Re: [Simplog-devel] adodb

[Jim Hu <ji...@ta...>]

Jason,

Can't say about 4.2, but I also put it on my server, which is still=20
running 4.3.  Seems to work with Simplog.  The Sourceforge page says it=20=

requires php 4.0.5 or later.

OK, I figured out the problem.  The index file I had modified uses:

<?php @include("$baseurl/blog.php?blogid=3D$blogid"); ?>

which I think was based on an older version of index.php.  Yours uses

<?php include("blog.php"); ?>

I believe what is happening is that when the include statement looks=20
for http://hostname/simplog/blog.php?blodid=3DX, the session info is not=20=

being transferred via the http request...in other words, the content is=20=

being called by user Apache, not the user logged in.  Since Apache is=20
not on the blog_acl, and is not logged in, isUserAuthorized returns=20
false and no content comes back.

So, the good news is that I can fix this to work now with=20
isUserAuthorized on all of my blogs.  However, there is a design issue=20=

regarding the meaning of public, protected, and private that should be=20=

resolved before going further - I think that your function changes the=20=

meanings...it does so in a way that I sort of agree with, but here's=20
the problem:

In the help files, Jeremy defines the three kinds of blogs as follows:

>  A new blog can be Public, Protected or Private, and this provides a=20=

> method of pre-defining which users can contribute new comments without=20=

> explicitly defining each. In a public blog, any user with a logon can=20=

> add entries. In a protected blog, any one of a specfic set of users=20
> can add entries, and others are stopped. In a private blog, only one=20=

> person can add entries. Regardless of whether the blog is public,=20
> protected or private, everyone can read the blog.

With isUserAuthorized, this has changed so that only authorized users=20
can _read_ protected and private blogs.  I think that having blogs that=20=

are not accessible to the public is useful, and I took a different=20
approach to get this functionality by adding auth() to the index files=20=

for each blog.  However, this is trivially defeated by bypassing the=20
index file via http://host/simplog/blog.php?blogid=3DX, so your solution=20=

should be better.  The problem is - I think your solution breaks=20
something we've been telling users about how to customize their pages -=20=

by using blog.php to pass formatted content to the target website. =20
This means that upgrading to 0.91 may break some existing sites.

It seems to me that it would be better to define the kinds of blogs=20
differently than either of the above, based on four kinds of access=20
permissions: view, comment, post, and administer.  I'm not sure that=20
the current distinction between protected and private is useful, as one=20=

could in principle make protected blogs with only one user.  I'd=20
suggest that all kinds of blogs should only allow posts by acl users,=20
and all kinds of blogs should allow administration within a blog by=20
anyone set as an administrator in the blog_acl table (not clear to me=20
that the admin column in blog_acl does anything in current versions). =20=

The site administrator would still have global admin privileges.  In=20
addition, the three kinds would mean:

public =3D anyone can view or comment
protected =3D anyone can view, only acl users can comment
private =3D only acl users can view or comment.

What do people think?  I'm wondering if I'm missing some history or=20
standards within the blogging software world.

Jim

On Sep 21, 2004, at 12:24 AM, Jason L. Buberel wrote:

> is the new adodb backwards compatible with php 4.3 and 4.2? if so, I=20=

> would vote we upgrade simplog to use the new version.
>
>  -jason
>
>  PS Told you so :)
>
>  Jim Hu wrote:
>  While playing with installing simplog on another computer (my laptop)=20=

> to see if the distribution version of Simplog works without my=20
> modifications, I discovered that the version of adodb in the=20
> distribution is not compatible with php5.=A0 There is one available =
at:
>
>  http://adodb.sourceforge.net/
>
>  which seems to work fine.=A0 Jason's security system seems to work on=20=

> my laptop too, so I'll have to hunt down what I did differently in the=20=

> other installation...looks like one of my changes is incompatible with=20=

> his. :^(
>
>  Jim Hu
>
>
>
>  -------------------------------------------------------
>  This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
>  Project Admins to receive an Apple iPod Mini FREE for your judgement=20=

> on
>  who ports your project to Linux PPC the best. Sponsored by IBM.
>  Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
>  _______________________________________________
>  Simplog-devel mailing list
>  Sim...@li...
> https://lists.sourceforge.net/lists/listinfo/simplog-devel
>
>  !DSPAM:414fba2e123313405524358!
>
>
>
>
> --=20
> Jason L. Buberel - ja...@bu...  - http://www.buberel.org
>  JabberID:ja...@im...  - m:+16504831989