Re: [PHP] Question about user management...
At 10:20 PM -0700 3/10/08, Mike wrote: Wait, what? You are defining user role ids as MD5 hashes of UUIDs created from random numbers that change on every request? Am I missing something or is this completely insane advice? Mike: What you're missing is that it doesn't matter. Each session generates one ID for each type of user. It doesn't matter if the user comes back tomorrow and the actual number is different than it was yesterday. The point is that the number used for that user during that time is defined uniquely. Granted, this is a little disturbing -- but my second suggestion to use a string is a little less disturbing. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about user management...
Eric Butera wrote: Read up on ACL's. Apart from Zend which you've mentiond below, is there anything in/for PHP that will help implement ACLs for a PHP application? http://en.wikipedia.org/wiki/Access_control_list http://framework.zend.com/manual/en/zend.acl.html Does anyone use the Zend ACL stuff? /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about user management...
On Tue, Mar 11, 2008 at 3:21 AM, Per Jessen [EMAIL PROTECTED] wrote: Eric Butera wrote: Read up on ACL's. Apart from Zend which you've mentiond below, is there anything in/for PHP that will help implement ACLs for a PHP application? http://en.wikipedia.org/wiki/Access_control_list http://framework.zend.com/manual/en/zend.acl.html Does anyone use the Zend ACL stuff? /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Not really. It is just a high level concept that users get roles. Then in your code you define what roles can do. If you're into books on tape check this podcast [1] out. A few years ago the PEAR people were pimping something called LiveUser [2] which now seems to be dead. Kind of ironic too since I remember at the time everyone was saying stop working on your own and use ours. [1] http://devzone.zend.com/article/2452-PHP-Abstract-Podcast-Episode-15-The-Zend-Access-Control-List [2] http://pear.php.net/package/liveuser
Re: [PHP] Question about user management...
On Mar 11, 2008, at 12:20 AM, Mike wrote:
Wait, what?
You are defining user role ids as MD5 hashes of UUIDs created from
random numbers that change on every request?
Am I missing something or is this completely insane advice?
I'm probably wrong on this, but I think the point is that it doesn't
matter the actual value of the constants. As long as you're using that
constant (which has a unique value on each request)... well, wait.
Maybe I don't understand either. Ha!
I do understand the security aspect though. It's like a password that
changes quite frequently - it would be, for all intensive purposes,
impossible to guess.
Oh, I have an idea! Let's say your users are defined this way in the
database:
user_level: ADMIN, GENERAL_USER, LEVEL_ONE_USER, etc...
Then run your comparison, e.g.:
if (defined ($user['user_level'])) { ... }
Maybe Tedd or Dan need to slap some sense into me, but that's one way
I *think* you could implement it. =/
~Philip
On Mar 10, 2008, at 1:07 PM, tedd wrote:
At 3:14 PM -0400 3/10/08, Daniel Brown wrote:
On Mon, Mar 10, 2008 at 3:08 PM, Jason Pruim [EMAIL PROTECTED]
wrote:
What I was thinking about doing was a combination of the company
name
(Which I set right now) and then a access level such as 50 for
the
Owner of the program, 40 for the Managers and 30 for the
user of the program. also leaving me room to add other levels if
required..
I generally do the same basic thing for permission levels, but a
reverse of what you're attempting to do.
The superuser (AKA root, administrator, God, whatever) has GID 0,
just like on a *NIX system. This is because it's the highest level
you can reach, and 0 is the lowest real number you can use. Thus,
you
can add a virtually-infinite number of lesser users, as opposed to
being limited to 50, as in your case.
Yeah, but then if you try to add a super-superuser you have to go
negative. :-)
Why not just define the users with define CONSTANT statement and
use that? Then the different types of users can be anything you
want and you can change the value easily if there's a problem.
Really, all the value really has to be is unique -- you could use
unique() for that, such as:
define(ADMIN, md5(uniqid(rand(), true)););
define(GENERAL_USER, md5(uniqid(rand(), true)););
define(LEVEL_ONE__USER, md5(uniqid(rand(), true)););
define(LEVEL_TWO__USER, md5(uniqid(rand(), true)););
define(WHATEVER__USER, md5(uniqid(rand(), true)););
and so on. That would work and you'll never have to be concerned
about it nor worry about someone guessing it, if that becomes a
problem.
Am I right?
Cheers,
tedd
PS: Oh, I just received the following email and thought I would
pass it on:
HELLO,
MY NAME IS AGNES IN SEARCH OF A MAN WHO UNDERSTANDS THE MEANING OF
LOVE AS TRUST AND FAITH IN EACH OTHER RATHER THAN ONE WHO SEES LOVE
AS THE ONLY WAY OF FUN BUT A MATURED MAN WITH NICE VISION OF WHAT
THE WORLD IS ALL ABOUT SO PLEASE REPLY ME WITH THIS BOX IF YOU ARE
INTERESTED IN ME.
Anyone want a woman who yells all the time?
--
---
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Personally, most of my web applications do not have to factor 13.7
billion years of space drift in to the calculations, so PHP's rand
function has been great for me... ~S. Johnson
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about user management...
On Mar 11, 2008, at 10:42 AM, Philip Thompson wrote:
On Mar 11, 2008, at 12:20 AM, Mike wrote:
Wait, what?
You are defining user role ids as MD5 hashes of UUIDs created from
random numbers that change on every request?
Am I missing something or is this completely insane advice?
I'm probably wrong on this, but I think the point is that it doesn't
matter the actual value of the constants. As long as you're using
that constant (which has a unique value on each request)... well,
wait. Maybe I don't understand either. Ha!
I do understand the security aspect though. It's like a password
that changes quite frequently - it would be, for all intensive
purposes, impossible to guess.
Oh, I have an idea! Let's say your users are defined this way in the
database:
user_level: ADMIN, GENERAL_USER, LEVEL_ONE_USER, etc...
Then run your comparison, e.g.:
if (defined ($user['user_level'])) { ... }
Maybe Tedd or Dan need to slap some sense into me, but that's one
way I *think* you could implement it. =/
~Philip
Here's what I understood it to mean :) The numbers that I was using
are unimportant.. It just needs to be consistent throughout the entire
application. Ie if 50,000 = Root 50,000 has to ALWAYS equal root. in
that same fashion if 0 = root 0 always has to be root. Both are just
as valid, and it's just a matter of design.
I could also use a Level1, Level2 etc type setup... All of it
works, and it's just semantics and programming styles. I don't believe
that either way is any more secure then any other way... At least of
what I have mentioned here...
If I'm wrong though, I'm open to suggestions! :)
--
Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424-9337
www.raoset.com
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about user management...
On Tue, Mar 11, 2008 at 10:42 AM, Philip Thompson
[EMAIL PROTECTED] wrote:
I do understand the security aspect though. It's like a password that
changes quite frequently - it would be, for all intensive purposes,
impossible to guess.
Very similar, yes. You've got the idea.
Oh, I have an idea! Let's say your users are defined this way in the
database:
user_level: ADMIN, GENERAL_USER, LEVEL_ONE_USER, etc...
Then run your comparison, e.g.:
if (defined ($user['user_level'])) { ... }
Maybe Tedd or Dan need to slap some sense into me, but that's one way
I *think* you could implement it. =/
You certainly can do that, but the problem is, if it doesn't come
down to numbers (lower-means-higher[1]), then you're defining a single
set of privileges per level. This means that each escalated privilege
level would either have to be associated with an array of either
permissible access codes, or (more overhead) would require an array of
all levels defined. Then, when you add a new level, it would have to
be explicitly defined or otherwise become a child of a parent level,
using inheritance.
[1] Using the integer method, this can be avoided. If you're
number is 0, you're the equivalent of root on *NIX. You are God in
the eyes of the system. You can do anything at all. Now, say your
number is 10. You inherit the privilege set of users =10, but NOT
root-level privileges. Your guest users may then have a code 99,
which may be your highest number. This means they have no privileged
access, only general browsing.
Keep in mind, especially, that you don't have to limit yourself to
INT in the database. You could - and probably should - use a
FLOAT(2,2) field instead. This means you can have up to (100^2) - 1
specific levels that will inherit privileges from numbers higher than
the user level. Counting 0-99.99 gives 10,000 combinations, so root
could have up to 9,999 inherited levels below its own.
If, however, you want to restrict each level to one privilege set,
and one set only, then you can use definitions or any other method.
You'd just need more data than a single number if you later decided to
expand and use inheritance.
In any case, the idea is a lot simpler than it probably sounds by
now, but it's a fuller explanation for those interested.
--
/Dan
Daniel P. Brown
Senior Unix Geek
? while(1) { $me = $mind--; sleep(86400); } ?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about user management...
On Mon, Mar 10, 2008 at 3:08 PM, Jason Pruim [EMAIL PROTECTED] wrote:
Hi Everyone, Happy Monday to all of you!
I am trying to think through a user management issue for a application
I am working on. What I want to do, is be able to provide a multi user
environment (All accessing the same page, but depending on company
name they get different data) and be able to give certain people the
ability to add/remove users.
What I was thinking about doing was a combination of the company name
(Which I set right now) and then a access level such as 50 for the
Owner of the program, 40 for the Managers and 30 for the
user of the program. also leaving me room to add other levels if
required..
I generally do the same basic thing for permission levels, but a
reverse of what you're attempting to do.
The superuser (AKA root, administrator, God, whatever) has GID 0,
just like on a *NIX system. This is because it's the highest level
you can reach, and 0 is the lowest real number you can use. Thus, you
can add a virtually-infinite number of lesser users, as opposed to
being limited to 50, as in your case.
--
/Dan
Daniel P. Brown
Senior Unix Geek
? while(1) { $me = $mind--; sleep(86400); } ?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about user management...
Sounds like a pretty typical setup.
Depending on your layout, you may be able to use a templating type system for
the pages as well. It's hard to tell if that's useful without more
information.
/tmpl/companyid/index.php
Not sure if that's what you meant by using the company name or if you were
going to do something like company30 company50 and such.
Lots of different ways to do what you're talking about, but sounds like
you're in the right path.
-TG
- Original Message -
From: Daniel Brown [EMAIL PROTECTED]
To: Jason Pruim [EMAIL PROTECTED]
Cc: [php] PHP General List php-general@lists.php.net
Date: Mon, 10 Mar 2008 15:14:05 -0400
Subject: Re: [PHP] Question about user management...
On Mon, Mar 10, 2008 at 3:08 PM, Jason Pruim [EMAIL PROTECTED] wrote:
Hi Everyone, Happy Monday to all of you!
I am trying to think through a user management issue for a application
I am working on. What I want to do, is be able to provide a multi user
environment (All accessing the same page, but depending on company
name they get different data) and be able to give certain people the
ability to add/remove users.
What I was thinking about doing was a combination of the company name
(Which I set right now) and then a access level such as 50 for the
Owner of the program, 40 for the Managers and 30 for the
user of the program. also leaving me room to add other levels if
required..
I generally do the same basic thing for permission levels, but a
reverse of what you're attempting to do.
The superuser (AKA root, administrator, God, whatever) has GID 0,
just like on a *NIX system. This is because it's the highest level
you can reach, and 0 is the lowest real number you can use. Thus, you
can add a virtually-infinite number of lesser users, as opposed to
being limited to 50, as in your case.
--
/Dan
Daniel P. Brown
Senior Unix Geek
? while(1) { $me = $mind--; sleep(86400); } ?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about user management...
Hey TG,
I was thinking about doing it as CompanyA CompanyB etc... etc...
All stored in a database. And they can all go to the same main website
and be able to get at everything they need.
Thanks for looking! :)
On Mar 10, 2008, at 3:48 PM, TG wrote:
Sounds like a pretty typical setup.
Depending on your layout, you may be able to use a templating type
system for
the pages as well. It's hard to tell if that's useful without more
information.
/tmpl/companyid/index.php
Not sure if that's what you meant by using the company name or if
you were
going to do something like company30 company50 and such.
Lots of different ways to do what you're talking about, but sounds
like
you're in the right path.
-TG
- Original Message -
From: Daniel Brown [EMAIL PROTECTED]
To: Jason Pruim [EMAIL PROTECTED]
Cc: [php] PHP General List php-general@lists.php.net
Date: Mon, 10 Mar 2008 15:14:05 -0400
Subject: Re: [PHP] Question about user management...
On Mon, Mar 10, 2008 at 3:08 PM, Jason Pruim [EMAIL PROTECTED]
wrote:
Hi Everyone, Happy Monday to all of you!
I am trying to think through a user management issue for a
application
I am working on. What I want to do, is be able to provide a multi
user
environment (All accessing the same page, but depending on company
name they get different data) and be able to give certain people the
ability to add/remove users.
What I was thinking about doing was a combination of the company
name
(Which I set right now) and then a access level such as 50 for the
Owner of the program, 40 for the Managers and 30 for the
user of the program. also leaving me room to add other levels if
required..
I generally do the same basic thing for permission levels, but a
reverse of what you're attempting to do.
The superuser (AKA root, administrator, God, whatever) has GID 0,
just like on a *NIX system. This is because it's the highest level
you can reach, and 0 is the lowest real number you can use. Thus,
you
can add a virtually-infinite number of lesser users, as opposed to
being limited to 50, as in your case.
--
/Dan
Daniel P. Brown
Senior Unix Geek
? while(1) { $me = $mind--; sleep(86400); } ?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424-9337
www.raoset.com
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about user management...
On Mar 10, 2008, at 3:14 PM, Daniel Brown wrote: On Mon, Mar 10, 2008 at 3:08 PM, Jason Pruim [EMAIL PROTECTED] wrote: Hi Everyone, Happy Monday to all of you! I am trying to think through a user management issue for a application I am working on. What I want to do, is be able to provide a multi user environment (All accessing the same page, but depending on company name they get different data) and be able to give certain people the ability to add/remove users. What I was thinking about doing was a combination of the company name (Which I set right now) and then a access level such as 50 for the Owner of the program, 40 for the Managers and 30 for the user of the program. also leaving me room to add other levels if required.. I generally do the same basic thing for permission levels, but a reverse of what you're attempting to do. The superuser (AKA root, administrator, God, whatever) has GID 0, just like on a *NIX system. This is because it's the highest level you can reach, and 0 is the lowest real number you can use. Thus, you can add a virtually-infinite number of lesser users, as opposed to being limited to 50, as in your case. Which makes sense for when my KeWl ApP goes public and gets l33t status! :) That's what we all hope for though right? :) -- Jason Pruim Raoset Inc. Technology Manager MQC Specialist 3251 132nd ave Holland, MI, 49424-9337 www.raoset.com [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about user management...
At 3:14 PM -0400 3/10/08, Daniel Brown wrote: On Mon, Mar 10, 2008 at 3:08 PM, Jason Pruim [EMAIL PROTECTED] wrote: What I was thinking about doing was a combination of the company name (Which I set right now) and then a access level such as 50 for the Owner of the program, 40 for the Managers and 30 for the user of the program. also leaving me room to add other levels if required.. I generally do the same basic thing for permission levels, but a reverse of what you're attempting to do. The superuser (AKA root, administrator, God, whatever) has GID 0, just like on a *NIX system. This is because it's the highest level you can reach, and 0 is the lowest real number you can use. Thus, you can add a virtually-infinite number of lesser users, as opposed to being limited to 50, as in your case. Yeah, but then if you try to add a super-superuser you have to go negative. :-) Why not just define the users with define CONSTANT statement and use that? Then the different types of users can be anything you want and you can change the value easily if there's a problem. Really, all the value really has to be is unique -- you could use unique() for that, such as: define(ADMIN, md5(uniqid(rand(), true));); define(GENERAL_USER, md5(uniqid(rand(), true));); define(LEVEL_ONE__USER, md5(uniqid(rand(), true));); define(LEVEL_TWO__USER, md5(uniqid(rand(), true));); define(WHATEVER__USER, md5(uniqid(rand(), true));); and so on. That would work and you'll never have to be concerned about it nor worry about someone guessing it, if that becomes a problem. Am I right? Cheers, tedd PS: Oh, I just received the following email and thought I would pass it on: HELLO, MY NAME IS AGNES IN SEARCH OF A MAN WHO UNDERSTANDS THE MEANING OF LOVE AS TRUST AND FAITH IN EACH OTHER RATHER THAN ONE WHO SEES LOVE AS THE ONLY WAY OF FUN BUT A MATURED MAN WITH NICE VISION OF WHAT THE WORLD IS ALL ABOUT SO PLEASE REPLY ME WITH THIS BOX IF YOU ARE INTERESTED IN ME. Anyone want a woman who yells all the time? -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about user management...
On Mar 10, 2008, at 4:07 PM, tedd wrote: At 3:14 PM -0400 3/10/08, Daniel Brown wrote: On Mon, Mar 10, 2008 at 3:08 PM, Jason Pruim [EMAIL PROTECTED] wrote: What I was thinking about doing was a combination of the company name (Which I set right now) and then a access level such as 50 for the Owner of the program, 40 for the Managers and 30 for the user of the program. also leaving me room to add other levels if required.. I generally do the same basic thing for permission levels, but a reverse of what you're attempting to do. The superuser (AKA root, administrator, God, whatever) has GID 0, just like on a *NIX system. This is because it's the highest level you can reach, and 0 is the lowest real number you can use. Thus, you can add a virtually-infinite number of lesser users, as opposed to being limited to 50, as in your case. Yeah, but then if you try to add a super-superuser you have to go negative. :-) Why not just define the users with define CONSTANT statement and use that? Then the different types of users can be anything you want and you can change the value easily if there's a problem. Really, all the value really has to be is unique -- you could use unique() for that, such as: define(ADMIN, md5(uniqid(rand(), true));); define(GENERAL_USER, md5(uniqid(rand(), true));); define(LEVEL_ONE__USER, md5(uniqid(rand(), true));); define(LEVEL_TWO__USER, md5(uniqid(rand(), true));); define(WHATEVER__USER, md5(uniqid(rand(), true));); with the chance to bring up an old thread about the universe not being random and everything being relational and all that... Any idea what the chances are that this would ever reproduce the same number? Or with the uniqid() portion will that check the other values? and so on. That would work and you'll never have to be concerned about it nor worry about someone guessing it, if that becomes a problem. Am I right? Cheers, tedd PS: Oh, I just received the following email and thought I would pass it on: HELLO, MY NAME IS AGNES IN SEARCH OF A MAN WHO UNDERSTANDS THE MEANING OF LOVE AS TRUST AND FAITH IN EACH OTHER RATHER THAN ONE WHO SEES LOVE AS THE ONLY WAY OF FUN BUT A MATURED MAN WITH NICE VISION OF WHAT THE WORLD IS ALL ABOUT SO PLEASE REPLY ME WITH THIS BOX IF YOU ARE INTERESTED IN ME. Anyone want a woman who yells all the time? Don't they all yell now? :) -- Jason Pruim Raoset Inc. Technology Manager MQC Specialist 3251 132nd ave Holland, MI, 49424-9337 www.raoset.com [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about user management...
On Mon, Mar 10, 2008 at 4:07 PM, tedd [EMAIL PROTECTED] wrote:
At 3:14 PM -0400 3/10/08, Daniel Brown wrote:
The superuser (AKA root, administrator, God, whatever) has GID 0,
just like on a *NIX system. This is because it's the highest level
you can reach, and 0 is the lowest real number you can use. Thus, you
can add a virtually-infinite number of lesser users, as opposed to
being limited to 50, as in your case.
Yeah, but then if you try to add a super-superuser you have to go negative.
:-)
[snip!]
In actuality, there would be no such thing. However, for
posterity, negatives will work. So long as:
? if($_SESSION['userlevel'] $group_level) { ?
evaluates to true. ;-P
PS: Oh, I just received the following email and thought I would pass it on:
HELLO,
MY NAME IS AGNES IN SEARCH OF A MAN WHO UNDERSTANDS THE MEANING OF
LOVE AS TRUST AND FAITH IN EACH OTHER RATHER THAN ONE WHO SEES LOVE
AS THE ONLY WAY OF FUN BUT A MATURED MAN WITH NICE VISION OF WHAT
THE WORLD IS ALL ABOUT SO PLEASE REPLY ME WITH THIS BOX IF YOU ARE
INTERESTED IN ME.
Anyone want a woman who yells all the time?
I don't think I could handle two. So if AGNES won't beat me
nightly with a sack of oranges (because it doesn't leave bruises, but
it gets the point across), Debs is going to come home and find her
stuff in a box.
--
/Dan
Daniel P. Brown
Senior Unix Geek
? while(1) { $me = $mind--; sleep(86400); } ?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about user management...
At 4:13 PM -0400 3/10/08, Jason Pruim wrote: On Mar 10, 2008, at 4:07 PM, tedd wrote: define(ADMIN, md5(uniqid(rand(), true));); define(GENERAL_USER, md5(uniqid(rand(), true));); define(LEVEL_ONE_USER, md5(uniqid(rand(), true));); define(LEVEL_TWO_USER, md5(uniqid(rand(), true));); define(WHATEVER_USER, md5(uniqid(rand(), true));); with the chance to bring up an old thread about the universe not being random and everything being relational and all that... Any idea what the chances are that this would ever reproduce the same number? Or with the uniqid() portion will that check the other values? I think the chances are very remote. You probably have a better chance of winning the lottery ten times in a row. On the other hand, if you assign the number yourself, your chances of making a mistake is far greater. But, now that I think about it -- you don't need a number at all, you could use: define(WHATEVER_USER,WHATEVER_USER); The value portion in the define statement can be a string -- so cut to the chase and make it as difficult on yourself as you want. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about user management...
On Mon, Mar 10, 2008 at 4:07 PM, tedd [EMAIL PROTECTED] wrote: At 3:14 PM -0400 3/10/08, Daniel Brown wrote: On Mon, Mar 10, 2008 at 3:08 PM, Jason Pruim [EMAIL PROTECTED] wrote: What I was thinking about doing was a combination of the company name (Which I set right now) and then a access level such as 50 for the Owner of the program, 40 for the Managers and 30 for the user of the program. also leaving me room to add other levels if required.. I generally do the same basic thing for permission levels, but a reverse of what you're attempting to do. The superuser (AKA root, administrator, God, whatever) has GID 0, just like on a *NIX system. This is because it's the highest level you can reach, and 0 is the lowest real number you can use. Thus, you can add a virtually-infinite number of lesser users, as opposed to being limited to 50, as in your case. Yeah, but then if you try to add a super-superuser you have to go negative. :-) Why not just define the users with define CONSTANT statement and use that? Then the different types of users can be anything you want and you can change the value easily if there's a problem. Really, all the value really has to be is unique -- you could use unique() for that, such as: define(ADMIN, md5(uniqid(rand(), true));); define(GENERAL_USER, md5(uniqid(rand(), true));); define(LEVEL_ONE__USER, md5(uniqid(rand(), true));); define(LEVEL_TWO__USER, md5(uniqid(rand(), true));); define(WHATEVER__USER, md5(uniqid(rand(), true));); and so on. That would work and you'll never have to be concerned about it nor worry about someone guessing it, if that becomes a problem. Am I right? Cheers, tedd PS: Oh, I just received the following email and thought I would pass it on: HELLO, MY NAME IS AGNES IN SEARCH OF A MAN WHO UNDERSTANDS THE MEANING OF LOVE AS TRUST AND FAITH IN EACH OTHER RATHER THAN ONE WHO SEES LOVE AS THE ONLY WAY OF FUN BUT A MATURED MAN WITH NICE VISION OF WHAT THE WORLD IS ALL ABOUT SO PLEASE REPLY ME WITH THIS BOX IF YOU ARE INTERESTED IN ME. Anyone want a woman who yells all the time? -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php I sometimes set stuff up like this: user userId user_permission userId permissionId permission permissionId sort Then the level of said permission is based on the rank sort value. That way if you want to add a super super user, just change that value. But I also map these to constants like you said too. Using all those unique id calls is going to really be slow FWIW. Every permission system is fairly unique in the apps I program though so nothing is really set in stone. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about user management...
On Mon, Mar 10, 2008 at 3:08 PM, Jason Pruim [EMAIL PROTECTED] wrote: Hi Everyone, Happy Monday to all of you! I am trying to think through a user management issue for a application I am working on. What I want to do, is be able to provide a multi user environment (All accessing the same page, but depending on company name they get different data) and be able to give certain people the ability to add/remove users. What I was thinking about doing was a combination of the company name (Which I set right now) and then a access level such as 50 for the Owner of the program, 40 for the Managers and 30 for the user of the program. also leaving me room to add other levels if required.. Although now that I'm typing this out I think I may have thought my way through the problem What about setting up a separate login/password with a different web address so that Owner's can go to an admin section and add/remove users... promote/demote users... And all that fun kind of stuff. Is there any issues that anyone can see with what I'm thinking? Either with my original solution, or my secondary solution? :) -- Jason Pruim Raoset Inc. Technology Manager MQC Specialist 3251 132nd ave Holland, MI, 49424-9337 www.raoset.com [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Read up on ACL's. http://en.wikipedia.org/wiki/Access_control_list http://framework.zend.com/manual/en/zend.acl.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about user management...
Wait, what? You are defining user role ids as MD5 hashes of UUIDs created from random numbers that change on every request? Am I missing something or is this completely insane advice? On Mar 10, 2008, at 1:07 PM, tedd wrote: At 3:14 PM -0400 3/10/08, Daniel Brown wrote: On Mon, Mar 10, 2008 at 3:08 PM, Jason Pruim [EMAIL PROTECTED] wrote: What I was thinking about doing was a combination of the company name (Which I set right now) and then a access level such as 50 for the Owner of the program, 40 for the Managers and 30 for the user of the program. also leaving me room to add other levels if required.. I generally do the same basic thing for permission levels, but a reverse of what you're attempting to do. The superuser (AKA root, administrator, God, whatever) has GID 0, just like on a *NIX system. This is because it's the highest level you can reach, and 0 is the lowest real number you can use. Thus, you can add a virtually-infinite number of lesser users, as opposed to being limited to 50, as in your case. Yeah, but then if you try to add a super-superuser you have to go negative. :-) Why not just define the users with define CONSTANT statement and use that? Then the different types of users can be anything you want and you can change the value easily if there's a problem. Really, all the value really has to be is unique -- you could use unique() for that, such as: define(ADMIN, md5(uniqid(rand(), true));); define(GENERAL_USER, md5(uniqid(rand(), true));); define(LEVEL_ONE__USER, md5(uniqid(rand(), true));); define(LEVEL_TWO__USER, md5(uniqid(rand(), true));); define(WHATEVER__USER, md5(uniqid(rand(), true));); and so on. That would work and you'll never have to be concerned about it nor worry about someone guessing it, if that becomes a problem. Am I right? Cheers, tedd PS: Oh, I just received the following email and thought I would pass it on: HELLO, MY NAME IS AGNES IN SEARCH OF A MAN WHO UNDERSTANDS THE MEANING OF LOVE AS TRUST AND FAITH IN EACH OTHER RATHER THAN ONE WHO SEES LOVE AS THE ONLY WAY OF FUN BUT A MATURED MAN WITH NICE VISION OF WHAT THE WORLD IS ALL ABOUT SO PLEASE REPLY ME WITH THIS BOX IF YOU ARE INTERESTED IN ME. Anyone want a woman who yells all the time? -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
