Hello every body,
i have to do a news system wich use php/mysql.
i need 3 accounts:
* a 'reader' who doesn't need to log in to read the news
* a 'writer' who can write news in a pending news table
* a 'moderator' which validate a pending news, and make it a regular news,
viewable from the site (by the 'reader')
This is a small web site, so i can't use SSL; and i use php sessions.
Right now, i deal with account from a mysql users point of view, which
means, that a 'reader' can access all the admin part of the site, but will
ger errors when trying to read/write by sql query.
I was wondering if somedody could give me a trick to deny access to the
admin pages. Rigth now, i though about these:
* by decoding mydql rights? (how)
* by doing only-to-test query? (bad i think, especially for write right)
any idea greatly apreciated, thx :)
--
TheDD 10 2833
I don't excatly know what u mean but why won't u njust have some table
like this:
CREATE TABLE Users(
id int( 100 ) NOT NULL AUTO_INCREMENT ,
name varchar(200) NOT NULL default '',
pass text NOT NULL default '',
user_type varchar( 1 ) NOT NULL default '',
UNIQUE (name),
PRIMARY KEY ( id )
) TYPE=MyISAM;
and then u say somethink like:
$user_type = $sql_info[user_type];
if($user_type == 2)
{
//display admin stuff
} elseif($user_type ==1)
{
//display writer stuff
} elseif($user_type ==0)
//display read stuff
}
i dunno but maybe this helps u
On Sat, 11 Oct 2003 15:00:22 +0200, TheDD <pa***@email.com> wrote: Hello every body,
i have to do a news system wich use php/mysql.
i need 3 accounts: * a 'reader' who doesn't need to log in to read the news * a 'writer' who can write news in a pending news table * a 'moderator' which validate a pending news, and make it a regular news, viewable from the site (by the 'reader')
This is a small web site, so i can't use SSL; and i use php sessions.
Right now, i deal with account from a mysql users point of view, which means, that a 'reader' can access all the admin part of the site, but will ger errors when trying to read/write by sql query.
I was wondering if somedody could give me a trick to deny access to the admin pages. Rigth now, i though about these: * by decoding mydql rights? (how) * by doing only-to-test query? (bad i think, especially for write right)
any idea greatly apreciated, thx :)
On Sat, 11 Oct 2003 15:09:11 +0200, warstar wrote: I don't excatly know what u mean but why won't u njust have some table like this: CREATE TABLE Users( id int( 100 ) NOT NULL AUTO_INCREMENT , name varchar(200) NOT NULL default '', pass text NOT NULL default '', user_type varchar( 1 ) NOT NULL default '', UNIQUE (name), PRIMARY KEY ( id ) ) TYPE=MyISAM;
and then u say somethink like:
$user_type = $sql_info[user_type]; if($user_type == 2) { //display admin stuff } elseif($user_type ==1) { //display writer stuff } elseif($user_type ==0) //display read stuff }
i dunno but maybe this helps u
well, several thing:
1/ the problem is that with that kind of table, the rights are logicals,
and the restrictions are hard coded in php, wich is not really great for
the evolution of the web site :/
2/ it's a detail but i don't need personalized account, one account of each
type is enough
thx anyway for your proposition. If i don't find better i might use it :)
--
TheDD
i think u got to have somthink like rights u can also make some think
like this:
CREATE TABLE Users(
id int (10) NOT NULL AUTO_INCREMENT ,
name varchar(200) NOT NULL default '',
pass text NOT NULL default '',
group varchar( 1 ) NOT NULL default '',
UNIQUE (name),
PRIMARY KEY ( id )
) TYPE=MyISAM;
CREATE TABLE Group(
id int( 10) NOT NULL AUTO_INCREMENT ,
news_read int(1) default '0',
news_write int(1) default '0',
news_admin int(1) default '0',
PRIMARY KEY ( id )
) TYPE=MyISAM;
this is best way i think is possible this way u ncan have multiple
account's later on as your site addvances now u just make 3 account.
u can add more right to the group table so later u can say i have a
user part and i want some right's in htere and u add fields like
userarea_read ect.
On Sat, 11 Oct 2003 15:17:48 +0200, TheDD <pa***@email.com> wrote: On Sat, 11 Oct 2003 15:09:11 +0200, warstar wrote:
I don't excatly know what u mean but why won't u njust have some table like this: CREATE TABLE Users( id int( 100 ) NOT NULL AUTO_INCREMENT , name varchar(200) NOT NULL default '', pass text NOT NULL default '', user_type varchar( 1 ) NOT NULL default '', UNIQUE (name), PRIMARY KEY ( id ) ) TYPE=MyISAM;
and then u say somethink like:
$user_type = $sql_info[user_type]; if($user_type == 2) { //display admin stuff } elseif($user_type ==1) { //display writer stuff } elseif($user_type ==0) //display read stuff }
i dunno but maybe this helps u
well, several thing: 1/ the problem is that with that kind of table, the rights are logicals, and the restrictions are hard coded in php, wich is not really great for the evolution of the web site :/ 2/ it's a detail but i don't need personalized account, one account of each type is enough
thx anyway for your proposition. If i don't find better i might use it :)
If you are still stuck, let me know
"TheDD" <pa***@email.com> wrote in message
news:11****************************@40tude.net... Hello every body,
i have to do a news system wich use php/mysql.
i need 3 accounts: * a 'reader' who doesn't need to log in to read the news * a 'writer' who can write news in a pending news table * a 'moderator' which validate a pending news, and make it a regular news, viewable from the site (by the 'reader')
This is a small web site, so i can't use SSL; and i use php sessions.
Right now, i deal with account from a mysql users point of view, which means, that a 'reader' can access all the admin part of the site, but will ger errors when trying to read/write by sql query.
I was wondering if somedody could give me a trick to deny access to the admin pages. Rigth now, i though about these: * by decoding mydql rights? (how) * by doing only-to-test query? (bad i think, especially for write right)
any idea greatly apreciated, thx :)
-- TheDD
On Sat, 11 Oct 2003 22:14:54 GMT, Tesla wrote: If you are still stuck, let me know
well i am, i would like to avoid a table to store the rights like warstar
propose.
--
TheDD
"TheDD" <pa***@email.com> wrote in message
news:11****************************@40tude.net... Hello every body,
i have to do a news system wich use php/mysql.
i need 3 accounts: * a 'reader' who doesn't need to log in to read the news * a 'writer' who can write news in a pending news table * a 'moderator' which validate a pending news, and make it a regular news, viewable from the site (by the 'reader')
This is a small web site, so i can't use SSL; and i use php sessions.
Right now, i deal with account from a mysql users point of view, which means, that a 'reader' can access all the admin part of the site, but will ger errors when trying to read/write by sql query.
I was wondering if somedody could give me a trick to deny access to the admin pages. Rigth now, i though about these: * by decoding mydql rights? (how) * by doing only-to-test query? (bad i think, especially for write right)
No trick needed, you answer your own question...
1) a 'reader' doesn't login (doesn't have username/password) - gets
standard site pages
2) a 'writer' will need to login to add/upload news - gets
writer access site pages
3) a 'moderator' will need to login to review/post news - gets
admin access site pages
so in code (sortof)
<?PHP
if not logged in then display standard site
else if logged in with writer user/password then display writer pages
else if logged in with admin user/password then display admin pages
?>
The writer and admin pages would probably be similar with the admin having
extra stuff that the writer would not see. Keeping the users in the db is
fine as long as you either separate them into two different tables or have a
field that indicates that the user has writer or admin rights. The reader
will not have any entries in the db - no need to check until login attempt.
u got to store it some where text file or some other think i dunno how
to do it a other way
On Sun, 12 Oct 2003 02:37:38 +0200, TheDD <pa***@email.com> wrote: On Sat, 11 Oct 2003 22:14:54 GMT, Tesla wrote:
If you are still stuck, let me know
well i am, i would like to avoid a table to store the rights like warstar propose.
On Sun, 12 Oct 2003 12:37:42 +0200, warstar wrote: On Sun, 12 Oct 2003 02:37:38 +0200, TheDD <pa***@email.com> wrote: On Sat, 11 Oct 2003 22:14:54 GMT, Tesla wrote:
If you are still stuck, let me know
well i am, i would like to avoid a table to store the rights like warstar propose.
u got to store it some where text file or some other think i dunno how to do it a other way
well i was thinking to decode mysql rights (the one shown with 'show grants
for user') and to use that, but it doesn't seem to be possible.
Anyway, another table is really not what i aim, so i think i'm gonna use
hard coded php "if (account) then else"...
Anothe reason for not using a rights table is that it needs another query,
which slow down the page processing...
Thx for your help :)
--
TheDD
it is possible to block the insert stuff yeah but to user the same
rules in the php code don't think that's possible :)
On Sun, 12 Oct 2003 15:59:16 +0200, TheDD <pa***@email.com> wrote: On Sun, 12 Oct 2003 12:37:42 +0200, warstar wrote: On Sun, 12 Oct 2003 02:37:38 +0200, TheDD <pa***@email.com> wrote: On Sat, 11 Oct 2003 22:14:54 GMT, Tesla wrote: If you are still stuck, let me know well i am, i would like to avoid a table to store the rights like warstar propose.
u got to store it some where text file or some other think i dunno how to do it a other way
well i was thinking to decode mysql rights (the one shown with 'show grants for user') and to use that, but it doesn't seem to be possible.
Anyway, another table is really not what i aim, so i think i'm gonna use hard coded php "if (account) then else"...
Anothe reason for not using a rights table is that it needs another query, which slow down the page processing...
Thx for your help :)
On Sun, 12 Oct 2003 15:59:16 +0200, TheDD <pa***@email.com> pixelated: On Sun, 12 Oct 2003 12:37:42 +0200, warstar wrote:
Anothe reason for not using a rights table is that it needs another query, which slow down the page processing...
Thx for your help :)
How about putting admin files in another directory and using
a .htaccess file to password protect it? Only the moderator
with the password gets to use those pages. That's how I put
client data up on my site to show them first drafts, etc. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: XP |
last post by:
I am having problems with the blow page. I have a login page where I
enter the userid and password. This then connects to this page. If I
enter the userid and password correctly, it prints...
|
by: nicholas |
last post by:
Hi,
Got an asp.net application and I use the "forms" authentication mode defined
in the web.config file.
Everything works fine.
But now I would like to add a second, different login page for...
|
by: pv |
last post by:
Hi everyone,
I need help with following scenario, please:
Users are accessing same web server from intranet (users previously
authenticated in Active Dir) and from extranet (common public...
|
by: Tim Cartwright |
last post by:
I have a page that has the login control on it, nothing else. This page inherits from a master page, neither page has any code in it. This page works perfectly when running on the WebDev debug web...
|
by: Bruce |
last post by:
I just started the design of an ASP.NET application which accesses one of
our custom web services to provide user authentication, among other
purposes.
I created a log-in page (code below),...
| |
by: Jakob Lithner |
last post by:
When I started a new ASP project I was eager to use the login facilities
offered in Framework 2.0/VS 2005.
I wanted:
- A custom principal that could hold my integer UserID from the database
-...
|
by: Sasquatch |
last post by:
I'm still having trouble creating a simple login page using the
asp:login
control. I followed some instructions in a WROX book, "Beginning
ASP.NET 2.0," and the instructions are very straight...
|
by: muder |
last post by:
I have a standard Login ASP.NET 2.0 control on a login Page, a LoginName and LoginStatus controls on the member's page.
once the user login successfully I am redirecting the user to Member.aspx...
|
by: AppleBag |
last post by:
I'm having the worst time trying to login to myspace through code. Can
someone tell me how to do this? Please try it yourself before replying,
only because I have asked this a couple of times in...
|
by: sandari |
last post by:
The following code (web.config in Visual Studio 2005) is supposed to redirect a user to the appropriate Form depending on their role.
However, regardless of the user's role, the only page...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
| |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
| |