2. PHPRunner General questions
  3. Newbie need security help
This topic is locked

Newbie need security help

 		1/25/2006 15:24:06
PHPRunner General questions
D
 DouglasB author

So I have this database containg 2 tables the main table has all the data in it. The User table has the login info of username, password, contactname, email and group.
What I want to do is have three levels of logins:
Default - this is for newly registered visitors and they get to see only the info in the main table, but can not change or add anything. They are added to the user table by the registeration page.

User - these people get to Add, Edit and Delete only records they created, but can see everything in the Main table. They are added to the user table by the admin.

Admin - these people get to do everything in all tables
Can some one take me step by step through this. I must be doing something very wrong in PHPRunner because it just does not work the way it should, but I know its me and not a software glitch.
A
 		Alan4573 1/25/2006

Douglas,
When you say it just does not work the way it should, can you explain what it doesn't do?
Main things to remember are (in no particular order)

  1. You must have an identifier in your main table specific to the user who edited the data to ensure only that group can see and edit their own data. (same principle as primary/foreign key in a master/detail set).
  2. The group field in your user table is the one you set your permissions (levels of login) on - add users to the groups in your user table depending upon what you want them to be able to do.
  3. Make sure you create a "Default group" who can view all data but not edit anything.
  4. Your user table field and main table field which are used as common identifiers must be the same case (This one caught me out).
    If you need any more info, let me know and I'll knock up a step by step guide.
    Cheers
    Alan
D
 		DouglasB author 1/30/2006

Alan,
Correct is was #4 that was giving me the headache. I now have three groups working the was they are suppose too.
Thanks for the assistance.