Jump to content
XCOMUFO & Xenocide

Task #251 - Authentification Framework


Mad

Recommended Posts

This task is waiting for an assignee. Description is given in the BUGS. Please contact me for further details or post in this thread. Any progress related to this is going in here. Edited by Mad
Link to comment
Share on other sites

  • 8 months later...

I think I can easily (*ahem*, moderately :P) implement this from scratch (with the use of tutorials of course :rolleyes:), but I need some info+advice first (I'll also post my ideas here, will try to add more later):

 

1) There are 2 possible ways (for now, for me at least) to implement a user authentication script:

a] Something similar to the following:

Micro Login System is a simple PHP based user login system which stores user registration information in a flat file instead of MySQL database.

b] Simply implement a MySQL database. The problem here is that... *ahem*... I don't know MySQL at all :P (well, I get the following joke ^.^

SELECT * FROM users WHERE clue > 0

0 rows returned

but that's it more or less :-$)

 

Just give me some time and I'll learn that's not a problem, the only problem is time :(

2) User rights... That's what I have in mind:

0 - Banned

1 - Recruit

2 - Full member

3 - Senior

0 - Banned

1 - Read

2 - Write

3 - Edit

4 - Delete

This system will be used in order to provide its members functionality according to their status. Both the "Group" and the "Rights" tables can be used that way. For example, if we have a special members area, Recruits and members may only be able to read and only Seniors will make changes. And, for the news, recruits will be able to read, members will be able to read (d'oh), write new entries and edit theirs (possibly change others'), but won't be able to delete others' (or even theirs). Seniors will be able to do whatever they want with any entry ;)

 

The above paragraph is just an example, let's talk about what fits best to our needs

 

3) Damn, I'm sure I had a #3 comment, but I already forgot -.- X_x. Will probably add it later :)

Edit: Already remembered :P. Well, will we have a "registration form", or will we manually change the database? That is, will someone be able to "apply" via the mainpage (for CMS/Member access that is, I'm not referring to a recruitment form) or will someone (a senior/admin I guess) add him manually in the database (or file, that depends on the implementation method chosen)?

 

 

Cheers, με εκτίμηση (πάντα :P)

Basil

Edited by kafros
Link to comment
Share on other sites

We should have another tag for change news/gallery. Though we at the moment can allow every member to add news, we might want to change this later or may want to even give certain recruits rights to change these.

I would be all for the MySQL system due to the higher flexibility. :) sorry pal - but you'll make big money one day with your new SQL skills. :)

Registration form would be great. So people can apply and every Senior (even me ;) ) is able to add people easily.

Rest of your ideas sounds great! :)

Link to comment
Share on other sites

sorry pal - but you'll make big money one day with your new SQL skills. :)
Businesses want (almost exclusively) .Net these days, d'oh -.-'

 

Anyway, more is better ;) :)

 

Thanks for the info/ideas, I'll make a simple design document to keep track of the ideas

Link to comment
Share on other sites

Guest Azrael
sorry pal - but you'll make big money one day with your new SQL skills. :)
Businesses want (almost exclusively) .Net these days, d'oh -.-'

 

Anyway, more is better ;) :)

 

Thanks for the info/ideas, I'll make a simple design document to keep track of the ideas

MySQL is easy, if you have trouble with it, just post here and I'll help if I can :)

Link to comment
Share on other sites

MySQL is easy, same as most of the other SQL based Database (most of the relational ones ;) ). However, even if I do agree that .Net is the base of today business. You can use it with MySQL, SQL Server or any other relational database just in the same way ;). So unless you move to something along the lines of db4o (Objects database that people say it is lighting fast, but business do not trust yet) your SQL skills will be very useful :), so it is worth to learn them.

 

Greetings

Red Knight

Link to comment
Share on other sites

We should have another tag for change news/gallery. Though we at the moment can allow every member to add news, we might want to change this later or may want to even give certain recruits rights to change these.
Something that I probably forgot to mention... My idea for the gallery script implementation is that "the script" will be altered for each gallery page. Each page will be "connected" to a folder. That is, the >'s script will look into the weapons folder, get the pictures, make their thumbnails and add them in the gallery page. That way, in order to add pictures, you just have to add them in their according folder.

 

If you don't like this implementation, then I'll have to think of something else (which will probably need the "news/galleries/both" tag)

 

 

P.S. Thanks for the advice RK :)

Edited by kafros
Link to comment
Share on other sites

Guest Azrael
We should have another tag for change news/gallery. Though we at the moment can allow every member to add news, we might want to change this later or may want to even give certain recruits rights to change these.
Something that I probably forgot to mention... My idea for the gallery script implementation is that "the script" will be altered for each gallery page. Each page will be "connected" to a folder. That is, the <>'s script will look into the weapons folder, get the pictures, make their thumbnails and add them in the gallery page. That way, in order to add pictures, you just have to add them in their according folder.

 

If you don't like this implementation, then I'll have to think of something else (which will probably need the "news/galleries/both" tag)

 

 

P.S. Thanks for the advice RK :)

Is that doable? how can you code that with PHP? The best way I know is to add the filenames into a database so the script will get all the data from the table and exhibit the images. How can you look into folders and show the files there?

Link to comment
Share on other sites

Is that doable? how can you code that with PHP? The best way I know is to add the filenames into a database so the script will get all the data from the table and exhibit the images. How can you look into folders and show the files there?
http://gr2.php.net/manual/en/function.scandir.php ^_^ (also look at the comments, they've posted some wonderful examples :))

 

Actually, it would be nice to have a "gallery admin"-like feature, so that you can change the gallery folders and add files via the site (that way the tag Mad proposed would be of some use), but right now with... everything to be done, this is just overwhelming, spare me plz :P

 

So, I guess I'll first get a member authentication system/database done, then I'll make a gallery script, then I'll see what can be done with the CMS and last the member's section. (That's the overall plan, I can't give you a deadline, I'll do my best, but I guess I'll have a user authentication system in 2 weeks, if things at Uni don't get worse than heck of course <_>

Edited by kafros
Link to comment
Share on other sites

Something that I probably forgot to mention... My idea for the gallery script implementation is that "the script" will be altered for each gallery page. Each page will be "connected" to a folder. That is, the >'s script will look into the weapons folder, get the pictures, make their thumbnails and add them in the gallery page. That way, in order to add pictures, you just have to add them in their according folder.
sounds good. One thing though: Could you make it that way that the CMS automatically reduces the pictures to something around 800x600 and creates thumbnails as well? Because that is actually the main work in adding pictures to the gallery. So if one just had to copy pictures... :)
Link to comment
Share on other sites

One thing though: Could you make it that way that the CMS automatically reduces the pictures to something around 800x600 and creates thumbnails as well? Because that is actually the main work in adding pictures to the gallery. So if one just had to copy pictures... :)
Concerning the thumbnails, no problem. Concerning the first part, "automatically reduces", I guess you mean that if the picture is >800x600 it should be automatically resized to 800x600, otherwise (if

 

I'm not sure right now how it can be done, but I'm 80% sure it's possible. If it can't be done, you'll just put a bigger picture and it'll be resized/displayed to 800x600, works well either way (personally I prefer the second way, although I'll first try to implement #1)

 

Cheers

Link to comment
Share on other sites

Concerning the thumbnails, no problem. Concerning the first part, "automatically reduces", I guess you mean that if the picture is >800x600 it should be automatically resized to 800x600, otherwise (if

 

I'm not sure right now how it can be done, but I'm 80% sure it's possible. If it can't be done, you'll just put a bigger picture and it'll be resized/displayed to 800x600, works well either way (personally I prefer the second way, although I'll first try to implement #1)

Problem with the second way is that it normally doesn't look as nice as the first way. And one important thing: the resolution should be around 800x600. What do I want to say? The algorithm has to check which way the picture is and has to preserve the aspect ratio. And yes, if it's below 800x600 leave it be. :)

Link to comment
Share on other sites

  • 5 months later...

Mad, whenever you have some time, check this improved contact page. It includes the correct download link and a tough captcha (only valid for 1 session, going back and re-sending it doesn't work :D). I've checked it on my computer and it works fine, the only problem I can see is that it always throws me a warning when I use the session_start() function but I'm 99.9% sure that it's a problem with my configuration.

The important thing is, it works fine :P, so please tell me if it also works on the server, thanks!!

 

Just put all 3 files together

 

Edit: Btw, please open the contact formular thread, we may need it in the future (i.e. we needed it now ;))

 

Edit #2: After a bit of google-ing: IF a warning message shows up online, then add this line

 

<?php error_reporting(0); ?>

 

in the beginning of the file, and it hides all warnings (checked it and works). Warnings shouldn't exist anyway, but at least they won't spoil the look of the page

 

LAST EDIT: Ok I made some more corrections/improvements to the script and in addition made the code more beautiful :P. Enjoy

Edited by kafros
Link to comment
Share on other sites

  • 4 weeks later...
  • 5 weeks later...
Who made the database structure? because I'm giving it a more decent look and some tables and some rows don't seem to serve any purpose.

Someone from outside named "Gunnerwolf". He programmed in two evenings what you are looking at now. So it guess it's not too surprising that some things are not too tidy... ;)

 

Edit: But I guess a lot of these seemingly purposeless tables were intended for later use. We talked a lot about the features we wanted to have in this CMS, and so I guess he prepared everything database wise and just didn't have the time to complete the frontend.

Edited by Mad
Link to comment
Share on other sites

Guest Azrael Strife
Who made the database structure? because I'm giving it a more decent look and some tables and some rows don't seem to serve any purpose.

Someone from outside named "Gunnerwolf". He programmed in two evenings what you are looking at now. So it guess it's not too surprising that some things are not too tidy... ;)

 

Edit: But I guess a lot of these seemingly purposeless tables were intended for later use. We talked a lot about the features we wanted to have in this CMS, and so I guess he prepared everything database wise and just didn't have the time to complete the frontend.

There are some stuff I cannot think a reason for its existance, like a "special users" table and the "edit 1, edit 2, edit 3, edit 4" columns in the news table. Many of these things are irrelevant, should I completely remove them or want me to leave them there?

Link to comment
Share on other sites

Who made the database structure? because I'm giving it a more decent look and some tables and some rows don't seem to serve any purpose.

Someone from outside named "Gunnerwolf". He programmed in two evenings what you are looking at now. So it guess it's not too surprising that some things are not too tidy... ;)

 

Edit: But I guess a lot of these seemingly purposeless tables were intended for later use. We talked a lot about the features we wanted to have in this CMS, and so I guess he prepared everything database wise and just didn't have the time to complete the frontend.

There are some stuff I cannot think a reason for its existance, like a "special users" table and the "edit 1, edit 2, edit 3, edit 4" columns in the news table. Many of these things are irrelevant, should I completely remove them or want me to leave them there?

special users probably is his implementation of a superuser, and the edits are his implementation of groups for users who should be able to edit x or y. You can dump all of this if you don't think it's necessary.

Link to comment
Share on other sites

Indeed special users was supposed to do exactly that, give specific rights to users who aren't members of the project and couldn't be included in the other categories;

 

Concerning the edits, I guess they would show up on the end of each post... So you can't "damage" the original post and everyone can easily check your changes.

 

Actually we could just remove those two and just improve the permissions system

Edited by kafros
Link to comment
Share on other sites

Guest Azrael Strife

It can easily be created a group "superuser" that has above normal permissions, I don't see how this "superuser" would differ from an Admin from a permissions perspective.

And the edits part is just pointless, there isn't any important information in saving edits, we all assume if a member is editing news it's because of a solid reason, we all trust each other, and you can't guarantee there will be below 4 edits, if we want to keep edits we need a separate table for them, not columns.

 

edit: actually, an admin would have normal permissions PLUS adding members, right? are there other special permissions for an admin? there isn't really much to do in the CMS beyond adding news/downloads/images and validating members, and we all know only one or two people are going to do all of those.

Edited by Azrael Strife
Link to comment
Share on other sites

It can easily be created a group "superuser" that has above normal permissions, I don't see how this "superuser" would differ from an Admin from a permissions perspective.

And the edits part is just pointless, there isn't any important information in saving edits, we all assume if a member is editing news it's because of a solid reason, we all trust each other, and you can't guarantee there will be below 4 edits, if we want to keep edits we need a separate table for them, not columns.

 

edit: actually, an admin would have normal permissions PLUS adding members, right? are there other special permissions for an admin? there isn't really much to do in the CMS beyond adding news/downloads/images and validating members, and we all know only one or two people are going to do all of those.

Maybe modifying header and footers and adding completely new sites.

Link to comment
Share on other sites

Guest Azrael Strife
It can easily be created a group "superuser" that has above normal permissions, I don't see how this "superuser" would differ from an Admin from a permissions perspective.

And the edits part is just pointless, there isn't any important information in saving edits, we all assume if a member is editing news it's because of a solid reason, we all trust each other, and you can't guarantee there will be below 4 edits, if we want to keep edits we need a separate table for them, not columns.

 

edit: actually, an admin would have normal permissions PLUS adding members, right? are there other special permissions for an admin? there isn't really much to do in the CMS beyond adding news/downloads/images and validating members, and we all know only one or two people are going to do all of those.

Maybe modifying header and footers and adding completely new sites.

Again, that does not fall in the responsibilites of the CMS and thus is not needed. Also, an admin can go grab the php files and modify them himself as he has full access to basically everything.

Link to comment
Share on other sites

Again, that does not fall in the responsibilites of the CMS and thus is not needed. Also, an admin can go grab the php files and modify them himself as he has full access to basically everything.

Does an admin have complete access? And does that make sense? When I am talking about header and footer I mean the header and footer visible on the Xenocide Webpage. I am not talking about something only visible in the html code. And I think modifying this

<div id="news-archive">
	<a href="newsarchive.html">news archive...</a></div>
</div>

<div id="footer">

  <div id="footer-left"><span>1</span></div>
  <div id="footer-body">© 2005 Project Xenocide</div>
  <div id="footer-right"><span>1</span></div>

would make a lot of sense.

Link to comment
Share on other sites

Guest Azrael Strife
Again, that does not fall in the responsibilites of the CMS and thus is not needed. Also, an admin can go grab the php files and modify them himself as he has full access to basically everything.

Does an admin have complete access? And does that make sense? When I am talking about header and footer I mean the header and footer visible on the Xenocide Webpage. I am not talking about something only visible in the html code. And I think modifying this

<div id="news-archive">
	<a href="newsarchive.html">news archive...</a></div>
</div>

<div id="footer">

  <div id="footer-left"><span>1</span></div>
  <div id="footer-body">© 2005 Project Xenocide</div>
  <div id="footer-right"><span>1</span></div>

would make a lot of sense.

I'm still not sure why you feel that is responsiblity of the CMS, changing the layout of the page does not fall in the responsibilities of the CMS. And yes, it does make sense, and admin is someone who usually has full access to the server.

 

Also, why do you think it is necessary to change the newsarchive link and footer other than, maybe once a year? and even so, I still don't see why should our (or any other) CMS do that

Link to comment
Share on other sites

Az, if it's too much work, just say so. I would've deemed it to be a nice feature, especially in the light of the missing links in the gallery footer, and yes, I feel that it is the role of a CMS coded for one single "customer" (Project Xenocide) to do everything this "customer" thinks might be needed, and modifying the complete site without ftp access and writing a word of html code would be the perfect CMS for a group where the CTD guys have to take care of the website. Not that not everyone of us is capable of "coding" in html but I guess noone will cry if he doesn't have to do it on a regular basis. But anywho, it's not so important. I definetly won't start a discussion about this.

 

Edit: Since every Senior will be an Admin, I wondered if it would really be a good idea to automatically give rights that they'll never need to such a relatively big group of people. Normally you want to keep permissions as liberal as needed but as restrictive as possible.

Edited by Mad
Link to comment
Share on other sites

So you propose to have a page where you can change the source of these files? Wouldn't it be more practical to have an "admin-upload" feature where the admins will be able to upload the files and replace existing ones?

 

I have to agree with Azrael though, a TYPICAL Content Management System isn't supposed to have such features. Of course it's our in-hourse CMS so we can add anything we want, BUT don't you think that's one of the lowest-priority tasks? I think it would be better to finish the gallery/download/permission parts first ;)

 

Actually that's why I proposed the online discussion about the CMS. So let's keep it in the Identity threads, it'll be easier for everyone.

 

I'll provide ASAP a draft of the needed tasks and their priorities (which I think are more rational actually ;)), so we'll be able to work on it and check what we need and what needs to be implemented first, what do you think?

 

Edit: Concerning your edit, I though that the only people with "Admin" permission would be Micah, MSM and RK. Seniors would have most (if not all) of these rights

Edited by kafros
Link to comment
Share on other sites

I never said it is high priority. I just said it would be nice to some day have those features. Actually I didn't say any of this as a feature list, but just as a roughly formulated idea why it might be a good idea to have a superuser. But anyway, it's not important if we implement the rights management the way I proposed, since in this case permissions can easily be managed on a per-user basis.

And you both are right: The typical task of any, and most important feature of our CMS is to allow not posting news and pictures for the admins who anyway would have access to the ftp server, but provide writing access to the webpage for the regular members. So let's this keep as a top priority. But again: I never said we should switch priorities.

Link to comment
Share on other sites

Guest Azrael Strife
Az, if it's too much work, just say so. I would've deemed it to be a nice feature, especially in the light of the missing links in the gallery footer, and yes, I feel that it is the role of a CMS coded for one single "customer" (Project Xenocide) to do everything this "customer" thinks might be needed, and modifying the complete site without ftp access and writing a word of html code would be the perfect CMS for a group where the CTD guys have to take care of the website. Not that not everyone of us is capable of "coding" in html but I guess noone will cry if he doesn't have to do it on a regular basis. But anywho, it's not so important. I definetly won't start a discussion about this.

 

Edit: Since every Senior will be an Admin, I wondered if it would really be a good idea to automatically give rights that they'll never need to such a relatively big group of people. Normally you want to keep permissions as liberal as needed but as restrictive as possible.

You're confusing disagreement with lack of will to work, that is not a good thing.

Modifying the footer to update the year and copyright requires no knowledge in HTML whatsoever, also you should already know that the average CTD member will not do it, and the header, I don't see why you'd want that to be changed.

 

I'll try to do it, later than sooner, as I don't really expect that sort of thing to see any use ever.

Edited by Azrael Strife
Link to comment
Share on other sites

Az, if it's too much work, just say so. I would've deemed it to be a nice feature, especially in the light of the missing links in the gallery footer, and yes, I feel that it is the role of a CMS coded for one single "customer" (Project Xenocide) to do everything this "customer" thinks might be needed, and modifying the complete site without ftp access and writing a word of html code would be the perfect CMS for a group where the CTD guys have to take care of the website. Not that not everyone of us is capable of "coding" in html but I guess noone will cry if he doesn't have to do it on a regular basis. But anywho, it's not so important. I definetly won't start a discussion about this.

 

Edit: Since every Senior will be an Admin, I wondered if it would really be a good idea to automatically give rights that they'll never need to such a relatively big group of people. Normally you want to keep permissions as liberal as needed but as restrictive as possible.

You're confusing disagreement with lack of will to work, that is not a good thing.

Modifying the footer to update the year and copyright requires no knowledge in HTML whatsoever, also you should already know that the average CTD member will not do it, and the header, I don't see why you'd want that to be changed.

 

I'll try to do it, later than sooner, as I don't really expect that sort of thing to see any use ever.

I didn't say you are not willing to do it, I was saying, if the result does not justify the amount of work needed, don't do it. And I already said, it might not be necessary. Plus I said, this was not a feature request, this was a brainstorming to explain the need of a superuser concept.

Plus I was trying to say, it is always good to be prepared for everything if the amount of work needed to be prepared is not outrageous.

 

edit: but don't get me wrong. I agree with you that it probably will be a very seldomly used feature, and thus is the least important of all, if not totally unnecessary.

Edited by Mad
Link to comment
Share on other sites

Remember that seniors have FTP access, so changed to the template can be done anyway... Focus only on high visibility tasks; moreover programming resources are limited, so dont waste time with small nuisances that can be fixed anyway with FTP access from someone that knows the system.

 

Greetings

Red Knight

Link to comment
Share on other sites

×
×
  • Create New...