RE: [phplib] how to deal with 2-level authentication (eg: persons an d roles) From: Nebbe, Joelle (Joelle.Nebbe <email protected>)
Date: 09/04/00

Indeed I have looked at the User class, I tried to
extend user, and have generic "role" users before people
have registered, or create a session extension
for "roles"

My conclusions about user was:

1. I don't understand it well enough - somehow I am
confused as to how I could use it.

2. It needs auth, no? Which means I must force my users
to register/log in. I would prefer to avoid that if I could,
and *that* choice is really what is causing my problems in
developing this system. If I forced them to register I'd have
a lot fewer cases, a lot less code etc.

But my thinking went that way:

If I, as an user, put a page up for my motorcycle
club, or my wedding gift list, or any other semi-
private page/data, and I email the info how to get
to it (URL, guest password) to all my friends I
might be annoyed that my friends are forced to register
to even see it - it's normal to ask them to register
before they can post anthing or tick a gift or any other
action, but they should be allowed to browse without
registering. I know that I usually hesitate to register,
even when the information required is minimal...

So users can be registered and logged in or not, and
they can have a valid role for subsites or not... It makes
for too many possible coombinations, and 2 different kinds
of requirements.

I have an user table with structured information. I first
thought I would create generic dummy "guest" users for each
subsite and role, but that is really inelegant so I thought
it a a much better idea to have a list of roles in a roles table
(linked to site_id, subsite_type and subsite_id) containing
role_username, role_password and permission...

If a user is registered and logged in user my app can search
the roles table for all subsites he has a role in, register that in
the session to give him automatic access, a customized section on
the homepage etc. If he adds a role (enters a role ID and password)
the system will remember it.

If an unregistered user gives a subsite role-username and password
I can also register it in the session, and he has access for this
subsite for the whole duration of the session except the actions
that require *both* a valid role and person authentication.

But it makes for a lot of cases, and a lot of inelegant code...
I am confused - been thinking in circles around it. Can't help
thinking there *is* a intelligent way to do it. Many portal-style
sites must face that question, no?

Maybe I will just force people to register. Then I would be able
to use either perm or user...

Joelle Nebbe

> -----Original Message-----
> From: Jesse Swensen [mailto:swensenj <email protected>]
> Sent: Monday, September 04, 2000 10:00 AM
> To: Nebbe, Joelle; phplib <email protected>
> Subject: Re: [phplib] how to deal with 2-level authentication (eg:
> persons an d roles)
>
>
> Just a quick thought. Have you looked at the User class? This class
> provides similar benefits as Session (in fact it is a
> session) except they
> will never expire and are based on the user id not the
> session id. I can
> imagine a complex class that would handle some sort of site
> to role mapping
> for each user.

_______________________________________________________________________
Any opinions expressed in the email are those of the individual and not
necessarily the company. This email and any files transmitted with it
are confidential and solely for the use of the intended recipient.

If you are not the intended recipient or the person responsible for
delivering to the intended recipient, be advised that you have received
this email in error and that any use is strictly prohibited.

If you have received this email in error please notify the IT manager
by telephone on 0113 243 2701
_______________________________________________________________________

---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>