[phplib] HOPT - HandlingOfPageTransitions (tm) From: Dennis Gearon (gearond <email protected>)
Date: 09/07/00

     I am not happy with how the demo for PHPLIB works. It seems to be
able to be broken by going to the 'defauth.php3' page without auth
first. So I am exploring the problem. I still have to figure out why
names are given to sessions, but I'll get there. There is lots of good
code in this and I am studying it!

     Anyway, a fairly comprehensive, mathematical description of the
scope of page transition possibilities follows.

-----------------------------------------------------------------------------------
1/ The premise is;
      DesiredHandlingOfTransition =
array[PossibleUserStatuses][PossiblePageXitions]

2/ [PossibleUserStatus] = the total combinations of:
      User's Session is -------> None, Expired, Valid (0,E,1)
      User's Authorization is -> None, Expired, Valid (0,E,1) <relative
to pg req'd>
      User's Permissions are---> None, Expired, Valid (0,E,1) <relative
to pg req'd>

      [PossibleUserStatuses] = [27] possiblities

3/ [PossiblePageXitions] = the total combinations of:
      EnteringSessionRequiredPage = True, False (0,1)
      LeavingSessionRequiredPage = True, False (0,1)
      EnteringAuthorizationRequiredPage = True, False (0,1)
      LeavingAuthorizationRequiredPage = True, False (0,1)
      EnteringPermissionRequiredPage = True, False (0,1)
      LeavingPermissionRequiredPage = True, False (0,1)

      [PossibleUserStatuses] = [64] possiblities

4/ The Total number of possible transition types are:
      DesiredHandlingOfTransition =
array[PossibleUserStatuses][PossiblePageXitions]
      DesiredHandlingOfTransition = array[27][64]

      (Possible)DesiredHandling(s)OfTransition(s) = 1728 combinations

5/ Some combinations of [PossibleUserStatuses] are illegal.

6/ Some combinations of [PossiblePageXitions] are illegal.

7/ To make this personal (PHPLIB wide?) extension of PHPLIB useful, the
outputs should be limited to two three forms:
      A/ Output the combination numbers for the developer to implement
more specific responses based on the context and the general
user/pageXition type.
      B/ Output to an array, a list of generic error messages that COULD
be sent to the user/page requestor and also to an error log.
      C/ Some basic, overriding responses, perhaps stubbed to messages
or functions.
            For example:
                 1 - Overall page request allow/deny variable updated.
                 2 - Get a session for user yes/no.
                 3 - Record attempts for session/user/requesting
                        address, limit attempts, send email to site
                        admin. Block from user for 'X' amount of time.
                        Email user fact that h(is/er) account
                        is being attacked.
                 4 - Put out permission/authorization change request
                        form for user
                        to fill out and it gets sent to Site Admin.
                 5 - Include error report, "my pemissions/auth is
                        wrong."
                 6 - Delete previous auth/permissions associated with a
                        particular session.
                 7 - Delete Session/Auth/Perm/User associations cause
                        them to relog in
                        keeping requested page in database.

8. OBVIOUSLY, Some amount of partitioning of the tables needs to be
done.
      A simple "else if" ladder based on
Entering(Session/Auth/Perm)ReqdPage
      part of table division would cut the needed file loading and
mental
      design work down by a factor of 9. 

-- 
________________________________________________________________
Dennis K. Gearon (Kegley)                           Loyal Member
Scientific Instrument Technician, School of ETM       of The 
Oregon Institute of Technology                       Order of
- One of USA's 100 Best College Buys                  T-U-X
3201 Campus Drive                             ~
Klamath Falls, OR 97601                      'v'    standards
Voice   1-541-885-1563                      // \\   corrupters:
FAX     1-541-885-1689                     /(   )\   ^phear^
email   gearond <email protected>                     ^`~'^   the penguin 
________________________________________________________________
Happiness is when you want to go to your job in the morning and 
when you want to go home in the evening.
________________________________________________________________

---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>