Difference between revisions of "HyperAdmin"
Jump to navigation
Jump to search
(→Tables) |
|||
Line 5: | Line 5: | ||
==Login Sequence== | ==Login Sequence== | ||
# Get user input (user, pass, possibly extra pass & email) | |||
# If no user given: | ===Major phases=== | ||
# | #check what came in (form/cookies); set flags | ||
# | #inspect the database; set flags | ||
# | #set cookies and show html | ||
# | ===Flow chart=== | ||
# ...else | *'''Phase I''': check what came in | ||
# | *# Get user form input (user, pass, possibly extra pass & email) | ||
## | *# If no user given: | ||
# | *#* set $is_old_user flag | ||
# Open database and inspect "users" table. | *#* check cookies for user/pass combination: | ||
# If no users yet: | *#** If user/pass found in cookies, set $is_old_user flag | ||
## | *#** If no user/pass found in cookies: | ||
# ...else if users found: | *#*** set $do_login_screen flag | ||
( | *#***set login message to "Please log in" | ||
# | *# ...else (user given): | ||
# | *#* If password also given | ||
*#** If 2nd password given: | |||
*#*** If 2 passwords match set $do_create_user flag | |||
*#*** If 2 passwords don't match: | |||
*#**** set $do_login_screen flag | |||
*#**** set login message to "passwords don't match" | |||
*#*** ...else (no 2nd password): | |||
*#**** set $do_login_attempt flag | |||
*'''Phase II''': check database | |||
*# Open database and inspect "users" table. | |||
*# If no users yet: | |||
*#* If $do_create_user: | |||
*#** Add user to database | |||
*#** Give user "god" permissions | |||
*#** Set $login_ok flag | |||
*#* ...else (not $do_create_user): | |||
*#** Set login message to "you are the first user; please create a new account" | |||
*# ...else if users found: | |||
*#* If $do_login_attempt: | |||
*#** Lookup encrypted password for given user | |||
*#** If encryption of new password matches, set $login_ok flag | |||
*#* ...else (not $do_login_attempt): | |||
*#** If $new_pass_valid: | |||
*#*** Create new account | |||
*#*** Set $login_ok flag | |||
*#** ...else (not $new_pass_valid): | |||
*#*** set $do_login_screen flag | |||
*#*** set login message to "invalid user/password" | |||
*'''Phase III''': set cookies and show html | |||
*# if $do_login_screen: | |||
*#* Show login screen and login message | |||
*# ...else if $login_ok | |||
*#* Show control bar, with appropriate applications enabled | |||
Possible bugs: | |||
*Can $do_login_screen and $login_ok both end up false? In this case, nothing would be displayed. | |||
*Can $do_login_screen and $login_ok both end up true? Is the resulting behavior appropriate? | |||
==Tables== | ==Tables== | ||
*"K" indicates Primary Key fields | *"K" indicates Primary Key fields |
Revision as of 16:23, 8 August 2005
This is my attempt to create a general user administration system for use by other web-based applications (mostly mine) which might need one.
Login Sequence
Major phases
- check what came in (form/cookies); set flags
- inspect the database; set flags
- set cookies and show html
Flow chart
- Phase I: check what came in
- Get user form input (user, pass, possibly extra pass & email)
- If no user given:
- set $is_old_user flag
- check cookies for user/pass combination:
- If user/pass found in cookies, set $is_old_user flag
- If no user/pass found in cookies:
- set $do_login_screen flag
- set login message to "Please log in"
- ...else (user given):
- If password also given
- If 2nd password given:
- If 2 passwords match set $do_create_user flag
- If 2 passwords don't match:
- set $do_login_screen flag
- set login message to "passwords don't match"
- ...else (no 2nd password):
- set $do_login_attempt flag
- If 2nd password given:
- If password also given
- Phase II: check database
- Open database and inspect "users" table.
- If no users yet:
- If $do_create_user:
- Add user to database
- Give user "god" permissions
- Set $login_ok flag
- ...else (not $do_create_user):
- Set login message to "you are the first user; please create a new account"
- If $do_create_user:
- ...else if users found:
- If $do_login_attempt:
- Lookup encrypted password for given user
- If encryption of new password matches, set $login_ok flag
- ...else (not $do_login_attempt):
- If $new_pass_valid:
- Create new account
- Set $login_ok flag
- ...else (not $new_pass_valid):
- set $do_login_screen flag
- set login message to "invalid user/password"
- If $new_pass_valid:
- If $do_login_attempt:
- Phase III: set cookies and show html
- if $do_login_screen:
- Show login screen and login message
- ...else if $login_ok
- Show control bar, with appropriate applications enabled
- if $do_login_screen:
Possible bugs:
- Can $do_login_screen and $login_ok both end up false? In this case, nothing would be displayed.
- Can $do_login_screen and $login_ok both end up true? Is the resulting behavior appropriate?
Tables
- "K" indicates Primary Key fields
- "#" indicates autonumbered fields
Main data tables
- users -- users with access to the admin system
#K | ID | int(4) | |
Name | varchar(32) | ||
Pass | text | ||
varchar(128) | email address for password confirmation and such | ||
WhenGood | timestamp | when user last logged in | |
WhenBad | timestamp | when user last attempted to log in but failed (bad password) | |
QtyFails | int(4) | number of failed login attempts since last success |
- groups -- each group has a role to play, and each role requires a particular set of privileges
#K | ID | int(4) | |
Name | varchar(32) | ||
Descr | text | text describing the purpose of this group |
- privs -- particular privileges; meaning is defined in code
#K | ID | int(4) | |
Name | varchar(32) | ||
Descr | text | text describing this permission |
Collection/link tables
- users_x_groups -- users in each group / groups to which each user belongs
K | ID_User | int(4) | users.ID |
K | ID_Group | int(4) | groups.ID |
- groups_x_privs -- privileges each group has / groups having a particular privilege
K | ID_Group | int(4) | groups.ID |
K | ID_Priv | int(4) | privs.ID |
Logging tables
- log -- logs of login attempts as well as what users did while logged in
K# | ID | int(4) | |
ID_User | int(4) | users.ID - which user, if any (NULL = unknown user) | |
ID_Session | int(4) | sessions.ID - more information in case user is unknown | |
When | timestamp | when this action was taken | |
Seq | int(4) | Order in which actions were executed, if done at the same time | |
Descr | text | description of action taken (should be very specific) |