Hi All,
I made a custom page for my project. as there were a few pages that made the section i put them into a folder and added that folder into the hooks folder.
when the user signs in they are presented with all the tables including the custom page. when the page is accessed it gives an "Access denied" error. but after signing in the second time it works fine.
is anyone able to assist?
As all signed in users should have access I added the following code...
<?php
define('PREPEND_PATH', '../../'); /* the extra "../" is because I have this in a folder within the hooks folder */
$hooks_dir = dirname(__FILE__);
include("$hooks_dir/../../defaultLang.php");
include("$hooks_dir/../../language.php");
include("$hooks_dir/../../lib.php");
include_once("$hooks_dir/../../header.php");
/* grant access to all logged users */
$mi = getMemberInfo();
if(!$mi['username'] || $mi['username'] == 'guest'){
echo "<h3>Access denied Please Sign In</h3>";
exit;
}
Barry
include_once("$hooks_dir/../../footer.php");
?>
Custom Page problem
- baudwalker
- Veteran Member
- Posts: 188
- Joined: 2015-02-03 08:08
- Location: Bellingen NSW Australia
Re: Custom Page problem
Hi,
interesting ...
Did you try to change
for testing? Maybe accept only a specific usergroup to access that page?
Did you try to place the page directly into your hooks folder?
Maybe this helps:
What I did to secure a custom page:
I created a table in AG with my CUSTOMNAME. This results in a file in your AG root directory with that name.
I edited that file to look like this:
The file /hooks/SOMEOTHERNAME.PHP actually holds my custom code.
Attention: CUSTOMNAME.php will be replaced, when you regenerate your application in AG. For this reason I have a special folder with files that I always copy back, overwriting some AG files - in this case CUSTOMNAME.php as well (you can search this forum for special_from_root which should be contained in my posting about this.
Olaf
interesting ...
Did you try to change
Code: Select all
if(!$mi['username'] || $mi['username'] == 'guest'){
Did you try to place the page directly into your hooks folder?
Maybe this helps:
What I did to secure a custom page:
I created a table in AG with my CUSTOMNAME. This results in a file in your AG root directory with that name.
I edited that file to look like this:
Code: Select all
<?php
$currDir = dirname(__FILE__);
include("$currDir/defaultLang.php");
include("$currDir/language.php");
include("$currDir/lib.php");
//custom language
include("hooks/language.php");
include_once("$currDir/header.php");
/* grant access to all users who have access to the orders table */
$user_can_access = get_sql_from('CUSTOMNAME');
if(!$user_can_access) exit(error_message('Access denied!', false));
include("hooks/SOMEOTHERNAME.php");
if(!$footerCode){
include_once("$currDir/footer.php");
}else{
ob_start(); include_once("$currDir/footer.php"); $dFooter=ob_get_contents(); ob_end_clean();
echo str_replace('<%%FOOTER%%>', $dFooter, $footerCode);
}
?>
Attention: CUSTOMNAME.php will be replaced, when you regenerate your application in AG. For this reason I have a special folder with files that I always copy back, overwriting some AG files - in this case CUSTOMNAME.php as well (you can search this forum for special_from_root which should be contained in my posting about this.
Olaf
Some postings I was involved, you might find useful:
SingleEdit - Prevent concurrent edits on records; Field Permissions; Column-Value-Based-Permissions; Custom (error) message; Audit Log; Backup your database; Two Factor Authentication; Block brute force (failed) logins; Add 2nd SAVE CHANGES button; Place a search on details view
SingleEdit - Prevent concurrent edits on records; Field Permissions; Column-Value-Based-Permissions; Custom (error) message; Audit Log; Backup your database; Two Factor Authentication; Block brute force (failed) logins; Add 2nd SAVE CHANGES button; Place a search on details view
- baudwalker
- Veteran Member
- Posts: 188
- Joined: 2015-02-03 08:08
- Location: Bellingen NSW Australia
Re: Custom Page problem
Thank you Olaf, I'll give it a go...