Sent to the list and to Robert direct. Are you on this list Robert? Do I
need to do a copy to you or will you see the list reply? I'm on the list
so you only need to reply to the list for me to get it :-)
On Tue, 30 Apr 2002, Robert Neuschul <robert@...> wrote
>In article <UcZIQLTE9Xz8EwDw@...>, Dave Guerin wrote:
>> If you have a user called dave you can't currently create a user called
>> Dave as MySQL says that the user already exists. The username field is a
>> unique field, but (at least on my system) seems to be case insensitive.
>> Try it, you'll see. :-)
>True for the MySQL user DB, but one is surely not using that for the
>Pagetool userbase: the primary purpose of the MySQL user DB is to control
>global or restricted access to all/named databases. It would be utterly
>gross to misuse the DB's internal authentication for this purpose.
I don't think I quite explained my self there. The Pagetool table
pt_core_users has a filed called username in which we store the Pagetool
usernames. This field is declared as UNIQUE, so there can be only one
username with the value dave. So, if I have a user dave, and then try
and create another new user, dave, from the Pagetool admin Preferences
menu, then MySQL reports an error, Pagetool picks this up and displays
an error message, something like:
Sorry, your sql statement failed.
1062: Duplicate entry 'dave' for key 2
Also, if I try and create another user Dave then I get:
Sorry, your sql statement failed.
1062: Duplicate entry 'Dave' for key 2
>to say, it would be equally foolish and totally insecure to make the
>Pagetool administrator and password the same as the MySQL user/password,
>and that is something that should be checked by scripting.
That's up to the person concerned. And if a user, by chance, used the
same password as the MySQL password but wasn't allows by Pagetool, then
he might work out that it was that password, which could be a bigger
>If one has an application specific DB within MySQL which contains a table
>with fields used to hold usernames and passwords, then one can perform
>whatever string checks and authentications one wishes. If one wished to
>permit case variations of a single name [such as Dave, DaVe etc] then this
>could be enabled, but it's not particularly good practice.
And NOT possible if the field is declared UNIQUE, as in this instance.
> I always do a
>string lower to prevent any possible duplications with user-driven client
>web sites: in fact I usually go a step further - only admins may add a
>user, and they are presented with a list of the existing users for editing,
>with the final element of the selection being "add new" - this way they can
>clearly see which names already exist and are not tempted to duplicate.
>Mind you this approach only works in relatively small-scale environments
>where one only has maybe a dozen or so users.
>But then, maybe I've misunderstood your comments.
Or I didn't explain my self to well :-) Hopefully I've now explained
>NB: I'd be quite keen to see how far you've got with the putative version
It's available from CVS, see
I haven't, as yet, done much (any?) work on it, Jamie is yer man there.
>My time is limited, and my PHP skills aren't what they ought to be
>[it's not my primary focus - see the yet to be "published" sourceforge
but no information as to what it's all about.
>, but I rather like the look of what Pagetool is.
>one were subsequently able to plug in a wysiwyg
It's the web, I'm sure you mean wysisowtug - what you see is sort of
what the user gets :-)
> edit control feature
>through the API to handle body content elements that would really make my
There was another browser based ActiveX control that gave a sort of
wysiwyg HTML editor, that someone on this list (or maybe the user list)
pointed out, but I can't find it now. It was presented as a plugin for
phpNuke, among other CMSs. It should be possible to implement this sort
of thing within Pagetool 2, maybe even Pagetool 1 if we sort out
>NB: thanks for the help guys - it's nice to see such responsiveness.
You're welcome :-)
d a v e