Single signon breaks security filtering

This topic is locked

Single signon breaks security filtering	2/1/2010 11:22:28 PM
PHPRunner General questions
A anicewick author I added the following code to my BeginProcessLogin function BeforeProcessLogin(&$conn) { if ($_SERVER["REMOTE_USER"]) { $_SESSION["UserID"] = $_SERVER["REMOTE_USER"]; $_SESSION["AccessLevel"] = ACCESS_LEVEL_USER; header("Location: vulnerabilities_list.php"); exit(); } ; When this code is in place, single signon works fine, However, I have Security filtering that stops working and therefore the users see no data .. I looked at the generated SQL, and the predicate when signle signon is on says where system_id = '' when I take off single sign on (remove the lines above) the query ends with where system_id = 12 Where 12 is the users active_system_id. Note that in the security menu, I have the "Users can see and edit there own data only" set, and the system_id is set to match the users active_system_id system .. Again, security filtering works fine, when I take out the SSO lines Adding SSO back in seems to kill the security filtering.


J	Jane 2/2/2010
	Arthur, you need to select system_id value from users table manually in your event and assign it to the PHPRunner session variable. Here is the list of all PHPRunner session variables: http://xlinesoft.com/phprunner/docs/phprunner_session_variables.htm Here is a sample code: `global $dal; if ($_SERVER["REMOTE_USER"]) { $rstmp = $dal->UsersTableName->Query("UserName='".$_SERVER["REMOTE_USER"]."'",""); $datatmp = db_fetch_array($rstmp); $_SESSION["UserID"] = $_SERVER["REMOTE_USER"]; $_SESSION["AccessLevel"] = ACCESS_LEVEL_USER; $_SESSION["_vulnerabilities_OwnerID"] = $datatmp["system_id"]; header("Location: vulnerabilities_list.php"); exit(); }`