Teufel
|
| Posted: 01/27/2002, 7:50 AM |
|
Hi!
I need to let some users (lets call them 'Group 1') have access to pages A and B and some other group of users (lets call them 'Group 2') have access to pages B and C. The problem is that members of 'Group 1' should not have access to page C and users of group 'Group 2' should not have access to page A (some 'mutual exclusive' security system, with perhaps some 'intersections').
With the security system implemented by CodeCharge this seems not to be possible, since the levels are always crescent: if a user has access to lets say an administration page, then he would certainly have access to all pages with lower security levels.
Is there a way to build some 'mutual exclusive' security system as this with CC?
TIA,
Teufel
|
|
|
 |
Ron Borkent
|
| Posted: 01/27/2002, 2:10 PM |
|
use custom login(in your login table add field domain)
the following is all PHP:
$sLogin = get_param("Login");
$sPassword = get_param("Password");
$db->query("SELECT login_id,security_level_id, domain FROM login WHERE login =" . tosql($sLogin, "Text") . " AND pasword=" . tosql($sPassword, "Text"));
$is_passed = $db->next_record();
if($is_passed)
{
//-------------------------------
// Login and password passed
//-------------------------------
set_session("UserID", $db->f("login_id"));
set_session("UserRights", $db->f("security_level_id"));
set_session("DomainRights", $db->f("domain"));
$sPage = get_param("ret_page");
if (strlen($sPage))
{
header("Location: " . $sPage);
exit;
}
}
else
{
$sInloggenErr = "Login or Password is incorrect.";
}
//-------------------------------
In the page custom security event do obtain generated code and add
if (get_session("DomainRights") <>"yourdomainfor this page")
{
header("location: loginfail.php");
}
loginfail.php is a page that tells the user he hasn't got enough privaleges and has to re login.
hope this helps
|
|
|
|
sanjay
|
| Posted: 01/27/2002, 11:42 PM |
|
its really good idea
HOw this works in ASP
sanjay
|
|
|
|
Ron Borkent
|
| Posted: 01/28/2002, 5:10 AM |
|
Look in community for the word security, somewhere there is an ASP example I coocked up for this problem (I'm no ASP programmer so al bets are off as far as functionality goes)Try and let me know if it worked. You can probably look at the code and take it from there.
Ron
|
|
|
|
|
