PHP Login

I’ve posted this elsewhere http://tinyurl.com/cb6763k without
resolution so I’m trying here.

I’m using a MODX Add-on that provides front-end password protection of
individual pages (or groups of pages).

When I preview a protected page from within the application Manager it
works as expected. However, if I manually type the protected url (or
copy/paste it) into any browser it throws a 503 error in the webpage
with a 404 error in the page title at the top of the browser window.

Is there anything obvious in the code that would cause this to happen?
It was suggested in the above thread that the add-on might be causing an
E_NOTICE error.

Todd

<?php

// Get and/or set the default plugin properties
$tvPassword = 
$modx->getOption('tvPassword',$scriptProperties,'pagePassword');
$tvPasswordGroup = 
$modx->getOption('tvPasswordGroup',$scriptProperties,'pagePasswordGroup');
$formResourceID = $modx->getOption('formResourceID', $scriptProperties);


// Get the password and password group values from the page's template 
variables
$resourcePW = $modx->resource->getTVValue($tvPassword);
$resourceGroup = $modx->resource->getTVValue($tvPasswordGroup);

if ((!empty($resourcePW)) && (!empty($formResourceID))) { // Is this 
page password-protected, and is the form page set in the properties?

   // Set additional defaults
   $userPW = '';
   if (empty($resourceGroup)) { $resourceGroup = 0; } // If not set, set 
a default password group of 0

   // Get the password submitted by the user
   $userPW = filter_var($_POST['password'], FILTER_SANITIZE_STRING);

   if (!empty($userPW)) { // Was the form submitted?
     if ($userPW == $resourcePW) { // Does the submitted password match 
the page's password?

       // If so, set the logged in and groups session
       $_SESSION['loggedin'] = 1;
       $groups = $modx->fromJSON($_SESSION['groups']);
       $groups[] = $resourceGroup;
       $groupsJSON = $modx->toJSON($groups);
       $_SESSION['groups'] = $groupsJSON;
     }
     else { // Doesn't match. Back to the form!
       $modx->sendForward($formResourceID);
     }
   }
   else { // Form wasn't submitted, so check for logged in and groups 
sessions
     if (!isset($_SESSION['loggedin'])) {
       $modx->sendForward($formResourceID); // Not logged in. Back to 
the form!
     }
     else {
       $groups = $modx->fromJSON($_SESSION['groups']);
       if (!in_array($resourceGroup, $groups)) {
     $modx->sendForward($formResourceID); // Logged in, but your group 
doesn't match. Back to the form!
       }
     }
   }
}

dynamo mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

A notice error won’t stop the page from displaying. A 503 comes from Apache, where it means that something in the PHP isn’t sitting right with httpd. Those first two lines don’t look like legal PHP syntax, if this is a copy and paste, then I don’t think you can end a line in an = sign. Try removing the line-break after the = and see if it works then. If you have TextMate, try validating the page (which will run it through the PHP command-line) for errors.

Walter


dynamo mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

waltd wrote:

Try removing the line-break after the = and see if it works then.
No change. Though oddly it woks intermittently in Safari but falls
face-down in every other browser.

Todd


dynamo mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Turns out it was an E-NOTICE error caused by this line

$userPW = filter_var($_POST['password'], FILTER_SANITIZE_STRING);

at least that’s what I was told. In any case it’s working.

Todd
http://xiiro.com


dynamo mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options