Jump to content


Photo

Restricted Access, Per member submitted forms


  • Please log in to reply
5 replies to this topic

#1 Akinraze

Akinraze
  • New Members
  • Pip
  • Newbie
  • 7 posts

Posted 29 May 2005 - 12:41 AM

Hello all, 1st time poster here and newbie all around.

I am in the midst of making a dynamic php site for World of Warcraft, i have most of the forms to enter data into the database made and am starting to think about the security for the members data.

I want to be able to let a member come back to the site to check more checkboxes when they need to, but only let the meber who submitted that form be able to edit it.

The site is up for testing at www.google.com

security to access submission pages is not setup yet, as I was waiting to do the above mentioned method, so if you notice there are not sufficient mesures in place, thats why.

If you go there to test, after registering, do not try submitting to Leatherworking or Tailoring, those 2 are not uploaded yet.

To view the data after submitting, go to the home button (top left) then select View database, then the profession you submitted to.

all that should be enought for you to get an idea of how I want and need the secuirty features setup.

So if anyone could point me the right direction, i would be greatful, as i don't "think" that the default restrictions in DW:MX 2k4 is enough to do this...?!?!

Thanks
Akinraze

#2 tgavin

tgavin
  • Members
  • PipPipPip
  • Advanced Member
  • 176 posts
  • LocationNaples, FL

Posted 02 June 2005 - 04:08 AM

Try this membership tutorial

just let them login with username and password and set their access level using an authentication field in the db. That way you can have different levels of access if you need it.

In your pages, you could do if/else statements to display the form information.

[!--PHP-Head--][div class=\'phptop\']PHP[/div][div class=\'phpmain\'][!--PHP-EHead--][span style=\"color:#0000BB\"]<?php
$user_accesslevel [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#0000BB\"]$row[/span][span style=\"color:#007700\"][[/span][span style=\"color:#DD0000\"]\'accesslevel\'[/span][span style=\"color:#007700\"]];

if([/span][span style=\"color:#0000BB\"]$user_accesslevel[/span][span style=\"color:#007700\"]==[/span][span style=\"color:#DD0000\"]\"1\"[/span][span style=\"color:#007700\"]) {
[/span][span style=\"color:#FF8000\"]// display basic form
[/span][span style=\"color:#007700\"]}

if([/span][span style=\"color:#0000BB\"]$user_accesslevel[/span][span style=\"color:#007700\"]==[/span][span style=\"color:#DD0000\"]\"2\"[/span][span style=\"color:#007700\"]) {
[/span][span style=\"color:#FF8000\"]// display intermediate form
[/span][span style=\"color:#007700\"]} [/span][span style=\"color:#0000BB\"]?>[/span]
[/span][!--PHP-Foot--][/div][!--PHP-EFoot--]
A noble spirit embiggens the smallest man.
- Jebediah Springfield

#3 Akinraze

Akinraze
  • New Members
  • Pip
  • Newbie
  • 7 posts

Posted 06 June 2005 - 03:02 AM

Would there be any possibility to make a script that would call the access level if it was automatically generated, then grant access per that level?

I am looking to completely automate the site, no intervention after site completion other than maintainance.

See, I would have went this route with Dreamweavers built in restrictions, but I would have to enter in a level for every member, then set the access for every page the member may access, and if the site ends up getting thousands of members, this would end up becoming a full time job if i went this way.

What I am trying to say is, I wouldn't want to set the ability in every members hands to edit every other members submissions based on a two level access restriction.

Thanks


[!--PHP-Head--][div class=\'phptop\']PHP[/div][div class=\'phpmain\'][!--PHP-EHead--][span style=\\\"color:#0000BB\\\"]<?php
$user_accesslevel [/span][span style=\\\"color:#007700\\\"]= [/span][span style=\\\"color:#0000BB\\\"]$row[/span][span style=\\\"color:#007700\\\"][[/span][span style=\\\"color:#DD0000\\\"]\'accesslevel\'[/span][span style=\\\"color:#007700\\\"]];

if([/span][span style=\\\"color:#0000BB\\\"]$user_accesslevel[/span][span style=\\\"color:#007700\\\"]==[/span][span style=\\\"color:#DD0000\\\"]\\\"1\\\"[/span][span style=\\\"color:#007700\\\"]) {
[/span][span style=\\\"color:#FF8000\\\"]// display basic form
[/span][span style=\\\"color:#007700\\\"]}

if([/span][span style=\\\"color:#0000BB\\\"]$user_accesslevel[/span][span style=\\\"color:#007700\\\"]==[/span][span style=\\\"color:#DD0000\\\"]\\\"2\\\"[/span][span style=\\\"color:#007700\\\"]) {
[/span][span style=\\\"color:#FF8000\\\"]// display intermediate form
[/span][span style=\\\"color:#007700\\\"]} [/span][span style=\\\"color:#0000BB\\\"]?>[/span]
[/span][!--PHP-Foot--][/div][!--PHP-EFoot--]

View Post



#4 tgavin

tgavin
  • Members
  • PipPipPip
  • Advanced Member
  • 176 posts
  • LocationNaples, FL

Posted 07 June 2005 - 02:53 AM

Would there be any possibility to make a script that would call the access level if it was automatically generated, then grant access per that level?

Sure, you can have that automated, but how are you going to determine what each user's access level should be? With a questionnaire? A birth date? If they're male or female?

The first step is determining on how you are granting access. Automating that will probably invite fraud as people discover a vunerability and then share it.

What I am trying to say is, I wouldn't want to set the ability in every members hands to edit every other members submissions based on a two level access restriction.

Why not use usernames and passwords? That way everybody sees the same page templates, but the data is only visible to them.

look at tutorials on membership systems
A noble spirit embiggens the smallest man.
- Jebediah Springfield

#5 Akinraze

Akinraze
  • New Members
  • Pip
  • Newbie
  • 7 posts

Posted 07 June 2005 - 04:59 AM

lost

#6 Akinraze

Akinraze
  • New Members
  • Pip
  • Newbie
  • 7 posts

Posted 25 June 2005 - 04:59 AM

lost




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users