SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Member
    Join Date
    Feb 2009
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    How do I restrict users to specific areas using Pear access control?

    I run my own web server and host my sister's site as a subsection of my site. Over the Xmass Holidays I started teaching my self to build web applications using PHP and MySQL on Apache. My quest lead me to Sitepoint.com and the book "THE PHP ANTHOLOGY 2rd Edition". The book has been a great help but I ran into one catch - when I log into the test area, I have access to my sister's area although her area of the site uses a different database. Both databases are using the access control system found in chapter 10 of THE PHP ANTHOLOGY 2rd Edition and both databases has the same user philip but has different passwords.

    How can I prevent users that have logged into one section of the site having access to an area that they are not members of? Also, I would like standard members restricted to specific activities like posting messages in their members only areas while administrator members will have more privileges for specific member areas of the site.

  2. #2
    SitePoint Enthusiast
    Join Date
    Aug 2008
    Location
    Everett WA
    Posts
    80
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It could be just me, but I am having a hard time following. I would need to know some more details, and perhaps even examples, a mock up example even would help. I just find myself asking what do you mean by "your area" vs "your sister's area". One thing I would suggest, due to common mistakes, no matter how methodical you may be, use different usernames and passwords for different databases, because they can easily get confused.

    Maybe elaborate with some examples, that might help us understand and respond.
    Jonathan Kinney
    Data Systems Specialist
    Advantagecom Networks, Inc.
    http://www.simplywebhosting.com

  3. #3
    SitePoint Member
    Join Date
    Feb 2009
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Jonathan Kinney View Post
    It could be just me, but I am having a hard time following. I would need to know some more details, and perhaps even examples, a mock up example even would help. I just find myself asking what do you mean by "your area" vs "your sister's area". One thing I would suggest, due to common mistakes, no matter how methodical you may be, use different usernames and passwords for different databases, because they can easily get confused.

    Maybe elaborate with some examples, that might help us understand and respond.
    Hi Jonathan, my site consists of area A, where I test sites that I am building, another area B, where I am teaching myself to use PHP5 and MySQL, and area C, where I implement what I have learned into my sister's site. Area B uses a database called access_control which has the same tables and structure found in the book "THE PHP ANTHOLOGY 2rd Edition". Area C uses a database called jilian that has all the tables and structure as access_control plus tables specific to jilian. Currently, the access_control.user table has one user - philip, and jilian.user table has one user - philip. access_control.user.philip has a different password to jilian.user.philip

    When philip (area B user) logs into area B, he now has access to area C which he should not have access to. However, if philip (B) tries to log into area C access is denied and if philip (area C user) tries to log into area B access is also denied. But when philip (C) logs into area C he also has access to area B.

    I figured if the same database was used for both areas, as both areas gain more users, users of area B will have access to area C even though they are not members of area C and vise versa. My thinking was that by having a different access control database for each area I would prevent members of area B accessing area C and vise versa. My issue only occur when both areas B and C have identical usernames. How can I prevent a username that has been assigned in area B from being assigned in area C and vise versa?

    I hope this will make it clearer,

    Philip

  4. #4
    SitePoint Enthusiast reviewman's Avatar
    Join Date
    Mar 2009
    Posts
    81
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    check this post, maybe your answer is there:
    sitepoint.com/blogs/2004/06/11/php-authentication-and-access-control-libraries
    Last edited by reviewman; Apr 9, 2009 at 09:47. Reason: mistake

  5. #5
    SitePoint Member
    Join Date
    Feb 2009
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi reviewman, thank you for the link. I checked out the thread and the concept looks like what I'm looking for. It will take me some time to go through all the responses to see which set of libraries/classes will suit my needs.

    Philip

  6. #6
    SitePoint Enthusiast
    Join Date
    Aug 2008
    Location
    Everett WA
    Posts
    80
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    For some reason every time I read your name "spycxamaican", I get hungry for spicy mexican food....

    But yeah, I hope you got your issue sorted out.
    Jonathan Kinney
    Data Systems Specialist
    Advantagecom Networks, Inc.
    http://www.simplywebhosting.com


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •