Re: Q on the best way to set up a security function so users can edit records
This WebDNA talk-list message is from 1999
It keeps the original formatting.
numero = 23725
interpreted = N
texte = Thank you for the reply, I need a little help in clarifing some things.>Use the built-in [protect] tag, and use the built-in admin pages to create>your users and passwords. Use groups (just an arbitrary string of text) to>manage access for each of your users. Users can belong to multiple groups,>so it's easy to let them into different parts of the site.Ok, so the user 'registers' in the users.db. Then I have that information available to me during this session by using the [username] and [password] contexts. So, in order for the user to create a new record in my (other) database(s), I would be able to populate the username and password field automatically. I would also add them to the proper group so the 'add' link wouldn't even display unless they had 'logged in'.Also, once a user has logged in, I could use a [showif [username]=[user]]edit this link[/showif] (I get the [user] from the record being viewed)And I would do the same thing for each database. Correct?When the user initially logs in, I would need to check their selected username against the database to make sure it is unique, or can I user their email address as the username? I ask as I recently switched from a user selected username to making them use their email address as that is unique and they then select their own password. Since I already have a database with usernae (email address) and password information, is there an easy way to import this data into the users.db? Especially since the passwords are encrypted?So,users.db - store email address (username), password and groupsrequire 'logging in' in order to add, update, delete recordsonce logged in, use the [username] and [password] contexts to verify/track who they are.I guess the final question, is therre anything I need to watch out for in order for my users to register themselves in the users.db?Thanks!>Once someone has entered a proper username/password, you can get at their>username on any subsequent page *without* having to explicitly propagate it>(cart=[cart] is an example of explicit propagation). Just use [username]>anywhere you need it.>>[protect admin] - only *you* can view this page>[protect admin,ShoeVendors] - both you and people in 'ShoeVendors' group>can view this page>[protect ShoeVendors] - not even *you* can view this page, but ShoeVendors >can>>Use [username] instead of sku as your key for identifying records that>individual people add>>>I would like to create a single 'members' database in order allow my>>users to manage the records they have entered. The database would have>>fields for email, password, username (for chat / forums postings) and SKU>>(a unique number). The sku would be the key that is included in each>>record they add to any of the databases.>>>>Currently they would possibly be resgistering in order to join my chat />>or post in the forums, add links to my links database and two other>>informational databases.>>>>Once I have this 'sku', how do I make sure this data is passed around as>>needed? I want to make sure I keep track of this info as they move around>>the site so they only have to log in once. From a security standpoint I>>shouldn't pass this info in the URL, so how do I make sure I track this.>>Would using a cookie be the best way to do this?>>>>Or should I be looking into soome how using the users.db for this? I also>>have a few users that will need to edit other databases that I am quite>>concerned about security and it appears that the [protect] context would>>be helpful there. I just want to make it as easy for my users as possible.>>Technical Support | ==== eCommerce and Beyond ====>Pacific Coast Software | WebCatalog, WebMerchant,>11770 Bernardo Plaza Court | SiteEdit Pro, PhotoMaster,>San Diego, CA 92128 | Typhoon>619/675-1106 Fax: 619/675-0372 | http://www.smithmicro.com/>>
Associated Messages, from the most recent to the oldest:
Thank you for the reply, I need a little help in clarifing some things.>Use the built-in
[protect] tag, and use the built-in admin pages to create>your users and passwords. Use groups (just an arbitrary string of text) to>manage access for each of your users. Users can belong to multiple groups,>so it's easy to let them into different parts of the site.Ok, so the user 'registers' in the users.db. Then I have that information available to me during this session by using the
[username] and
[password] contexts. So, in order for the user to create a new record in my (other) database(s), I would be able to populate the username and password field automatically. I would also add them to the proper group so the 'add' link wouldn't even display unless they had 'logged in'.Also, once a user has logged in, I could use a [showif
[username]=[user]]edit this link[/showif] (I get the [user] from the record being viewed)And I would do the same thing for each database. Correct?When the user initially logs in, I would need to check their selected username against the database to make sure it is unique, or can I user their email address as the username? I ask as I recently switched from a user selected username to making them use their email address as that is unique and they then select their own password. Since I already have a database with usernae (email address) and password information, is there an easy way to import this data into the users.db? Especially since the passwords are encrypted?So,users.db - store email address (username), password and groupsrequire 'logging in' in order to add, update, delete recordsonce logged in, use the
[username] and
[password] contexts to verify/track who they are.I guess the final question, is therre anything I need to watch out for in order for my users to register themselves in the users.db?Thanks!>Once someone has entered a proper username/password, you can get at their>username on any subsequent page *without* having to explicitly propagate it>(cart=
[cart] is an example of explicit propagation). Just use
[username]>anywhere you need it.>>[protect admin] - only *you* can view this page>[protect admin,ShoeVendors] - both you and people in 'ShoeVendors' group>can view this page>[protect ShoeVendors] - not even *you* can view this page, but ShoeVendors >can>>Use
[username] instead of sku as your key for identifying records that>individual people add>>>I would like to create a single 'members' database in order allow my>>users to manage the records they have entered. The database would have>>fields for email, password, username (for chat / forums postings) and SKU>>(a unique number). The sku would be the key that is included in each>>record they add to any of the databases.>>>>Currently they would possibly be resgistering in order to join my chat />>or post in the forums, add links to my links database and two other>>informational databases.>>>>Once I have this 'sku', how do I make sure this data is passed around as>>needed? I want to make sure I keep track of this info as they move around>>the site so they only have to log in once. From a security standpoint I>>shouldn't pass this info in the URL, so how do I make sure I track this.>>Would using a cookie be the best way to do this?>>>>Or should I be looking into soome how using the users.db for this? I also>>have a few users that will need to edit other databases that I am quite>>concerned about security and it appears that the
[protect] context would>>be helpful there. I just want to make it as easy for my users as possible.>>Technical Support | ==== eCommerce and Beyond ====>Pacific Coast Software | WebCatalog, WebMerchant,>11770 Bernardo Plaza Court | SiteEdit Pro, PhotoMaster,>San Diego, CA 92128 | Typhoon>619/675-1106 Fax: 619/675-0372 | http://www.smithmicro.com/>>
webcat
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
[WebDNA] agree? --> [url] broken inside [redirect], on a square-bracket-style include, included from a XML-style page (2009)
Summing fields (1997)
price on detail, but not shoppingcart (1997)
two unique banners on one page (1997)
Sample Tearoom Search Error (1998)
webcat NT with [dos] command (1997)
Help with Shipping Costs (1997)
[cart]'s ever get recycled? (2000)
PSC recommends what date format yr 2000??? (1997)
Live hits (2003)
Re1000001: Setting up shop (1997)
America Online Issues (1998)
Mac GUI editors (1997)
Initiating NewCart (1997)
select multiple (1997)
Bit off subject -- Faxing orders (1997)
dos performance (1998)
page redirect in webDNA (1997)
WC2b15 File Corruption (1997)
WCS Newbie question (1997)