User level authentication with SecurityAssist

1. Dreamweaver CS4 or higher.
   
2. Data Bridge (alternatively, SecurityAssist) installed and activated in Dreamweaver.
   
3. Site defined in Dreamweaver - Watch video tutorial: Setting up a site in Dreamweaver.
   
4. Connection in Dreamweaver to your database. For assistance, view this tutorial: Create a PHP database connection.
   
5. PHP sample files for use in this tutorial: PHP_Start.zip
   
6. Blue Sky Music database to use with this tutorial: blue_sky_music.sql

With your site defined in Dreamweaver and a connection to the blue_sky_music database, you are ready to define your user access levels.

1. Open the Visitors_login page from the Dreamweaver Files panel.
   
   
   
   
   
   
   
   
2. In the Server Behaviors panel, double-click to open the SecurityAssist Authenticate User server behavior.
   
   
   
   
   
3. In the General tab of the Authenticate User wizard, for Trigger, choose any form post.
   
   
4. Check the boxes for both Pass original query string on redirect and Go to previous URL (if it exists).
   
   
5. For If log in succeeds go to, click the folder icon and select index.php.
   
   
6. For If log in fails go to, click the folder icon and select AccessDenied.php.
   
   
   
   
   
7. Proceed to the Database tab where you can select the database connection and visitors table.
   
   
8. Using the Add icon, add VisitorUserName and VisitorPassword from Add Selected To List.
   
   
9. For each column, click the Value lightening bolt to set the source of the data to be authenticated for the selected column.
   
   
   
   
   
10. In the Session Values tab, click the Add icon to select the userLevel database column from Add Selected To List.
    
    
11. For Session name, select userLevel from the menu.
    
    
12. Click OK.
    
    
    
    
    
13. Save your page (Ctrl or Cmd + S).

With your new database column stored in a session variable, the next step is to create the necessary access rules.

1. From the WebAssist menu, select SecurityAssist.
   
   
   
   
   
2. Choose Access Rules Manager and click the Add icon.
   
   
   
   
   
3. In the Name field for this rule, enter Administrator.
   
   
4. Click the Add icon under Conditions.
   
   
5. Make sure the Allow option is selected.
   
   
6. Choose the Value lightning bolt.
   
   
   
   
   
7. In the Dynamic Data window, expand the session group.
   
   
8. Select the userLevel session variable.
   
   
9. Click OK.
   
   
   
   
   
10. From the Criteria menu list, make sure the equals (=) sign is selected.
    
    
11. Enter 3 in the Compare to text field.
    
    
12. Click OK.
    
    
    

Now with your Administrator user level specified as 3, you need to create two other user levels for Power users and Visitors.

1. In the Access Rules Manager, choose the Add icon.
   
   
   
   
   
2. In the Name field enter Power users.
   
   
3. Under Conditions, choose the Add icon.
   
   
4. Make sure the Allow option is selected.
   
   
5. Select the Value lightning bolt.
   
   
   
   
   
6. In the Dynamic Data window, expand the session group.
   
   
7. Select the userLevel session variable.
   
   
8. Click OK.
   
   
   
   
   
9. From the criteria menu list, select the equals (=) sign.
   
   
10. Enter 2 in the Compare to text field.
    
    
11. Click OK.
    
    
    

Now that the Power user access level is defined, the next step is to configure the Visitors level.

1. Choose Add from the Access Rules Manager
   
   
   
   
   
2. Enter Visitors in the Name field.
   
   
3. Select the Add icon under Conditions.
   
   
4. Make sure the Allow option is selected.
   
   
5. Choose the Value lightning bolt.
   
   
   
   
   
6. Select the userLevel session variable.
   
   
7. Click OK.
   
   
   
   
   
8. From the criteria menu list, select the equals (=) sign.
   
   
9. Enter 1 in the Compare to text field.
   
   
10. Click OK.
    
    
    
    
    
11. Click OK again to close the Access Rules Manager.

Now that you have defined the access levels for this site, the next step will show you how to apply the rule to the login page.

1. From the WebAssist option in the Menu bar, select SecurityAssist.
   
   
   
   
   
2. Choose Access Pages Manager.

First choose the pages you only want Administrators to access.

1. Select the visitors_Update page.
   
   
2. Choose Administrator from the menu list.
   
   
3. Select the browse for file icon for If access denied, go to.
   
   
4. Select the AccessDenied page.
   
   
5. Click OK.
   
   
   

Repeat this process for the visitors_Insert page.

1. Select visitors_Insert.
   
   
2. Choose Administrator from the menu list.
   
   
3. Select the browse for file icon for the access denied redirect.
   
   
4. Select AccessDenied.
   
   
5. Click OK.
   
   
   

With these settings, only Administrators will be able to modify or add new users.

This next step will show you how you can create groups containing multiple user levels. By following this example, you are going to give Administrators and Power users access to add new products to your site in the items_Insert page.

1. First, close all pages that are currently open in Dreamweaver to avoid receiving an error when applying your changes.
   
   
2. From the Files panel, open the index page.
   
   
   
   
   
3. From WebAssist in the menu bar, select SecurityAssist.
   
   
   
   
   
4. Choose the Access Rules Manager.
   
   
5. Click the Add icon to create a new access rule.
   
   
   
   
   
6. In the name field enter Power Users and Admins.
   
   
7. Select the Add icon under Conditions.
   
   
8. Make sure the Allow radio button is selected.
   
   
9. Choose the Value lightning bolt.
   
   
   
   
   
10. In the Dynamic Data window, select the userLevel session variable.
    
    
11. Click OK.
    
    
    
    
    
12. From the Criteria menu list, select In group.
    
    When In group is selected, Select a group name appears in the Compare to menu list.
    
    
13. Select the Access Rules button.
    
    
    
    
    
14. In the Access Group Manager, click the Add icon.
    
    
    
    
    
15. In the Name field enter Power Users and Admins.
    
    
16. Select the Add icon under Group Members.
    
    
17. In the Member field, enter 2 to represent the Power users.
    
    
18. Click the Add icon.
    
    
19. Enter 3 to represent the Administrators.
    
    
20. Click OK.
    
    
    
    
    
21. Click OK to close the Access Groups Manager.
    
    
22. In the Access Rules Manager, select the Power Users and Admins group from the Compare to menu list.
    
    
23. Click OK.
    
    
    
    
    
24. Click OK one last time to close the Access Rules Manager.

You have now successfully created a group access rule. Now apply this access rule to your Items_Insert page.

1. From the WebAssist menu, select SecurityAssist.
   
   
   
   
   
2. Choose the Access Pages Manager.
   
   
3. Select items_Insert.
   
   
4. From the menu list, select the Power Users and Admins group.
   
   
5. Select the browse for file icon for if access is denied.
   
   
6. Choose the AccessDenied page.
   
   
7. Click OK.
   
   
   
   
   
8. Click OK to close the Access Pages Manager.

You have now successfully completed configuring user level authentication for specific types of users, as well as for groups.

Now you will want to test your site to ensure that the user level authentication is working properly.

1. With the index page open in Dreamweaver, go to File > Preview in Browser to open this page in your default browser.
   
   
   
   
   
2. To log in as a Visitor, select LOGIN from the top navigation.
   
   
3. Enter Visitor in the username field and visitor123 in the password field.
   
   
4. Click Log In.
   
   
   
   
   
5. Attempt to add a new user to the database by clicking ADD USERS in the top navigation.
   
   
6. You are redirected to the AccessDenied page because logged in as Visitor, you are not authorized to add new users.
   
   
7. Log Out.
   
   
   
   
   
8. To log in as Administrator, select LOGIN from the top navigation.
   
   
9. In the username field, enter Administrator.
   
   
10. Enter admin123 for the password.
    
    
11. Click Log In.
    
    
    
    
    
12. Now click on ADD USERS from the top navigation.
    
    
13. Because you are logged in as Administrator, you can access this page.
    
    
    

The next step will show you how to set up a slightly more complicated but very useful type of user level access. In this example, you are going to provide the Power Users and Admins group access to update user accounts on your site. However, by using the SecurityAssist Show Region Behavior, you can prevent Power users from being able to modify the user level, leaving this to be a setting that can only be changed by Administrators.

First, modify the user access for the Visitors_Update page to allow access to Power Users and Administrators.

1. From the WebAssist menu, choose SecurityAssist.
   
   
2. Select Access Pages Manager.
   
   
3. After the Access Pages Manager loads, select the Visitors_Update page.
   
   
4. From the menu list, change Administrator to Power Users and Admins.
   
   
5. Click OK.
   
   
   
   
   
6. Open the visitors_Update page from the Files Panel.
   
   
   
   
   
7. Click once in the User Level menu list and select the entire row by clicking the <tr> tag.
   
   
   
   
   
8. From the Server Behaviors panel, choose the Add icon.
   
   
   
   
   
9. Select WebAssist > SecurityAssist > Show Region.
   
   
10. Choose Administrator from the Rule menu list.
    
    
11. Click OK.
    
    
    

Since you are not displaying the user level menu on the update page for Power Users, you need to create a hidden field on your update page that is loaded in its place. This will ensure that the correct value for userlLevel is still passed to the server when you select update.

1. Click once on the User Level menu list.
   
   
2. From the Property Inspector, highlight the name for the User Level form.
   
   
3. Copy this name (Ctrl or Cmd + C).
   
   
   
   
   
4. Place your cursor on a blank space in your page, outside of any preexisting form field.
   
   
5. From the Forms category of the Insert toolbar, select the hidden field option.
   
   
   
   
   
6. In the Property Inspector, place your cursor in the name field for this form field.
   
   
7. Paste the form name you copied earlier (Ctrl or Cmd + V ).
   
   
   

Now that your hidden form element has the same name as the User Level menu list, you need to bind this form element to the user level value in your database.

1. Click once on the Value lightning bolt.
   
   
   
   
   
2. In the Dynamic Data window, expand the WADAVisitors recordset.
   
   
3. Select userLevel.
   
   
4. Click OK.
   
   
   

Next, you need to create a show region for this form element so that it is included on the update page.

1. Click once to select the hidden form element you created.
   
   
2. From the Server Behaviors panel, click the Add icon.
   
   
   
   
   
3. Select WebAssist > SecurityAssist > Show Region.
   
   
4. In the Show Region dialog box, select Power Users.
   
   
5. Click OK.
   
   
   

Now you will want to test your site to ensure that the group access rules are working properly.

1. First, log in with the Power User account already created.
   
   
2. In the username field, enter PowerUser.
   
   
3. In the password field, enter puser123.
   
   
4. Click Log In.
   
   
   

Now that you are logged in as a power user, try and update information for a current user.

1. From the top navigation, select SEARCH USERS.
   
   
2. Choose Search.
   
   
   
   
   
3. Select the update option for Terry Jones.
   
   
   
   
   
4. Notice now that on the Update page the User Level field is missing.
   
   
   
   
   
5. Click Log out.

Now log in as an Administrator to ensure that this option is available to Administrators.

1. Select Login from the top navigation.
   
   
2. Enter Administrator in the username field.
   
   
3. Enter admin123 in the password field.
   
   
4. Log In.
   
   
   
   
   
5. Choose SEARCH USERS from the top navigation.
   
   
6. Click Search.
   
   
   
   
   
7. Select the update option for Terry Jones.
   
   
   
   
   
8. Notice this time, since you are logged in as Administrator, the User Level field is visible.
   
   
   

This concludes the user level authentication with SecurityAssist web development tutorial. Please check our Community Forums for more help with SecurityAssist or any other WebAssist extensions.

Comments will be sent to the author of this tutorial and may not be answered immediately. For general help from WebAssist, please visit technical support.

Sign in to add comments