Paul
|
| Posted: 03/25/2002, 6:13 AM |
|
I think it'll be best if I outline what i would like to achieve....
I need 9 administrators to be able to access nine different admin pages. The administrators should go to the same login in page and then be redirected depending on their UserRights. They should only be able to access THEIR OWN admin page --> So i have a table in my DB (MySQL) containing my 9 administrators each with their own User_name/Password/UserRights which will relate to the admin page they can access. How would this be done in CC? I've looked at all the articles but keep going round in cirles... and keep getting this error:
>Wrong number of arguments or invalid property assignment: 'CheckSecurity'
I could really use a step by step guide for this, and i'm sure it would help many other too....
help me CC, you're my only hope, thanks in advance
p.s. i use MySQL with ASP
|
|
|
 |
Alex Alexapolsky
|
| Posted: 03/25/2002, 8:29 AM |
|
Have you defined your own checksecurity function ?
Have you made any special call to it in PageSecurity event ?
Please provide more information.
|
|
|
|
Paul
|
| Posted: 03/25/2002, 8:31 AM |
|
Okay i have now fixed part of my problem, but as always encountered a new one.. I have now got 9 levels of security, which are used to redirect on Login... however the problem with this is that although there would be no need for an administrator to do it they could access any division with a lower security level.
How can i prevent the UserRights / Security Level from being heirarchical and keep them as seperate permissions?
|
|
|
|
Brent
|
| Posted: 03/25/2002, 9:34 AM |
|
You need to take a look at the Check_Security function and rewrite it to replace
the "$UserRights < $security_level" with perhaps a case statement or "==" comparison.
//-------------------------------
// Verify user's security level and redirect to login page if needed
//-------------------------------
function check_security($security_level)
{
global $UserRights;
if(!session_is_registered("UserID"))
{
header ("Location: Login.php?querystring=" . urlencode(getenv("QUERY_STRING")) . "&ret_page=" . urlencode(getenv("REQUEST_URI")));
exit;
}
else
if(!session_is_registered("UserRights") || $UserRights < $security_level)
{
header ("Location: Login.php?querystring=" . urlencode(getenv("QUERY_STRING")) . "&ret_page=" . urlencode(getenv("REQUEST_URI")));
exit;
}
}
|
|
|
|
Sean
|
| Posted: 03/25/2002, 11:18 AM |
|
I have done this before with ASP and Access. Doesn't matter which database you use your changes need to occur at the ASP side.
First off you need to determine your security needs. I see that you want 9 different admins with their own page, so I imagine you mean 9 different ASP pages per admin.
Second on your login page you need to assign session variables or at least make sure they are assigned. For instance, I have seperated my pages by user section: ie. Admin, Worker, Supervisor, etc; so I assign this section to a session variable to make sure they are redirected to the right page. In my database I set up the user with a section, so if I want to change them from Admin to Supervisor than I only have to change their record in the database. You need to do a little re-write of the Custom Security event for the login page. I use a case statement to check what level they were assigned in the database and then they are redirected to the right page.
Third in the individual pages I check for the session variables relating to user name and section. If it is null then they are redirected to a login page. If the correct session variable is present then the page is presented to the user. I also filter the information on that page based on the user name. I have found that this provides me with the greatest flexability while maintaining a high degree of reusability between my pages. Maintenance is low.
If you need more help let me know. Without seeing your code, it is hard to tell where you are going. You can also email me directly:smroe@bak.rr.com
|
|
|
|
|
