Re: [phplib] User-groups From: Kirk Ismay (captain <email protected>)
Date: 08/02/00

Luke Sturgess wrote:
>
> Hi
>
> I am really struggling to get the necessary functionality from PHPLib.
>
> My problem is access permissions. Having just 31 permissions is just not
> enough since I will be creating many different web-site areas (resources)
> each of which I need to assign a different administrator who will be able
> to add users who only have access to that resource.
>
> I have seen 1 or 2 attempts by people to add a user group functonality to
> PHPLib but nothing which seems to be approved by others. I'm sure this is a
> very common problem which people must have - does anyone have any solution,
> or are then any plans to extend PHPLib to have a usergroup class?
>
> Much appreciation for any advice
>
> Luke

PHPLib is extensible and flexible. There are many ways around this
problem. You could for instance add an extra field to the user table,
identifing which resource the user is allowed to admin. For the purposes
of example, we'll call that field "resource". Then extend auth as
follows:

/*Note: there is also code in here that demonstrates using encrypted
passwords in the database.*/

  function auth_validatelogin() {
    global $username, $password;

    if(isset($username)) {
      $this->auth["uname"] = $username; ## This provides access
for "loginform.ihtml"
    }
        
    $uid = false;
    
    $this->db->query(sprintf("SELECT user_id, perms, resource,
crypt_password ".
                             " FROM %s ".
                             " WHERE username = '%s' ".
                             " AND status = 2",
 $this->database_table,
                             addslashes($username)));

    if ($this->db->next_record()) {
      $uid = $this->db->f('user_id');
      $pass = $this->db->f('crypt_password');
      $crypted = crypt ($password, substr($pass, 0, 2));
      if ($crypted == $pass) {
        $this->auth["perm"] = $this->db->f("perms");
        $this->auth["resource"] = $this->db->f("resource");
        return $uid;
      } else {
        return FALSE;
      }
    }
/* End of auth_validatelogin () */

Then on the protected page, you add checks for both admin status and the
resource check:

if (($perm->have_perm("resource_admin")) && ($auth->["resource"] ==
'foo')) {

... Display Special Admin Features ...

} else {

... Show user only or access denied message ...

}

This sort of approach would let you designate ceratain users as resource
admins, and they'd only be able to admin a resource they'd been assigned
to. PHPlib provides basic core functionality, if you have a special
case, you can *easily* extend PHPlib to handle it.

There are of course other solutions, I leave it to you to find the one
that suits your needs. 

-- 
Sincerely, Kirk Ismay
________________________________________________________________________
The Net Idea Telecommunications Inc	       Support: tech <email protected>
101-625 Front Street,			       Sales:  sales <email protected>
Nelson BC, V1L 4B6
Phone: 352-3512 Fax: 352-9780		 Open Monday to Friday 9:30-5:30
Toll Free: 1-888-246-4222		    10:00 - 4:00 on Saturdays
________________________________________________________________________

---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>