feha
|
| Posted: 10/12/2002, 7:59 AM |
|
The problem is in CC
There is provided security and authentication system ...
The problem is that you can obtain only from one table the administration info...
user_id
user_pass
admin_level
etc...
What IF as I want two separate tables one for customers and one for administrators...?
I have fixed to login as customer and edit own account info...
taking info from different table than one of admin...
User_ID session is making problem...
To have 2-3 different authentications from different tables...
Any Solution?
PHP/MySQL
feha
www.vision.to
|
|
|
 |
Tom
|
| Posted: 10/12/2002, 7:54 PM |
|
I'm not a mysql guy but in oracle I would create a view that was a union of the two tables (and their common fields) and use that for the security login.
In MsAccess, it would be a query.
|
|
|
|
feha
|
| Posted: 10/14/2002, 3:51 PM |
|
Sorry but there is no UNION fuction on mySQL (version 3,....).
It should be possible to make some new function and integrate it into common.php file thru the modules in CC ... ?!
thanks for your answer
regards
feha
www.vision.to
|
|
|
|
Brent
|
| Posted: 10/14/2002, 4:45 PM |
|
So why not just add "User_Type" to the member table and use this table for all authentication?
Set a session variable "user_type". You can use User_Type to filter the table
so only these row are displayed to the user. This prevents them from seeing Admin
data.
|
|
|
|
feha
|
| Posted: 10/15/2002, 5:09 AM |
|
Thank You Brent
I like to have them separeted.
I have made an admin section for the projects.
And this will be used to change all info over the whole site....
So I don't want this tables to be mixed with customer or members tables...
There is no problem to "hide" them on the same table beacuse this is fixed with admin level.
regards
femi
www.vision.to
|
|
|
|
xbill
|
| Posted: 10/15/2002, 8:03 AM |
|
It won't help you with CC- but with
CCS, you can use multiple DB connections
throughout any project.
What I do is set up a second set of tables
and an "admin" project. With MySQL and CCS-
this can be even placed in a seperate database
instance.
In the "admin" project, the admin User
Login/Password is saved in its own DB.
For the "user" projects and tables- I reference
these tables as an additional DB connection.
For the "user" projects- they authenticate
using the user level DB as a single connection.
For CC - you can probably hand code a custom login
event that takes the same approach.
Create a seperate table + DB for the admin and
then hard code the authentication events for
the admin to use this DB.
The ease of use on the multiple DB connection
feature is one of the real advantages of
CCS over CC.
-bill
|
|
|
|
feha
|
| Posted: 10/15/2002, 1:47 PM |
|
Thank You xbill for Your answer...
I bought CCStudio too, but I'm not familiar with it yet and at present time I prefer using CC for my Important projects because I used to use CC and get the job done fast.
I've made a separate login (a bit of handcoding) and table for customers and they can login end edit their own info...
What I do need is to preserve their login over the whole site when they want to order or see their order history etc...
At present time is a problem because I need to make a separate sessions script with separate variables to pass this info to other pages when the customer or member is logged in...
I think I'll find some solution and put this part of the code to common.php file..
regards
femi
www.vision.to
|
|
|
|
feha
|
| Posted: 10/18/2002, 5:26 PM |
|
I still can't solve this problem...
regards
feha
www.vision.to
|
|
|
|
feha
|
| Posted: 10/22/2002, 1:56 PM |
|
|
|
|
|
feha
|
| Posted: 10/22/2002, 1:56 PM |
|
I will try to use this add to global functions...
function check_security_2($security_level_2)
{
global $UserRights_2;
if(!session_is_registered("UserID_2"))
header ("Location: Login_2.php?querystring=" . urlencode(getenv("QUERY_STRING")) . "&ret_page=" . urlencode(getenv("REQUEST_URI")));
else
if(!session_is_registered("UserRights_2") || $UserRights_2 < $security_level)
header ("Location: Login_2.php?querystring=" . urlencode(getenv("QUERY_STRING")) . "&ret_page=" . urlencode(getenv("REQUEST_URI")));
}
There is still need to edit by hand Login pages which have to check from different table...
and
every page that should get authentication from other table and should call this function as:
check_security_2(3);
I hope this will work...
regards
femi
www.vision.to
|
|
|
|
will
|
| Posted: 11/09/2002, 11:14 PM |
|
Did you find the solution to your problem if you did would emailit to me
williehickey@att.net
Thanks
|
|
|
|
feha
|
| Posted: 11/10/2002, 8:47 AM |
|
Solution should be:
---------------------------------------------------------------------
function check_security_2($security_level_2)
{
global $UserRights_2;
if(!session_is_registered("UserID_2"))
header ("Location: Login_2.php?querystring=" . urlencode(getenv("QUERY_STRING")) . "&ret_page=" . urlencode(getenv("REQUEST_URI")));
else
if(!session_is_registered("UserRights_2") || $UserRights_2 < $security_level_2)
header ("Location: Login_2.php?querystring=" . urlencode(getenv("QUERY_STRING")) . "&ret_page=" . urlencode(getenv("REQUEST_URI")));
}
There is still need to edit by hand Login pages which have to check from different table...
and
every page that should get authentication from other table and should call this function as:
check_security_2(3);
I hope this will work...
-------------------------------------------------------------------------------
I haven't tried this in practice yet but this way should work ...
I'm planning to use it on my new project for CAR'S portal
There should be able the car resellers to login and edit their own ads and account info.
regards
feha
www.vision.to
|
|
|
|
RonB
|
| Posted: 11/10/2002, 2:47 PM |
|
Here's code I used to solve the level only checking feature in CC (it's been a while since I used cc so I had to search for the code thrue my old projects)
With this system you could theoretically secure each individual page from 1 login table.
use custom login(in your login table add field domain)
the following is all PHP:
$sLogin = get_param("Login");
$sPassword = get_param("Password");
$db->query("SELECT login_id,security_level_id, domain FROM login WHERE login =" . tosql($sLogin, "Text") . " AND pasword=" . tosql($sPassword, "Text"));
$is_passed = $db->next_record();
if($is_passed)
{
//-------------------------------
// Login and password passed
//-------------------------------
set_session("UserID", $db->f("login_id"));
set_session("UserRights", $db->f("security_level_id"));
set_session("DomainRights", $db->f("domain"));
$sPage = get_param("ret_page");
if (strlen($sPage))
{
header("Location: " . $sPage);
exit;
}
}
else
{
$sInloggenErr = "Login or Password is incorrect.";
}
//-------------------------------
In the page custom security event do obtain generated code and add
if (get_session("DomainRights") <>"yourdomainfor this page")
{
header("location: loginfail.php");
}
loginfail.php is a page that tells the user he hasn't got enough privaleges and has to re login.
hope this helps
Ron
|
|
|
|
feha
|
| Posted: 11/11/2002, 12:09 AM |
|
Great solution Ron,ThankYou.
regards
feha
www.vision.to
|
|
|
|
