Problem with security enforcer

Wappler General How To
#1

Hi,

I am currently having a problem with security enforcer when I set it to an level other than “any”.

I get an error 500.

See my setup.

Database

image
image.png749×47 2.46 KB

User & Permissions

image
image.png749×551 16.8 KB

image
image.png750×546 16.8 KB

Security Enforcer
image

Server error on load

image
image.png701×131 4.78 KB

If I change the select value from admin to any in the required permission dropdown list on the Security Enforcer, the page loads successfully.

Can you see anything that I may be setting incorrectly?

Thanks
Ray

#2

Is anyone else using security enforcer with required permissions other than “Any”?

#3

Hi @raymantle !

I use security enforcer primarily with admin. I have not used it with any as of yet.

While I have not set mine up with multiple conditions, that may be the issue. Have you tried removing the intStatus from the condition list and running it to see if only having intAccessLevel as the condition will work? (I am just guessing here…)

Also, it might be helpful to know more about the 500 error, could you follow the steps here Debugging Problems and see if any additional information about the error can be generated?

#4

I am having problems as well. When adding Security Enforcer to a page it shows:
" Fatal error : Call to a member function restrict() on null in /usr/home/makkumercourant.nl/htdocs/dmxConnectLib/modules/auth.php on line 64

Fatal error : Uncaught exception ‘ErrorException’ with message ‘Cannot modify header information - headers already sent by (output started at /usr/home/makkumercourant.nl/htdocs/dmxConnectLib/modules/auth.php:64)’ in /usr/home/makkumercourant.nl/htdocs/dmxConnectLib/dmxConnect.php:43 Stack trace: #0 [internal function]: exception_error_handler(2, ‘Cannot modify h…’, ‘/usr/home/makku…’, 43, Array) #1 /usr/home/makkumercourant.nl/htdocs/dmxConnectLib/dmxConnect.php(43): header(‘HTTP/1.1 500 In…’) #2 [internal function]: fatal_handler() #3 {main} thrown in /usr/home/makkumercourant.nl/htdocs/dmxConnectLib/dmxConnect.php on line 43"

I checked with other (running) projects and the code is the same (just other dbase)

<?php
require('../dmxConnectLib/dmxConnect.php');

$app = new \lib\App();

$app->exec(<<<'JSON'
{
	"steps": [
		"Connections/mkmcourant",
		"SecurityProviders/sitesecurity",
		{
			"module": "auth",
			"action": "restrict",
			"options": {"loginUrl":"index.php","forbiddenUrl":"index.php","provider":"sitesecurity"}
		}
	]
}
JSON
, TRUE);
?>

When deleting “module”: “auth”, the error will disappear, but so will the security of the page. :cry:

#5

What do you have on your page, please switch to code view, scroll to the top and make a screenshot.

#6

enforcer1
enforcer1.jpg1139×779 455 KB

#7

Ok, what else do you have on that page? Can you make a screenshot of the rest in code view?

#8

Ok, the Original page is 300 lines of code, so I made a new testpage.
Same error. Full code in image

enforcer2
enforcer2.jpg1148×863 378 KB

#9

So you get the same error there?

#11

Yes, I do.https://www.makkumercourant.nl/content/testpage.php

#12

This error is caused by some missing step in the server action. The restrict cannot find the security provider step.
Please double check all the steps and make sure everything is properly selected in the UI.

#14

Could it be that in:
Server Actions > Security Provider the name is siteSecurity
but when applying Security Provider Enforcer I can only select sitesecurity (without capital S)?

#15

It could be, have you probably renamed it and then forgot to link/select it again in the steps?

#16

Totally redid it without capital S. That seems to have done it.
Now I will have to redo-redo-redo the login part as the login page does not redirect.
Never mind, I will keep searching and find the cause of this.
Thanks for the help.

#17
#18