Using core features of PHPlib
Prev Chapter 2. Quick Start Next

Using core features of PHPlib

Many applications don't use PHPlib's advanced features, but see PHPlib as a convenient way to protect pages or functionality with passwords. This section covers such core functionality usage of PHPlib.

Customizing the login screen

Edit loginform.ihtml in the include directory to suit your needs

Customizing the permission levels

Edit local.inc and change the class Example_Perm to enumerate your permissions. Your users in auth_user must have one or more comma separated permission names from that list. Edit perminvalid.ihtml for a suitable error message.

Creating new users

Use new_user.php3 from the pages/admin directory of the distribution. If you followed the installation instructions, it should be available under the /admin URL of your web server.

To manually create a user, run 

print md5(uniqid("some magic string")
you will get a user id, then do - 
insert into auth_user values ( "that userid", "username", "password", "permissions");

Creating an unprotected session page

Begin that page with 

	<?php page_open(array("sess" => "Example_Session")); ?>
End that page with 
	<?php page_close(); ?>

Creating an protected session page

Begin that page with 

	<?php
  	page_open(
         array("sess" => "Example_Session",
               "auth" => "Example_Auth",
               "perm" => "Example_Perm"));
  	$perm->check("desired protection");
	?>
End that page with 
	<?php page_close(); ?>

Creating protected functionality

Begin that page with 

	<?php
  	page_open(
         array("sess" => "Example_Session",
               "auth" => "Example_Auth",
               "perm" => "Example_Perm"));
	?>
End that page with 
	<?php page_close(); ?>
Enclose the protected functionality in 
    <?php
         if ($perm->have_perm("desired protection")):
    ?>
    
         Put protected HTML or PHP here
         
    <?php
         endif
    ?>

Note: desired protection is any combination of permissions from Example_Perm. Using the default values from Example_Perm, "user", "user,author" or "admin" are all valid sample values. A user can access a page, if that user has all permissions that are being requested in a $perm->check() or $perm->have_perm() call.

Note: Users can have multiple permission in their perms column of auth_user. A user with perms "user,author,editor" can access all pages requesting any combination of these permissions.

Note: If $auth->auth["uid"] is set on a protected page and if (time < auth->auth["exp"]), then and only then the authentication is valid. You may then use $auth->auth["uname"] as the user name, $auth->auth["uid"] as a unique user id and $auth->auth["perm"] for the current permissions of that user. Actually, you never want to touch$auth->auth["perm"] manually, but use $perm->have_perm("...") for that.

Prev Home Next
Quick Guide to Installation Up Testing your install of PHPlib