MyDynaWeb CVS: htdocs sukria

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

MyDynaWeb CVS committal

Author  : sukria
Project : mydynaweb
Module  : htdocs

Dir     : mydynaweb/htdocs/include


Modified Files:
	default.ini.php3 utils.inc.php 


Log Message:

OK, now the admin section has its own login system.
Most and most users - about 2, which is really a large number ! ;+]
asked for it and now it's OK.



So, what have been done ?
-------------------------
There is now a login script in the root of the admin section :
/admin/login.php.
This script can create a session key for the user that would be particular 
in the way that it would be a SUPERUSER key.



Which login/passwords should I use to enter the admin ?
-------------------------------------------------------
The creation of the session is based by default on the same login and 
password as the one for the database ; defined as '$dbUser' and '$dbPass' 
in the init script (mydynaweb.init.php)

But, as ever, mydynaweb let you the choice : you can choose to use diffrent IDs 
and will then define yours in mydynaweb.init.php.

To make this possible, I've had to hack the session library (tools/events/session.php)
so that it can create superuser session (not the same as user session)



Why doing such a thing ? htaccess works fine ! 
----------------------------------------------
The most important improvement by doing this way is that you can now 
secure your admin section over SSL.
Indeed, htaccess is given uncripted over the network and BTW cannot be secured.
With every actions managed through php scripts, SSL is possible and then security 
is too...


see ya :) 


sukria - Wed Oct 10 21:29:00 GMT 2001


===================================================================
RCS file: /cvsroot/mydynaweb/mydynaweb/htdocs/include/default.ini.php3,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -3 -r1.26 -r1.27

--- default.ini.php3	2001/08/02 19:28:52	1.26
+++ default.ini.php3	2001/10/10 21:28:17	1.27
@@ -137,6 +137,17 @@
 
 *********************************************/
 
+// login and password for admin section
+// > USE_DB_ID_AS_ROOT_ID == 1 : mydynaweb will
+//   consider that $dbUser is the root's login 
+//   and that $dbPass is the root's password
+// > USE_DB_ID_AS_ROOT_ID == 0 : you MUST set
+// ROOT_LOGIN and ROOT_PASSWORD to the values 
+// you want. 
+define("USE_DB_ID_AS_ROOT_ID", 1);
+define("ROOT_LOGIN", "istari");
+define("ROOT_PASSWORD", "gandalf");
+
 define("WEBMASTER_EMAIL", "ga...@mi...");
 define("WEBMASTER_NAME", "Gandalf the White");
 define("WEBMASTER_HOMEPAGE", "http://www.theonering.com");
@@ -147,6 +158,6 @@
 //
 //             DYNACACHE SECTION
 //  Value : no, yes, debug
-define("DYNACACHE","yes");
+define("DYNACACHE","no");
 
 ?>
===================================================================
RCS file: /cvsroot/mydynaweb/mydynaweb/htdocs/include/utils.inc.php,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -3 -r1.17 -r1.18
--- utils.inc.php	2001/07/27 09:22:45	1.17
+++ utils.inc.php	2001/10/10 21:28:17	1.18
@@ -137,7 +137,7 @@
 function send_session_error($error) 
 {
 	$msg = urlencode($error);
-	header("Location: news.php3?MSG=$msg");
+	header("Location: /");
 	die();
 }
 




