[phplib] how to deal with 2-level authentication (eg: persons an d roles) From: Nebbe, Joelle (Joelle.Nebbe <email protected>)
Date: 09/04/00

Hello all

I have been twisting that problem in my mind trying to find an easy
and as user-friendly as possible. I'm a bit tangled in it, trying to
figure out the best way to do this.

It's about an elegant way to have both site-wide authentication and
permission as well as subsite-level "roles". I'm sure others have
solved that one before.

It's not as much a technical question as a planning/conception
question... I'll Try to describe it clearly but not in too much detail...

We have a couple of sites which cover different regions but offer
very similar functionality, plus a few thematic sites of general interest.

As part of the redesign of those sites I have started using phplib
to offer sessions & authentication. The sessions on the different sites
are all stored in the same database with different names, and the
user authentication system is shared (so a customer registers once
and can log in with the same userid and password on all our sites).

The registration would be non compulsory except for all the "participatory"
parts (keep people accountable for what they post to the forums, for
example)
and we would also use it to offer personalization.

No problem up to here, done it before.

Those different sites also have subsites incl. web applications, such as
forums, sites for associations and clubs and events etc. where I need to
keep track and verify user access level - to separate it from the user
authentication which is site wide I will call it user roles. A user could
be the owner of a sports club subsite, a member of another association's
website, an editor on a third, and a visitor on all others.

A user will typically come to a site because they got a link and the guest
password from the owner, and are probably not a registered user. We don't
want to force them to register (until they want to use any of the special
features like edit site or post comment, that is)

I considered using extended auth/user classes for that, but I gave up as I
could not quite see how to elegantly combine both authentication and roles.
I assume I will just store and check roles through a database (either the
main user/session database or the separate application specific database)
using extra bits of code on top of the phplib session and authentication
system, register that information with the session in an array (
$roles["wedding123"]="member") and, in the case of a registered user
(or if the user registers later in the session), also store their roles
in a permanent way so it can be retrieved the next time the user
authenticates...

I just keep getting confused by what to put where and how exactly to proceed
with those 2 different and independant schemes (a user can have logged in as

a member of an asociation site but not be an authentified user etc.)

I'm sure there's a simple elegant way I don't see, and I'm sure some of you
have pondered that situation before...

thanks for pointers, suggestions

Joelle Nebbe

  

_______________________________________________________________________
Any opinions expressed in the email are those of the individual and not
necessarily the company. This email and any files transmitted with it
are confidential and solely for the use of the intended recipient.

If you are not the intended recipient or the person responsible for
delivering to the intended recipient, be advised that you have received
this email in error and that any use is strictly prohibited.

If you have received this email in error please notify the IT manager
by telephone on 0113 243 2701
_______________________________________________________________________

---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>