Re: [PHP-DB] Suggestions please!
On 11/21/05, Micah Stevens [EMAIL PROTECTED] wrote: Sounds like a decision needs to be made. If statements were born for that. On Monday 21 November 2005 3:41 am, JeRRy wrote: Hi, Okay I have a dj site, I have alogin script and cookies to handle the login. Next I want to add some permissions for each dj account. Maybe 3 to start with, 3 permissions. A value or y or n will be set in each permission, with n being the default. Now I need to know how to output the permission out with some add php code. So let me explain: Three permissions lets say are perm_1 , perm_2 , and perm_3 If user bob has a y in perm_2 I want to output the perm_2 permission. Which lets say is to delete a dj account. So it needs to output some php code to work with the database. Is IF statements relevent/safe for this or is there a better method? So each user account on default will need to also check the values of the permission. So I need a code that checks for a y value in each permission. If none is found than nothing is displayed or a message saying you have no special permissions currently. But if one or more are met than those permissions are outputed to the relevant permission code. If you need any further information please let me know. All help mostly appreciated in advance. J You may want to consider values. perm1 on = 1 perm2 on = 3 perm3 on = 5 therefore: perm1 + perm2 = 4 perm1 + perm3 = 6 Might make some of the permission checking simpler? Just a thought. -- Graham -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Suggestions please!
you might want to create a table called perms and have each row contain a
user id and a perm for each
the way i have mine setup is a bit more complex but fully configurable.
Here's how i would set it up
user_permissions
- user_id
- action
- value
user_actions
- id
- title
users
- id
- username
- passwd
then to get the permissions i would use a user object maybe something like
this
class user {
var $_id;
var $_permissions;
function user() {
$this-loadPermissions();
}
function hasPermission($val) {
$perm = $this-getPermission($val);
if(isset($perm) $perm == 1) return true;
else return false
}
function loadPermissions() {
global $db;
$res = $db-Query(SELECT user_permissions.value, user_actions.title value
FROM user_permissions INNER JOIN user_actions ON
user_permissions.action==user_actions.id
$data = $db-fetchAll($res);
return $data
}
}
Understand that this code will not work out of the box and no security
measures were implemented, i did this just to show an example ;)
In my system i have user permissions and group permissions, i load the group
permissions then override with the user permissions.
--
Joseph Crawford Jr.
Zend Certified Engineer
Codebowl Solutions, Inc.
1-802-671-2021
[EMAIL PROTECTED]
[PHP-DB] Suggestions please!
Hi, Okay I have a dj site, I have alogin script and cookies to handle the login. Next I want to add some permissions for each dj account. Maybe 3 to start with, 3 permissions. A value or y or n will be set in each permission, with n being the default. Now I need to know how to output the permission out with some add php code. So let me explain: Three permissions lets say are perm_1 , perm_2 , and perm_3 If user bob has a y in perm_2 I want to output the perm_2 permission. Which lets say is to delete a dj account. So it needs to output some php code to work with the database. Is IF statements relevent/safe for this or is there a better method? So each user account on default will need to also check the values of the permission. So I need a code that checks for a y value in each permission. If none is found than nothing is displayed or a message saying you have no special permissions currently. But if one or more are met than those permissions are outputed to the relevant permission code. If you need any further information please let me know. All help mostly appreciated in advance. J - Do you Yahoo!? The best of Hasselhoff on the web - Hoffice Attachments
Re: [PHP-DB] Suggestions please!
Sounds like a decision needs to be made. If statements were born for that. On Monday 21 November 2005 3:41 am, JeRRy wrote: Hi, Okay I have a dj site, I have alogin script and cookies to handle the login. Next I want to add some permissions for each dj account. Maybe 3 to start with, 3 permissions. A value or y or n will be set in each permission, with n being the default. Now I need to know how to output the permission out with some add php code. So let me explain: Three permissions lets say are perm_1 , perm_2 , and perm_3 If user bob has a y in perm_2 I want to output the perm_2 permission. Which lets say is to delete a dj account. So it needs to output some php code to work with the database. Is IF statements relevent/safe for this or is there a better method? So each user account on default will need to also check the values of the permission. So I need a code that checks for a y value in each permission. If none is found than nothing is displayed or a message saying you have no special permissions currently. But if one or more are met than those permissions are outputed to the relevant permission code. If you need any further information please let me know. All help mostly appreciated in advance. J - Do you Yahoo!? The best of Hasselhoff on the web - Hoffice Attachments -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] suggestions
Hello I need to dev a small app and I can think of a couple different ways to handle it but not sure the best way. I need to register those who come to our site that want to download .pdf's. They will fill out some information before I redirect to the pdf. I'm thinking the best way to handle this is sessions, but is it appropriate to store all of the users info - so that if he downloads 2 items - I can re-populate the fields so he doesnt have to? So if they click on an additional pdf I'll need to somehow check for the session and re-populate 11 fields, and they will only have to fill in one field at that time. Or would cookies be better ? I need to store probably 11 different form variables. Also - would you store the variables in an array in the session? This seems neat and tidy... Hope this is clear. Any advice/guidance/sample scripts would be appreciated. Thanks -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] suggestions
Mignon Hunter wrote: Hello Mignon, this is really a php-generals question me thinks (you don't even mention a DB ;-), regardless I need to dev a small app and I can think of a couple different ways to handle it but not sure the best way. I need to register those who come to our site that want to download .pdf's. They will fill out some information before I redirect to the pdf. I'm thinking the best way to handle this is sessions, but is it appropriate to store all of the users info - so that if he downloads 2 items - I can re-populate the fields so he doesnt have to? So if they click on an additional pdf I'll need to somehow check for the session and re-populate 11 fields, and they will only have to fill in one field at that time. Or would cookies be better ? I need to store probably 11 different form variables. Also - would you store the variables in an array in the session? This seems neat and tidy... lets see: if you put the data in a cookie then you are allowing malicious users to change that data after you have stored it (so you will have to check it _everytime_ you want to use it)... best to stick an array in the $_SESSION array.. that way you oly need you sanitize the data when you add/change it - there is no problem with storing an array with 11 items it in in the session, and using an array rather than 'loose' variables would definitely be neater - you have all the user/pdf data in on place and its easy to extend that ammount of info you store (i.e. if your client decides users must fill out more information to download a pdf) Hope this is clear. Any advice/guidance/sample scripts would be appreciated. Thanks -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] suggestions
Hello I need to dev a small app and I can think of a couple different ways to handle it but not sure the best way. I need to register those who come to our site that want to download .pdf's. They will fill out some information before I redirect to the pdf. I'm thinking the best way to handle this is sessions, but is it appropriate to store all of the users info - so that if he downloads 2 items - I can re-populate the fields so he doesnt have to? So if they click on an additional pdf I'll need to somehow check for the session and re-populate 11 fields, and they will only have to fill in one field at that time. Or would cookies be better ? I need to store probably 11 different form variables. Also - would you store the variables in an array in the session? This seems neat and tidy... Hope this is clear. Any advice/guidance/sample scripts would be appreciated. I think sessions would be perfect for this http://us3.php.net/session is a good place to start -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] suggestions
Mignon Hunter wrote: Sorry - forgot to mention the data I'm collecting will go into a dbase, that's why I posted here. fine. but your not having trouble putting data into a DB. yet. :-) Thanks I'll work with the session angle. Please see if this logic is flawed... The hyperlink to the pdf will spawn a new window with my form to fill out. So I think I must start the session in the first page, the one that the pdf is on. start the session on _every_ page. its best to put all the session startup code in one file and include that on each page (thats the general principal anyhow). So I assign the variables collected in the 2nd window the session of the first. Then when the 2nd window is closed store in session and write to dbase ? the session (or the server for that matter) does not know anything about windows. you can use 100 windows or just one, makes no difference. Upon closing the 2nd window redirect to the pdf. If user wants another file, spawn a third window with form but fill in most of what he entered (ie name,address,etc). I get this from the current session right? 1. user clicks link to download pdf. 2. server send a page with a form in it. (possibly partially filled in from previous download in this session) 3. user submits (properly filled in) form. 4. server santizises user input, stores/updates session info, adds record to DB, then: either: spits out a PDF with appropriate headers so that the browser presents a download dialog. or: redirect to a page with a link (with some kind of token/key in the query part of the URL) to a page that spits out a PDF. or: redirect to a page with some javascript that sets the location of the parent window to a new URL or: something :-) whether you use multiple windows to accomplish this on the clientside is irrelevant to what you have to do on the server. if you are redirecting you will probably want to pass some token that you can check (a token is only generated if someone filled out a form) before outputting the PDF. Ultimately the data in the dbase is the goal and I just dont want the user to have to re-enter you do realise that if you redirect, after the user submits, to a url like: http://yourserver.com/yourpdf.pdf then I can skip the whole filling the form business in and just grab the file directly? Thanks Mignon ... -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Suggestions for record insertion
I've put together a long form that spans 5 tables of the database. Once the user has reached the final page I want to insert into database but wonder what the logical steps would be. I'll be reading through manual , but thought I'd ask about things like rollback. I'm guessing that for whatever reason, insert into say the 3rd table failed, it's going to take a decent amount of code to delete the records from the first 2 tables ? Basically I'm open to any ideas on this, while I search out the manual. Thank you Stuart -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Suggestions for record insertion
Stuart Felenstein wrote: I've put together a long form that spans 5 tables of the database. Once the user has reached the final page I want to insert into database but wonder what the logical steps would be. I'll be reading through manual , but thought I'd ask about things like rollback. I'm guessing that for whatever reason, insert into say the 3rd table failed, it's going to take a decent amount of code to delete the records from the first 2 tables ? Basically I'm open to any ideas on this, while I search out the manual. You need to use transactions. Search your database's manual on how to use them. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
