VIDEO: Bug Server Connect form dynamic event "Forbidden" does not work


#1

VIDEO: Bug , Server Connect form dynamic event “Forbidden” does not work

bug-forbidden.mp4 (89.9 MB)

Sorry for the length,

Russ


#2

2 quick things i see wrong after viewing your video

first one, on your file sitesecurity.php click on the Server Connect Form: form1
Your Unauthorised alert is not starting with browser1.alert(‘No User Found’) but is rather just saying ‘No User Found’

second one, in your Users & Permissions panel you set
Admin - members - id CONDITIONS permissions_fk - in - 3,4 Thats perfect
But then for Editors and users in your condition you have an = operator and not the in operator as you should because you have given a comma separated list of values to check against.

Maybe an idea to post the code for just your sitesecurity.php file too please.


#3

Hi @medleyr3,
I think you are just confusing the two things.

The statuses (events) returned by the server action have nothing to do with the restrictions set on the page you redirect your users to. The log in action is global for your site, not per page.

What i mean is - your server action is not firing an unauthorized alert, as it returns a “success” event. When a user logs in successfully it will always return as success event. The login action doesn’t know where user is going and what are the restrictions on this page - it runs on the server, then compares the entered data with the data in your database and does the log in.

Then you redirect users to another page. There, the page restrict script checks the permissions for the page and compares them with the logged user data.

Your log in action won’t run any kind of unauthorized event for such an event (log users in).