I have logged in and tested it and it seems to work correctly, however…I have a security restrict on a database query function and it does not seem to prevent the data from displaying even if i do not have the correct permission level ‘admin’
Could you provide a little further information and post a screenshot of the Permission Conditions? Select a Permission from the top table and it will display the Conditions below.
I also cannot get the security enforcer to work correctly. I have set it up to only admin permission, but subscribers also have access and do not get redirected.
The only time i can get the redirect to work is if i am not logged in at all.
I can also see you are calling a Wordpress table (wp_users)? Are you sure you are using the correct salts and settings for your Wordpress install? How have you got things set up that side, ie the login form inputs etc?
yes, i am calling a wp_users table. That is where the data is from.
There is an access_level column that sets the access level of the user. Most are just ‘subscriber’ level, but there are 2 accounts with ‘admin’ level that can access the back-end.
However, once anyone is logged in, it allows them all to access the back-end area regardless of their access_level
How are you hashing the password field for authentication against the column value in the database? Personally I've not tried to do this (using wordpress) so am not really the person to be giving advice. Maybe someone can step in here and explain how to authenticate your Wordpress users within Wappler and Server Connect....?
OK, but how are you authenticating against the users table in the database? The password is hashed and stored to your database for authentication. I believe the salt for this is inside the config file for your Wordpress install but I maybe wrong, then I'm not sure how Wordpress treats passwords or what algorithm is used to hash them....?
The login seems to work correct because the users on the subscriber side only see their data / client list and information. So that seems to be functioning correctly. The Session realtor_ID that i use in the other database functions pulls up the correct info that is set from the login function.
the problem seems to be that the restrict is not working.
Also, if i put out a basic asp function calling <%=Session(“sec_role”)%> on the page it displays the correct security role for the person i am logging in.
Okay, this worked perfectly setting up the Security Enforcer.
I was able to setup the permissions as ‘admin’ and when i was not logged in with credentials that supplied me with admin security level, it redirected me with an access denied.
So, i need to use this database file and replace it on the sites that I need to use this on?
