phpsecurityadm-users — User list for phpSecurityAdm

[psa-users] PSA 4

[Justin K. <ju...@ko...>]

So far, PSA4 is functional - except for the supplemental UI. The class 
has been reworked to interface with PEAR::MDB instead of Metabase, and 
so far the _restrict.php file is working. The next step will be to get 
all the UI pages arranged and functional. Also, I have some work to do 
on the SQL queries that are used in the class, and will get to them when 
I start work on the UI.

I have been thinking of possibly setting up another restriction method 
that checks for GET or POST variables. Then there would be 4 or 5 access 
methods instead of just 2:

1. No access
2. Full access
3. Read only (no GET or POST allowed)
4. Read and GET
5. Read and POST

This option would allow for better control and more flexibility in CMS 
systems.

There hasn't been any planning for this yet, it's just a thought at this 
point. Version 4 will have API changes because I felt that a good audit 
was needed. Therefore, don't expect to upgrade PSA to work with custom 
apps that accessed the class methods directly. However, if you only use 
PSA's _restrict.php and the supplied UI, then things should work without 
hitch.

Obviously, there is going to be a lot of testing on my end before I 
release even alpha or beta code. I don't have sf.net CVS setup where I 
am developing, and I don't have the time to set it up right now, so 
you'll all have to be in the dark for a while.

If anyone out there has any feature requests, now would be a great time 
to submit them. Thanks to all you who've helped out in the past!

Re: [psa-users] Removing Challenge Question &Problem in Active Status

[Justin K. <ju...@ko...>]

Abraham Lincoln wrote:
> 2nd question is how can i remove "Challenge Question" i only want the password auth. and even if the user forgot the password password will be send via email no more "Challenge Question" any suggesstion? ive tried messing up with class.phpSecurityAdm but bad result ;/ and add_user.php

I haven't tried this at all, but simply changing the challenge input 
fields to hidden fields with a preset value may work. I haven't messed 
with the challenge stuff much since I haven't had time to do much of 
anything with the project lately, but that would be my guess from seeing 
the code as it was being developed.

> 3rd Why is it that im getting a value of "2" in "Allowed Connection Addresses:" even if i put 0 or erase it when i click "Update user" it always saves "2" automatically. what php file seem the have a problem here? i didnt edited user_edit_connections.php 

Check in user_edit_connections.php for the function call after the form 
is posted. That is the function you need to look at in the 
class.phpSecurityAdm.php file. It sounds like the query being executed 
is setting the field when it shouldn't be.

[psa-users] Removing Challenge Question &Problem in Active Status

[Abraham L. <sun...@se...>]

  Good Day! i successfully aligned the the view users in users.php but after i modified users.php class.phpSecurityAdm.php to view company name, url etc.. 
i always in ACTIVE section a value of "NO" even if the user is active eg: admin is active but the value is NO in the database the value is "Y" but it keeps on showing "No" i keep changin the value but when i access users.php the value is "no" What php file seems to have a problem here?

2nd question is how can i remove "Challenge Question" i only want the password auth. and even if the user forgot the password password will be send via email no more "Challenge Question" any suggesstion? ive tried messing up with class.phpSecurityAdm but bad result ;/ and add_user.php

3rd Why is it that im getting a value of "2" in "Allowed Connection Addresses:" even if i put 0 or erase it when i click "Update user" it always saves "2" automatically. what php file seem the have a problem here? i didnt edited user_edit_connections.php 

Any suggestion would be a great help! im almost done customizing phpSecurityAdm to fit the requirements of our php site. 

Thanks

Abraham
 














>----- ------- Original Message ------- -----
>From: Albert Lash <al...@pl...>
>To: <php...@li...>
>Sent: Fri, 08 Aug 2003 14:16:31
>
>I see. In users.php the top half contains the
>header:
>
>     <td style="background-color: <?php echo
>$PSA_OPTS['Tables']; ?>; color:
><?php echo $PSA_OPTS['MenuFont']; ?>; font-weight:
>bold;"><?php echo
>_("Username") ?></td>
>     <td style="background-color: <?php echo
>$PSA_OPTS['Tables']; ?>; color:
><?php echo $PSA_OPTS['MenuFont']; ?>; font-weight:
>bold;"><?php echo _("Real
>Name") ?></td>
>     <td style="background-color: <?php echo
>$PSA_OPTS['Tables']; ?>; color:
><?php echo $PSA_OPTS['MenuFont']; ?>; font-weight:
>bold;"><?php echo
>_("E-mail") ?></td>
>     <td style="background-color: <?php echo
>$PSA_OPTS['Tables']; ?>; color:
><?php echo $PSA_OPTS['MenuFont']; ?>; font-weight:
>bold;"><?php echo
>_("Active") ?></td>
>     <td> </td>
>
>It is very messy, but if you add in some
><td>Title</td> sections, you'll be
>able to match those table data cells with the
>section underneath.  The
>sections like this: <?php echo _("Active") ?> are
>for language translations.
>
>Will that do it for you?
>
>Al
>
>
>
>
>
>On 8/7/03 10:19 PM, "sunNinja"
><sun...@se...> wrote:
>
>> nope doesnt help config.php only contains the
>color setting etc... what i
>> wanna modify is the alignment and customized the
>output in users.php like the
>> ff:
>> 
>> Username Real Name E-mail	  Company  Phone 
>Active
>> test     testname te...@te...  Company A 433-33
> Y
>> 
>> 
>> 
>> any help? i want to add more information in the
>output... or in users.php when
>> u view current users... Thnx
>
>
>
>This SF.Net email sponsored by: Free pre-built
>ASP.NET sites including
>Data Reports, E-commerce, Portals, and Forums are
>available now.
>Download today and enter to win an XBOX or Visual
>Studio .NET.
>_______________________________________________
>phpsecurityadm-users mailing list
>php...@li...
>---------------------------------------------------
>----
>http://aspnet.click-url.com/go/psa00100003ave/direc
>t;at.aspnet_072303_01/01
>https://lists.sourceforge.net/lists/listinfo/phpsec
>urityadm-users

RE: Re: [psa-users] phpsecurityadm Interface

[sunNinja <sun...@se...>]

thanks aill try this out Justin

Abraham

>----- ------- Original Message ------- -----
>From: Justin Koivisto <ju...@ko...>
>To:  php...@li...
>Sent: Thu, 14 Aug 2003 21:30:18
>
>sunNinja wrote:
>
>>  hey! Albert,
>>     It works! :) thanks for the advice... now
>next that im gonna do is the output...  ive got no
>problem with showing the outputs but the only
>problem is everytime it shows the output... im
>gettin something like this
>> 
>> Username E-mail	     Company  
>> -----------------------------------
>> test     te...@te...    Company 
>>			     A
>
>In the table where you echo out the company name,
>use something like:
>
><td nowrap><?php echo $company ?></td>
>
>You may also want to change the table's width
>attribute. That should 
>solve your problem.
>
>
>
>
>This SF.Net email sponsored by: Free pre-built
>ASP.NET sites including
>Data Reports, E-commerce, Portals, and Forums are
>available now.
>Download today and enter to win an XBOX or Visual
>Studio .NET.
>_______________________________________________
>phpsecurityadm-users mailing list
>php...@li...
>---------------------------------------------------
>----
>http://aspnet.click-url.com/go/psa00100003ave/direc
>t;at.aspnet_072303_01/01
>https://lists.sourceforge.net/lists/listinfo/phpsec
>urityadm-users

RE: Re: [psa-users] User table

[sunNinja <sun...@se...>]

i Aggree with you! :) phpsecurityadm is gettin bigger and the functionalities are great and the only thing i wanna customized is the user infos like phone company and URL link of a certain user ex: user1 http://www.user1.com/index.php when user 1 login it will automaticall redirect it to his site to have single login page for all users :P

  etc... like what im doing right now but im havin problem ;/ with the tables output... 



>----- ------- Original Message ------- -----
>From: :php...@li...
>To: php...@li...
>Sent: Thu, 14 Aug 2003 22:26:26
>
>Right, but now that the project has hit the BIG
>TIME, we are facing 
>demanding requirements. :-)
>
>>
>> Yes, adding that information to the database
>would be a good idea. 
>> This project was originally just a small-time
>user management thing 
>> for a single site CMS, so that type of thing
>wasn't needed.
>>
>
>
>
>This SF.Net email sponsored by: Free pre-built
>ASP.NET sites including
>Data Reports, E-commerce, Portals, and Forums are
>available now.
>Download today and enter to win an XBOX or Visual
>Studio .NET.
>_______________________________________________
>phpsecurityadm-users mailing list
>php...@li...
>---------------------------------------------------
>----
>http://aspnet.click-url.com/go/psa00100003ave/direc
>t;at.aspnet_072303_01/01
>https://lists.sourceforge.net/lists/listinfo/phpsec
>urityadm-users

Re: [psa-users] phpsecurityadm Interface

[Justin K. <ju...@ko...>]

sunNinja wrote:

>  hey! Albert,
>     It works! :) thanks for the advice... now next that im gonna do is the output...  ive got no problem with showing the outputs but the only problem is everytime it shows the output... im gettin something like this
> 
> Username E-mail           Company  
> -----------------------------------
> test     te...@te...    Company 
>                           A

In the table where you echo out the company name, use something like:

<td nowrap><?php echo $company ?></td>

You may also want to change the table's width attribute. That should 
solve your problem.

Re: [psa-users] User table

[Albert L. <al...@pl...>]

Right, but now that the project has hit the BIG TIME, we are facing 
demanding requirements. :-)

>
> Yes, adding that information to the database would be a good idea. 
> This project was originally just a small-time user management thing 
> for a single site CMS, so that type of thing wasn't needed.
>

Re: [psa-users] User table

[Justin K. <ju...@ko...>]

Albert Lash wrote:
> I've just completed an installation of PSA for a small application and
> realized that for most applications the user table falls short of
> requirements. Shouldn't every user have an address, city, state, zip, etc.?
> 
> These fields could be made required or optional. This should be the next
> step, so that PSA can be used for people who want register for a newsletter
> (printed!) or the like. No login, only user registration. This is a great
> idea I believe. 
> 
> The updates would be somewhat minor, the schema file, the sql file, and the
> psa class would all have to be updated. I'll keep working on the design,
> post it here, then make the required changes.

Yes, adding that information to the database would be a good idea. This 
project was originally just a small-time user management thing for a 
single site CMS, so that type of thing wasn't needed.

[psa-users] User table

[Albert L. <al...@pl...>]

I've just completed an installation of PSA for a small application and
realized that for most applications the user table falls short of
requirements. Shouldn't every user have an address, city, state, zip, etc.?

These fields could be made required or optional. This should be the next
step, so that PSA can be used for people who want register for a newsletter
(printed!) or the like. No login, only user registration. This is a great
idea I believe. 

The updates would be somewhat minor, the schema file, the sql file, and the
psa class would all have to be updated. I'll keep working on the design,
post it here, then make the required changes.

Please post any ideas you may have.

- Al

RE: Re: [psa-users] phpsecurityadm Interface

[sunNinja <sun...@se...>]

 hey! Albert,
    It works! :) thanks for the advice... now next that im gonna do is th=
e output...  ive got no problem with showing the outputs but the only pro=
blem is everytime it shows the output... im gettin something like this

Username E-mail           Company =20
-----------------------------------
test     te...@te...    Company=20
                          A

if you would notice A cannot be accomodated beside Company A ive tried Ad=
ding more spaces in phpsecadmin DB comname field... and modifying class.p=
hpSecurityAdm.php, users.php still same output... hope u could give me an=
other suggesstion on this... Thanks!

abraham

>----- ------- Original Message ------- -----
>From: Albert Lash <al...@pl...>
>To: <php...@li...>
>Sent: Fri, 08 Aug 2003 14:16:31
>
>I see. In users.php the top half contains the
>header:
>
>     <td style=3D"background-color: <?php echo
>$PSA_OPTS['Tables']; ?>; color:
><?php echo $PSA_OPTS['MenuFont']; ?>; font-weight:
>bold;"><?php echo
>_("Username") ?></td>
>     <td style=3D"background-color: <?php echo
>$PSA_OPTS['Tables']; ?>; color:
><?php echo $PSA_OPTS['MenuFont']; ?>; font-weight:
>bold;"><?php echo _("Real
>Name") ?></td>
>     <td style=3D"background-color: <?php echo
>$PSA_OPTS['Tables']; ?>; color:
><?php echo $PSA_OPTS['MenuFont']; ?>; font-weight:
>bold;"><?php echo
>_("E-mail") ?></td>
>     <td style=3D"background-color: <?php echo
>$PSA_OPTS['Tables']; ?>; color:
><?php echo $PSA_OPTS['MenuFont']; ?>; font-weight:
>bold;"><?php echo
>_("Active") ?></td>
>     <td>=C2=A0</td>
>
>It is very messy, but if you add in some
><td>Title</td> sections, you'll be
>able to match those table data cells with the
>section underneath.  The
>sections like this: <?php echo _("Active") ?> are
>for language translations.
>
>Will that do it for you?
>
>Al
>
>
>
>
>
>On 8/7/03 10:19 PM, "sunNinja"
><sun...@se...> wrote:
>
>> nope doesnt help config.php only contains the
>color setting etc... what i
>> wanna modify is the alignment and customized the
>output in users.php like the
>> ff:
>>=20
>> Username Real Name E-mail	  Company  Phone=20
>Active
>> test     testname te...@te...  Company A 433-33
> Y
>>=20
>>=20
>>=20
>> any help? i want to add more information in the
>output... or in users.php when
>> u view current users... Thnx
>
>
>
>This SF.Net email sponsored by: Free pre-built
>ASP.NET sites including
>Data Reports, E-commerce, Portals, and Forums are
>available now.
>Download today and enter to win an XBOX or Visual
>Studio .NET.
>_______________________________________________
>phpsecurityadm-users mailing list
>php...@li...
>---------------------------------------------------
>----
>http://aspnet.click-url.com/go/psa00100003ave/direc
>t;at.aspnet_072303_01/01
>https://lists.sourceforge.net/lists/listinfo/phpsec
>urityadm-users

Re: [psa-users] phpsecurityadm Interface

[Albert L. <al...@pl...>]

I see. In users.php the top half contains the header:

     <td style="background-color: <?php echo $PSA_OPTS['Tables']; ?>; color:
<?php echo $PSA_OPTS['MenuFont']; ?>; font-weight: bold;"><?php echo
_("Username") ?></td>
     <td style="background-color: <?php echo $PSA_OPTS['Tables']; ?>; color:
<?php echo $PSA_OPTS['MenuFont']; ?>; font-weight: bold;"><?php echo _("Real
Name") ?></td>
     <td style="background-color: <?php echo $PSA_OPTS['Tables']; ?>; color:
<?php echo $PSA_OPTS['MenuFont']; ?>; font-weight: bold;"><?php echo
_("E-mail") ?></td>
     <td style="background-color: <?php echo $PSA_OPTS['Tables']; ?>; color:
<?php echo $PSA_OPTS['MenuFont']; ?>; font-weight: bold;"><?php echo
_("Active") ?></td>
     <td>&nbsp;</td>

It is very messy, but if you add in some <td>Title</td> sections, you'll be
able to match those table data cells with the section underneath.  The
sections like this: <?php echo _("Active") ?> are for language translations.

Will that do it for you?

Al





On 8/7/03 10:19 PM, "sunNinja" <sun...@se...> wrote:

> nope doesnt help config.php only contains the color setting etc... what i
> wanna modify is the alignment and customized the output in users.php like the
> ff:
> 
> Username Real Name E-mail      Company  Phone  Active
> test     testname te...@te...  Company A 433-33  Y
> 
> 
> 
> any help? i want to add more information in the output... or in users.php when
> u view current users... Thnx

RE: Re: [psa-users] phpsecurityadm Interface

[sunNinja <sun...@se...>]

nope doesnt help config.php only contains the color setting etc... what i wanna modify is the alignment and customized the output in users.php like the ff:

Username Real Name E-mail	  Company  Phone  Active
 test     testname te...@te...  Company A 433-33  Y 



  any help? i want to add more information in the output... or in users.php when u view current users... Thnx

Abraham


>----- ------- Original Message ------- -----
>From: Albert Lash <al...@pl...>
>To: <php...@li...>
>Sent: Thu, 07 Aug 2003 08:34:40
>
>Hi Abraham, 
>
>Thanks for trying out PSA. First thought is to
>check the config.php file.
>The config file contains interface settings such as
>table background color.
>
>Let me know if this helps!
>
>Al
>
>> Hi Good Day i just downloaded phpsecurityadm
>latest version and successfully
>> installed it in my BOX i was trying to Customized
>the USERS Section to output
>> not just username, realname, email, Active menu i
>added some fields like URL
>> and Phone 
>> 
>>  i added a url to the database. it went well...
>but everytime i click the
>> USERS section i cannot align the output.... THE
>HighLIGHTED section on TOP the
>> output below got no problem it can output the
>details that i want to show like
>> name, phone, company etc.... BUT on the TOP of
>it... ive tried to edit
>> users.php, user_add.php and
>class.phpSecurityAdmin.php  but i cannot adjust
>> the BLUE COLOR....
>> 
>>  Anyone got any idea how to adjust it? or modify
>it?
>> i wannt the output to look this way
>> 
>> Username Real Name E-mail	    Company   Phone 
>Active
>> test     test 1   te...@te... Company A 433-33 
> Y etc..
>> 
>> the Data's below got no problem.  (test company
>A) The only problem im
>> encountering is the HIGHLIGHTED one (Username,
>Real Name) cannot be
>> adjusted.....
>> 
>> 
>> Thanks!
>> 
>> Abraham
>
>
>
>This SF.Net email sponsored by: Free pre-built
>ASP.NET sites including
>Data Reports, E-commerce, Portals, and Forums are
>available now.
>Download today and enter to win an XBOX or Visual
>Studio .NET.
>_______________________________________________
>phpsecurityadm-users mailing list
>php...@li...
>---------------------------------------------------
>----
>http://aspnet.click-url.com/go/psa00100003ave/direc
>t;at.aspnet_072303_01/01
>https://lists.sourceforge.net/lists/listinfo/phpsec
>urityadm-users

Re: [psa-users] phpsecurityadm Interface

[Albert L. <al...@pl...>]

Hi Abraham, 

Thanks for trying out PSA. First thought is to check the config.php file.
The config file contains interface settings such as table background color.

Let me know if this helps!

Al

> Hi Good Day i just downloaded phpsecurityadm latest version and successfully
> installed it in my BOX i was trying to Customized the USERS Section to output
> not just username, realname, email, Active menu i added some fields like URL
> and Phone 
> 
>  i added a url to the database. it went well... but everytime i click the
> USERS section i cannot align the output.... THE HighLIGHTED section on TOP the
> output below got no problem it can output the details that i want to show like
> name, phone, company etc.... BUT on the TOP of it... ive tried to edit
> users.php, user_add.php and class.phpSecurityAdmin.php  but i cannot adjust
> the BLUE COLOR....
> 
>  Anyone got any idea how to adjust it? or modify it?
> i wannt the output to look this way
> 
> Username Real Name E-mail        Company   Phone  Active
> test     test 1   te...@te... Company A 433-33   Y etc..
> 
> the Data's below got no problem.  (test company A) The only problem im
> encountering is the HIGHLIGHTED one (Username, Real Name) cannot be
> adjusted.....
> 
> 
> Thanks!
> 
> Abraham

[psa-users] phpsecurityadm Interface

[sunNinja <sun...@se...>]

 Hi Good Day i just downloaded phpsecurityadm latest version and successfully installed it in my BOX i was trying to Customized the USERS Section to output not just username, realname, email, Active menu i added some fields like URL and Phone 

   i added a url to the database. it went well... but everytime i click the USERS section i cannot align the output.... THE HighLIGHTED section on TOP the output below got no problem it can output the details that i want to show like name, phone, company etc.... BUT on the TOP of it... ive tried to edit users.php, user_add.php and class.phpSecurityAdmin.php  but i cannot adjust the BLUE COLOR....

   Anyone got any idea how to adjust it? or modify it?
i wannt the output to look this way

Username Real Name E-mail        Company   Phone  Active
test     test 1   te...@te... Company A 433-33   Y etc..

the Data's below got no problem.  (test company A) The only problem im encountering is the HIGHLIGHTED one (Username, Real Name) cannot be adjusted.....


Thanks!

Abraham

Re: [psa-users] Feature Request?

[Albert L. <al...@pl...>]

On Thursday, July 3, 2003, at 04:07 PM, Justin Koivisto wrote:

> Peter Hiltz wrote:
>> My homegrown system on an internal site isn't that good, but one 
>> thing it does (which doesn't seem quite as easy in phpsecurityadm) is 
>> a simple test of: Does the current user have X profile?
>> This allows me to show sections of pages, depending on the profile of 
>> the user. E.g. if(current_user->profile == 99) show_module1();
>> else show_module2();
>> Actually, since I have a numerical security scale, it tends to be 
>> more:
>> if(current_user->securityclearance > 9) show_module1();
>> else show_module2();
>> Is there an easy way to do this with phpsecurityadmin that I am just 
>> missing?
>
> One way to do this is to put each section of a page in a separate php 
> script using the _restrict.php file in it. Then you can assign each 
> script a security profile. If you don't want to see a message about 
> not having rights, you can suppress the output using either the ob_* 
> functions or the $PSA_DISPLAY_OUTPUT flag in the PSA config file.
>
> What Albert was thinking of (with psaug) was in an older version... To 
> do this now, you need to go through and do the following:
>
> $users=$sec_sys->getUsers();
> $groups_for_user=explode(',',$users[$_SESSION['psaun']]['groups']);
>
> This will give you an array of all the groups (or profiles) that the 
> user belongs to. In your case, you'd likely want something like:
>
> function isGroupMember($user,$group,$sec_sys){
>     $users=$sec_sys->getUsers();
>     $groups=explode(',',$users[$user]['groups']);
>     foreach($groups as $grp){
>         if($grp==$group) return TRUE;
>     }
>     return FALSE;
> }
>
> Then, in your script, you could call it like:
>
> if(isGroupMember($_SESSION['psaun'],$group_number,$PSA_object)){
>     // display it
> }else{
>     // don't display it
> }
>
> For that matter, that should be added to the class... (when I (or 
> someone else) gets around to it.)
>
> Hope this helps!
>

Ay yes, this is due to the fact that users can be in multiple groups 
now and psag will now be an array. Yes - it should also be put into the 
class so it can be accessed immediately. That is a simple enough 
addition, I'll try to fix it this weekend.

Re: [psa-users] Feature Request?

[Justin K. <ju...@ko...>]

Peter Hiltz wrote:
> My homegrown system on an internal site isn't that good, but one thing it does 
> (which doesn't seem quite as easy in phpsecurityadm) is a simple test of: 
> 
> Does the current user have X profile?
> 
> This allows me to show sections of pages, depending on the profile of the 
> user. E.g. 
> 
> if(current_user->profile == 99) show_module1();
> else show_module2();
> 
> Actually, since I have a numerical security scale, it tends to be more:
> 
> if(current_user->securityclearance > 9) show_module1();
> else show_module2();
> 
> Is there an easy way to do this with phpsecurityadmin that I am just missing?

One way to do this is to put each section of a page in a separate php 
script using the _restrict.php file in it. Then you can assign each 
script a security profile. If you don't want to see a message about not 
having rights, you can suppress the output using either the ob_* 
functions or the $PSA_DISPLAY_OUTPUT flag in the PSA config file.

What Albert was thinking of (with psaug) was in an older version... To 
do this now, you need to go through and do the following:

$users=$sec_sys->getUsers();
$groups_for_user=explode(',',$users[$_SESSION['psaun']]['groups']);

This will give you an array of all the groups (or profiles) that the 
user belongs to. In your case, you'd likely want something like:

function isGroupMember($user,$group,$sec_sys){
     $users=$sec_sys->getUsers();
     $groups=explode(',',$users[$user]['groups']);
     foreach($groups as $grp){
         if($grp==$group) return TRUE;
     }
     return FALSE;
}

Then, in your script, you could call it like:

if(isGroupMember($_SESSION['psaun'],$group_number,$PSA_object)){
     // display it
}else{
     // don't display it
}

For that matter, that should be added to the class... (when I (or 
someone else) gets around to it.)

Hope this helps!

Re: [psa-users] Feature Request?

[Peter H. <pe...@pe...>]

Hi Albert,

I guess I'm missing something. Dumping  array $_SESSION  show only two string 
variables: PSA_psaun and PSA_remote. I don't find psau or psag in the source 
files. Obviously I can use PSA_psaun and do a lookup in the database for 
further permissions, but you indicate that it should be much easier. 

Peter 

On Tuesday 01 July 2003 05:21 pm, Albert Lash wrote:
> Hi Peter,
>
> Thanks for your question and apologies for taking so long to respond. Been
> incredibly busy over here. Yes, of course that is terribly simple.
>
> The $_SESSION variables in PSA are very strong and flexible. You can access
> the user's profile with:
> $_SESSION["psag"] // PSA User Group
> The user's id with:
> $_SESSION["psau"] // PSA User
>
> Etc.
>
> Simply do what you've described with these vars:
>
> If($_SESSION["psag"]>"9") {
>     // show them this...
> } else {
>     // do this
> }
>
> Does that answer your question?
>
> Albert
>
> On 6/28/03 5:49 PM, "Peter Hiltz" <pe...@pe...> wrote:
> > My homegrown system on an internal site isn't that good, but one thing it
> > does (which doesn't seem quite as easy in phpsecurityadm) is a simple
> > test of:
> >
> > Does the current user have X profile?
> >
> > This allows me to show sections of pages, depending on the profile of the
> > user. E.g.
> >
> > if(current_user->profile == 99) show_module1();
> > else show_module2();
> >
> > Actually, since I have a numerical security scale, it tends to be more:
> >
> > if(current_user->securityclearance > 9) show_module1();
> > else show_module2();
> >
> > Is there an easy way to do this with phpsecurityadmin that I am just
> > missing?
> >
> >
> >
> >
> > -------------------------------------------------------
> > This SF.Net email sponsored by: Free pre-built ASP.NET sites including
> > Data Reports, E-commerce, Portals, and Forums are available now.
> > Download today and enter to win an XBOX or Visual Studio .NET.
> > http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01
> > _______________________________________________
> > phpsecurityadm-users mailing list
> > php...@li...
> > https://lists.sourceforge.net/lists/listinfo/phpsecurityadm-users

Re: [psa-users] Feature Request?

[Albert L. <al...@pl...>]

Hi Peter, 

Thanks for your question and apologies for taking so long to respond. Been
incredibly busy over here. Yes, of course that is terribly simple.

The $_SESSION variables in PSA are very strong and flexible. You can access
the user's profile with:
$_SESSION["psag"] // PSA User Group
The user's id with:
$_SESSION["psau"] // PSA User

Etc. 

Simply do what you've described with these vars:

If($_SESSION["psag"]>"9") {
    // show them this...
} else {
    // do this 
}

Does that answer your question?

Albert


On 6/28/03 5:49 PM, "Peter Hiltz" <pe...@pe...> wrote:

> My homegrown system on an internal site isn't that good, but one thing it does
> (which doesn't seem quite as easy in phpsecurityadm) is a simple test of:
> 
> Does the current user have X profile?
> 
> This allows me to show sections of pages, depending on the profile of the
> user. E.g. 
> 
> if(current_user->profile == 99) show_module1();
> else show_module2();
> 
> Actually, since I have a numerical security scale, it tends to be more:
> 
> if(current_user->securityclearance > 9) show_module1();
> else show_module2();
> 
> Is there an easy way to do this with phpsecurityadmin that I am just missing?
> 
> 
> 
> 
> -------------------------------------------------------
> This SF.Net email sponsored by: Free pre-built ASP.NET sites including
> Data Reports, E-commerce, Portals, and Forums are available now.
> Download today and enter to win an XBOX or Visual Studio .NET.
> http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01
> _______________________________________________
> phpsecurityadm-users mailing list
> php...@li...
> https://lists.sourceforge.net/lists/listinfo/phpsecurityadm-users
> 

[psa-users] Feature Request?

[Peter H. <pe...@pe...>]

My homegrown system on an internal site isn't that good, but one thing it does 
(which doesn't seem quite as easy in phpsecurityadm) is a simple test of: 

Does the current user have X profile?

This allows me to show sections of pages, depending on the profile of the 
user. E.g. 

if(current_user->profile == 99) show_module1();
else show_module2();

Actually, since I have a numerical security scale, it tends to be more:

if(current_user->securityclearance > 9) show_module1();
else show_module2();

Is there an easy way to do this with phpsecurityadmin that I am just missing?
 

[psa-users] Re: [psa-devel] Reset Password

[Justin K. <ju...@ko...>]

OK, I have now updated the CVS (major update). I finished cleaning up 
the password reset functionality (test it out). I also slightly changed 
the API of the Error() method to facilitate for multiple error messages 
(using arrays).

Be sure to start with a fresh database structure from the schema file 
because there were a couple small changes there.

Also, all the PO files have been updated, so I will post an 
anncouncement for translators to check out the latest files on the 
sourceforge web site.

Also, if anyone on the list knows how to set the damn write access for 
sourceforge CVS, please let me know how! I want each translator to be 
able to update their PO file as necessary, but that's all they need 
access to. The sf.net docs are confusing to me for some reason.

Well, that's all.. big CVS update - start from scratch when testing - 
we'll worry about upgrade stuff later.

Anyone wanna tackle doc writing? ;)

Happy testing!!

Justin Koivisto

Re: [psa-users] Drive Include Path Problem on new pages

[Albert L. <al...@pl...>]

Wow Peter good find, we'll update that. I see that Justin is already on it.
Cool. Glad to see you're testing the CVS too, have you tried the password
reset - we just added that. Its not elegant but is safe and quick. We're
looking to make a new release of the CVS code so if you find anything else
let us know. 


 
> You do not have access rights to this content.
> page X
> Go to Page Y
> 
> Obviously the fact that "page X" and "Go to Page Y" are shown is undesireable.
> Browser source code indicates that "page X" and "Go to Page Y" are after the
> closing </html> tag.
> 
> Stepping through _restrict.php shows that on the viewing denied page, the
> securityHeader() and  securityFooter() are called, and are output as part of
> $PSA_OUTPUT.
> 
> Then the remainder of the echo statements on pageX are called.
> 
> My tentative reaction is that it looks as if _restrict.php is missing an
> exit() call after the last call of securityFooter().
> 
> However, I also don't think that I understand how the output buffering
> functions work with respect to my code.   If my code needs to start getting
> included in the buffering, with a test for whether the user has viewing
> privileges, then I think I need to add more to each page (or function) than
> just including the _restrict.php page. If so, this should be documented a bit
> more for slow learners like me.  Or am I missing something else?
> 
> Peter
> 
> 
> 

Re: [psa-users] Drive Include Path Problem on new pages

[Justin K. <ju...@ko...>]

Peter Hiltz wrote:

>Output is:
>
>You do not have access rights to this content.
>page X
>Go to Page Y
>
>Obviously the fact that "page X" and "Go to Page Y" are shown is undesireable. 
>Browser source code indicates that "page X" and "Go to Page Y" are after the 
>closing </html> tag.
>
>Stepping through _restrict.php shows that on the viewing denied page, the 
>securityHeader() and  securityFooter() are called, and are output as part of 
>$PSA_OUTPUT.
>
>Then the remainder of the echo statements on pageX are called.
>
>My tentative reaction is that it looks as if _restrict.php is missing an 
>exit() call after the last call of securityFooter().
>  
>
That's right, it is... I am going to update CVS in a minute or two, but 
the end of the _restrict.php should look like:

    if(!$PSA_test && !$PSA_STOP_EXEC){
        if($PSA_DISPLAY_OUTPUT)
            securityHeader();

        echo $PSA_SYS->Error(); // Display Error

        if($PSA_DISPLAY_OUTPUT){
            securityFooter();
            exit();
        }
    }

    $PSA_OUTPUT=ob_get_contents();
    ob_end_clean();
    if($PSA_DISPLAY_OUTPUT)
        echo $PSA_OUTPUT;
?>

>However, I also don't think that I understand how the output buffering 
>functions work with respect to my code.   If my code needs to start getting 
>included in the buffering, with a test for whether the user has viewing 
>privileges, then I think I need to add more to each page (or function) than 
>just including the _restrict.php page. If so, this should be documented a bit 
>more for slow learners like me.  Or am I missing something else? 
>
I do need to create real documentation for the class and GUI, but I just 
haven't had the time to do it yet.  The way the output buffering is set 
up is so that you can use it as a standalone application as most people 
do. However, if you want to incorporate the GUI and/or login form into 
an existing framework, then setting  $PSA_DISPLAY_OUTPUT=FALSE; will 
allow you to use the $PSA_OUTPUT variable where ever you want to put it 
in your page.

Re: [psa-users] Drive Include Path Problem on new pages

[Justin K. <ju...@ko...>]

Peter Hiltz wrote:

>Now running CVS version.  
>
>Test Page source is :
><?php
>
>    require_once $PSA_PATH.'/phpsecurity/include/config.php';
>
>echo "Starting page stuff";
>?>
>
>Looking at the output to the browser, the line "Starting page stuff" is being 
>output after the closing body and html tags. I.E.
>
>body style="background-color: #ffffff; color: #000099;">
>You do not have access rights to this content </body>
></html>
>Starting page stuff
>
>Something is out of sync.
>  
>
This looks like you do not have the correct URI for the page you are 
trying to access. If your test page is something like 
http://www.example.com/test.php, then in the site structure, you will 
need to have an entry for "/test.php" - you will also need to have this 
entry selected in a profile, and that profile selected for the user you 
are trying to access the page with.  Also, you should use 
phpsecurityadmin/_restrict.php rather than the config file.

Re: [psa-users] Drive Include Path Problem on new pages

[Peter H. <pe...@pe...>]

Now running CVS version.  

Test Page source is :
<?php

    require_once $PSA_PATH.'/phpsecurity/include/config.php';

echo "Starting page stuff";
?>

Looking at the output to the browser, the line "Starting page stuff" is being 
output after the closing body and html tags. I.E.

body style="background-color: #ffffff; color: #000099;">
You do not have access rights to this content </body>
</html>
Starting page stuff

Something is out of sync.

Peter

On Tuesday 20 May 2003 12:39 am, Peter Hiltz wrote:
> Staying up late. Ok. I've picked up the CVS source. Remember my test page
> was in the directory above phpsecurityadm. The page generates a "You do not
> have access rights to this content message"...right above the content.

Re: [psa-users] Drive Include Path Problem on new pages

[Peter H. <pe...@pe...>]

Staying up late. Ok. I've picked up the CVS source. Remember my test page was 
in the directory above phpsecurityadm. The page generates a "You do not have 
access rights to this content message"...right above the content.

I go back down to the phpsecurityadm directory, to index.php. Log in. Go back 
up to the content directory. Same as above.

Time for some sleep.

Peter