I secure applications via Fuseaction names.
You could do the same with template names.
Create a database of template names with an ID field.
id_template
template_name
Create a "groups" table.
id_group
group_name
group_level
Then, you'll have an association table for templates to groups
id_template
id_groups
You'll need a user database (which you sort of already have)
id_user
username
password
first_name
etc
And you'll have an association table for groups to users
id_group
id_user
Create an administrator for all of these tables and the associations, and you'll be
able to secure your application by groups of users or simply by group level.
Have fun. I've done it before and it works great.
---mark
--------------------------------------------------------------
Mark Warrick
Phone: (714) 547-5386
Efax.com Fax: (801) 730-7289
Personal Email: [EMAIL PROTECTED]
Personal URL: http://www.warrick.net
Business Email: [EMAIL PROTECTED]
Business URL: http://www.fusioneers.com
ICQ: 346566
--------------------------------------------------------------
> -----Original Message-----
> From: Ang�l Stewart [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, June 29, 2000 12:12 PM
> To: [EMAIL PROTECTED]
> Subject: Help again:User/Password Security Framework for Intranet site.
>
>
> Hello all..its me again =)
>
> I'm writing a small intranet application, that has areas limited
> to certain
> users with the correct Secuity Access Level.
>
> I have a table with Username, Password, and Access Level.
>
> I am thinking at the top of each page, to put a CFIF script to
> check for the
> prescence of a cookie called Authenticated, which will be set
> when the user
> fills out the Login page at the beginnning of the application.
>
> The value of that cookie will be the access level retrieved from the
> database.
> THis is what I have in the login page:
> __________________________________
> <CFIF IsDefined('form.username')>
>
> <cfquery name="verifyuser" datasource="bp2" dbtype="ODBC"
> username="bpamoco" password="bpamoco">
> Select * FROM bpamoco.users
> Where User = #form.username# AND Password = #form.password#
> </cfquery>
>
> <CFIF verifyuser.recordcount IS 0>
> You have entered an incorrect username and password. Please try again.
> <CFABORT>
> <CFELSE>
> User Verified.
> <CFCOOKIE Name="authenticated" Value="verifyuser.securelevel">
> </CFIF>
>
> </CFIF>
> _________________________________________
>
> And htis is what I have on the Edit Employee page:
> _________________________________________
> <CFIF NOT IsDefined ('cookie.authenticated')>
>
> You have not successfully logged into the system!<br>
> Please enter you're login information below!
>
> <CFINCLUDE TEMPLATE="login.cfm">
>
> <CFABORT>
>
> <CFELSE>
> <CFIF cookie.authenticated NEQ "Administrator">
> You do not have permission to view this page
> <CFINCLUDE TEMPLATE="login.cfm">
> <CFABORT>
> </CFIF>
> </CFIF>
> _______________________________________
>
> To me this seems..well...dirty.
> I know that there is a more elegant way to do this, and I know
> one of you is
> just dying to show me the path to enlightenment :-)
>
> -Gel
>
>
> ------------------------------------------------------------------
> ------------
> Archives: http://www.eGroups.com/list/cf-talk
> To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf
_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the
body.
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebarRsts&bodyRsts/cf_talk or send a message
to [EMAIL PROTECTED] with 'unsubscribe' in the body.
