User Authentication With patUser (part 2) - Slice And Dice
(Page 13 of 13 )
How about one more? Once the user has been registered in the system (perhaps using a script like the one on the previous page), it becomes possible to slice and dice that user information for a variety of different purposes. In this next script, different sections of a single Web page are hidden or displayed on the basis of a user's credentials and group membership.
<?php
// include classes
include("../include/patDbc.php");
include("../include/patUser.php");
include("../include/patTemplate.php");
// initialize database layer
$db = new patMySqlDbc("localhost", "db211", "us111", "secret");
// initialize template engine
$tmpl = new patTemplate();
$tmpl->setBasedir("../templates");
// initialize patUser
$u = new patUser(true);
// connect patUser to database/template engines
$u->setAuthDbc($db);
$u->setTemplate($tmpl);
// set tables
$u->setAuthTable("users");
$u->setGroupTable("groups");
$u->setGroupRelTable("usergroups");
// check authentication
$u->requireAuthentication("displayLogin");
?>
<html>
<head>
<basefont face="Arial">
</head>
<body>
<!-- this section only displayed to authenticated users -->
<hr> You have
been authenticated. Welcome.
<!-- this section only displayed to members of the Operations group -->
<?php
// get GID for Operations group
$data = $u->getGroups(array( "gid" ),
array( array( "field" => "name",
"value" => "Operations",
"match" => "contains" ) ) );
$opsGid = $data[0]['gid'];
// check to see if user is member and display section if so
if ($u->isMemberOfGroup($u->getUid(), $opsGid))
{
?>
<hr>
Latest news from Operations: All systems up and running normally.
<?php
}
// get GID for Administration group
$data = $u->getGroups(array( "gid" ),
array( array( "field" => "name",
"value" => "Administration",
"match" => "contains" ) ) );
$adminGid = $data[0]['gid'];
// check to see if user is member of both Administration and Operations
// and display page if so
if ($u->isMemberOfGroup($u->getUid(), $opsGid) &&
$u->isMemberOfGroup($u->getUid(), $adminGid)) { ?>
<!-- this section only displayed to members of both Operations and
Administrations group --> <hr> <a href="#">Click here to modify system
configuration settings.</a>
<?php
}
?>
</body>
</html>
Most of this should be fairly easy to understand. The page is divided into
three sections, with the first one available to all authenticated users and the remaining two turned on only if the user is a member of the appropriate groups. The isMemberOfGroup() method discussed on the previous page is used to test whether the user belongs to the group or not, while the the getGroups() method is used, this time with additional selection criteria, to obtain the group ID of the various groups involved.
Business logic similar to that above can be used to create Web pages that are sensitive to user credentials and privileges, and that can dynamically change so that only the appropriate information is presented to each user. And with patUser again doing most of the work, adding this business logic to a Web page is a snap.
And that's about it for the moment. This article was a little longer than the previous one, but it also covered a lot more ground. You should now have a better understanding of patUser's concepts of users, groups and group membership, and of the user and group management API available in the patUser library. In this article, I demonstrated most of the important components of this API, showing you how to list, add, edit and modify users and groups, and how to organize users into groups. Finally, I wrapped things up with two examples of how these API calls can be used in real-world situations: a script for administrators to add new users via a Web-based interface, and a Web page that altered its visible content based on the logged-in user's permissions.
In the third (and concluding) article in this series, I will be briefly looking at a number of hard-to-categorize-yet-very-useful methods in the patUser library. These include methods to handle errors, track user movement, collect statistics and identify users and groups using different criteria. Make sure you don't miss that one!
Note: Examples are illustrative only, and are not meant for a production environment. Melonfire provides no warranties or support for the source code described in this article. YMMV!
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
/ 7 
