I must start by complimenting the developers on a finely designed security interface. I have installed phpSecurityAdmin successfully and have successfully protected a page with said system. However, I am having issues getting phpSecurityAdmin to differentiate users between security groups. For example, I have a page called index.html. When I put the line <?php require_once "phpSecurityAdm/_restrict.php"; ?> in said php page it is protected and requires a user login. However if I add said page to a profile called 'IR admin' and login with a user from the profile 'IDS admin', said user in the 'IDS admin' group is still allowed to access index.php. What gives? Any help is greatly appreciated. Have a nice day.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
OK, after checking the database you are using (Sorry it took so damn long...) I see that you have pages defined named "IDS Admin Pages" and "IR Admin Pages" in the site structure, but there aren't any URIs associated with the names. "IDS Admin" profile doesn't have anything selected, and "IR Admin" has "admin page" and "index page" selected.
Now looking at the users, 3 users are all defined under the "IR Admin" profile.
One thing to remember is that the structure is URI based, and any single URI can belong to any number of profiles.
It seems that your problem is that the users actually belong to the same group, and that you have pages in the structure without the URI associated with them.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2003-06-17
Justin:
Thanks for your reply. That did the trick. I do have another problem now though. I am migrating my work to production and am in the process of setting up the phpsecurityadmin stuff and when I initially try to login on the new box with the magical admin/secure it just keeps bouncing me back to the login page. It seems to be acting as if I am not logging in with the proper admin passwd or ID. This is running on a COMPLETELY different box usign a COMPLETELY different mysql instance from my development machine. When I set up this instance of phpsecurityadmin it connected to the new mysql box and created the psa_db databse just fine. What gives?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I must start by complimenting the developers on a finely designed security interface. I have installed phpSecurityAdmin successfully and have successfully protected a page with said system. However, I am having issues getting phpSecurityAdmin to differentiate users between security groups. For example, I have a page called index.html. When I put the line <?php require_once "phpSecurityAdm/_restrict.php"; ?> in said php page it is protected and requires a user login. However if I add said page to a profile called 'IR admin' and login with a user from the profile 'IDS admin', said user in the 'IDS admin' group is still allowed to access index.php. What gives? Any help is greatly appreciated. Have a nice day.
Can you send me a database dump file to justin@koivi.com I will be glad to take a look at it and see what is up.
The first thing that comes to mind is that the both users may have access to the same profile somehow.
I'm sending it now. Sorry for the long delay. I was refereeing soccer matches this weekend and did not get a chance to check SourceForge.
OK, after checking the database you are using (Sorry it took so damn long...) I see that you have pages defined named "IDS Admin Pages" and "IR Admin Pages" in the site structure, but there aren't any URIs associated with the names. "IDS Admin" profile doesn't have anything selected, and "IR Admin" has "admin page" and "index page" selected.
Now looking at the users, 3 users are all defined under the "IR Admin" profile.
One thing to remember is that the structure is URI based, and any single URI can belong to any number of profiles.
It seems that your problem is that the users actually belong to the same group, and that you have pages in the structure without the URI associated with them.
Justin:
Thanks for your reply. That did the trick. I do have another problem now though. I am migrating my work to production and am in the process of setting up the phpsecurityadmin stuff and when I initially try to login on the new box with the magical admin/secure it just keeps bouncing me back to the login page. It seems to be acting as if I am not logging in with the proper admin passwd or ID. This is running on a COMPLETELY different box usign a COMPLETELY different mysql instance from my development machine. When I set up this instance of phpsecurityadmin it connected to the new mysql box and created the psa_db databse just fine. What gives?