Re: [phplib] how to deal with 2-level authentication (eg: persons an d roles) From: Jesse Swensen (swensenj <email protected>)
Date: 09/04/00

Just a quick thought. Have you looked at the User class? This class
provides similar benefits as Session (in fact it is a session) except they
will never expire and are based on the user id not the session id. I can
imagine a complex class that would handle some sort of site to role mapping
for each user.

My $0.02 worth... 

-- 
Jesse Swensen
swensenj <email protected>

> From: "Nebbe, Joelle" <Joelle.Nebbe <email protected>>
> Date: Mon, 4 Sep 2000 14:06:59 +0100
> To: phplib <email protected>
> Subject: [phplib] how to deal with 2-level authentication (eg: persons an d
> roles)
> 
> Hello all
> 
> I have been twisting that problem in my mind trying to find an easy
> and as user-friendly as possible. I'm a bit tangled in it, trying to
> figure out the best way to do this.
> 
> It's about an elegant way to have both site-wide authentication and
> permission as well as subsite-level "roles". I'm sure others have
> solved that one before.
> 
> It's not as much a technical question as a planning/conception
> question... I'll Try to describe it clearly but not in too much detail...
> 
> We have a couple of sites which cover different regions but offer
> very similar functionality, plus a few thematic sites of general interest.
> 
> As part of the redesign of those sites I have started using phplib
> to offer sessions & authentication. The sessions on the different sites
> are all stored in the same database with different names, and the
> user authentication system is shared (so a customer registers once
> and can log in with the same userid and password on all our sites).
> 
> The registration would be non compulsory except for all the "participatory"
> parts (keep people accountable for what they post to the forums, for
> example)
> and we would also use it to offer personalization.
> 
> No problem up to here, done it before.
> 
> Those different sites also have subsites incl. web applications, such as
> forums, sites for associations and clubs and events etc. where I need to
> keep track and verify user access level - to separate it from the user
> authentication which is site wide I will call it user roles. A user could
> be the owner of a sports club subsite, a member of another association's
> website, an editor on a third, and a visitor on all others.
> 
> A user will typically come to a site because they got a link and the guest
> password from the owner, and are probably not a registered user. We don't
> want to force them to register (until they want to use any of the special
> features like edit site or post comment, that is)
> 
> I considered using extended auth/user classes for that, but I gave up as I
> could not quite see how to elegantly combine both authentication and roles.
> I assume I will just store and check roles through a database (either the
> main user/session database or the separate application specific database)
> using extra bits of code on top of the phplib session and authentication
> system, register that information with the session in an array (
> $roles["wedding123"]="member") and, in the case of a registered user
> (or if the user registers later in the session), also store their roles
> in a permanent way so it can be retrieved the next time the user
> authenticates...
> 
> I just keep getting confused by what to put where and how exactly to proceed
> with those 2 different and independant schemes (a user can have logged in as
> 
> a member of an asociation site but not be an authentified user etc.)
> 
> I'm sure there's a simple elegant way I don't see, and I'm sure some of you
> have pondered that situation before...
> 
> thanks for pointers, suggestions
> 
> Joelle Nebbe
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> _______________________________________________________________________
> Any opinions expressed in the email are those of the individual and not
> necessarily the company. This email and any files transmitted with it
> are confidential and solely for the use of the intended recipient.
> 
> If you are not the intended recipient or the person responsible for
> delivering to the intended recipient, be advised that you have received
> this email in error and that any use is strictly prohibited.
> 
> If you have received this email in error please notify the IT manager
> by telephone on 0113 243 2701
> _______________________________________________________________________
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: phplib-unsubscribe <email protected>
> For additional commands, e-mail: phplib-help <email protected>
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>