_apl_conf($rs->fields[0], $export_permission'rtf');
            
    //export
            
            
    $export_permission 'btn_display_'has_priv($rs->fields[6]);
            
    sc_apl_conf($rs->fields[0], $export_permission'print');

            
    $rs->MoveNext();    
        }
        
    $rs->Close();
        if(
    sc_logged({login})):
            
    sc_log_add('login', {lang_login_ok});
            
    sc_user_logout('logged_user''logout''app_Login');
            
            
            
        
    /* MY LINES START HERE */
        
    $currentuser = [usr_login];

    $check_sql "SELECT group_id FROM sec_users_groups WHERE login = " "'" $currentuser "'";
    sc_lookup(rs$check_sql);

    $groupid = {rs[0][0]};
        
    $check_sql "SELECT description FROM sec_groups WHERE group_id = " "'" $groupid "'";
    sc_lookup(rs$check_sql);

    $group = {rs[0][0]};

    switch (
    $group)
    {
    case 
    "Accountant":
          
    sc_redir('MenuAccountant');
        break;
        
    case 
    "DataEntry":
          
    sc_redir('MenuDataEntry');
        break;  
        
    case 
    "Null":
          
    sc_redir('MenuNull');
        break;
        
    case 
    "Sales":
          
    sc_redir('MenuSales');
        break;
        
    case 
    "Supervisor":
          
    sc_redir('MenuSupervisor');
        break;
        
    case 
    "Auditor":
          
    sc_redir('MenuAuditor');
        break;
        
    case 
    "Administrator":
          
    sc_redir('Menu');
        break;

    }
    /* MY LINES ENDS HERE */
        
                //sc_redir('Menu');    COMMENTING DONE, AS IT IS REPLACED BY MY CODES
        
    endif;

    Now, a user is given Access rights to 'MenuSales', but not 'Menu'. The user always get Unauthorised, and sometimes after admin log in and log out, then ask user to login again, then it works.

    Sometimes, it works as expected, sometimes does not.

    Is the above code OK?

    Thanks for your replies.

    Michael.
    Last edited by michael; 12-19-2014, 04:52 AM.

  • #2
    The best way is to unset the use security checkbox on the primary loginpage and (if you use that) the menu around the login page. There's no need to use the security here.
    Albert Drent
    aducom software netherlands
    scriptcase partner, reseller, support and (turn-key) development
    www.scriptcase.eu / www.scriptcase.nl

    Comment

    Working...
    X