Difference between revisions of "HyperAdmin"
Jump to navigation
Jump to search
m (→Activity tables: "log" -> "events"; added "events.Type" field) |
m (→Activity tables: rules) |
||
| Line 140: | Line 140: | ||
|K#||'''ID''' || int(4) | |K#||'''ID''' || int(4) | ||
|- | |- | ||
|||'''Cookie''' || text || session-ID cookie (at least 32 bits of random data) | |||'''Cookie''' || text || session-ID cookie (at least <s>32</s> 128 bits of random data) | ||
|- | |||
|||'''User''' || int(4) || users.ID of authenticated user (logged in with password); NULL = no user, or not authenticated | |||
|- | |- | ||
|||'''Remote_Client''' || text || browser user_agent string | |||'''Remote_Client''' || text || browser user_agent string | ||
| Line 148: | Line 150: | ||
|||'''Remote_Addr''' || int(4) || remote host IP address | |||'''Remote_Addr''' || int(4) || remote host IP address | ||
|- | |- | ||
|||'''Remote_Key''' || text || remote address or host domain plus user_agent - for quick | |||'''Remote_Key''' || text || remote address or host domain plus user_agent - for quick search of userless sessions | ||
|- | |- | ||
|||'''WhenStarted''' || timestamp || when session was started | |||'''WhenStarted''' || timestamp || when session was started | ||
| Line 156: | Line 158: | ||
|||'''WhenExpires''' || timestamp || when this session will expire; NULL=never (see [[HyperAdmin Session]]s) | |||'''WhenExpires''' || timestamp || when this session will expire; NULL=never (see [[HyperAdmin Session]]s) | ||
|- | |- | ||
|||''' | |||'''WhenExpired''' || timestamp || when this session was actually expired (see Rules below) | ||
|} | |} | ||
'''Rules''': | |||
*if same user connects with new session, any existing sessions are automatically deactivated | |||
*sessions.WhenExpired can be NULL even after WhenExpires ''if'' session is never accessed after WhenExpires and same user does not ever reconnect | |||
*'''events''' -- logs of login attempts as well as what users did while logged in | *'''events''' -- logs of login attempts as well as what users did while logged in | ||
Revision as of 21:10, 15 August 2005
This is my attempt to create a general user administration system for use by other web-based applications (mostly mine) which might need one.
Login Sequence
Major phases
- check what came in (form/cookies); set flags
- inspect the database; set flags
- set cookies and show html
Flow chart
- Phase I: check what came in
- Get user form input (user, pass, possibly extra pass & email)
- If no user given:
- check cookies for session key
- If session key found in cookies:
- If session is active and valid:
- Set $login_ok flag
- ...else (session invalid or expired):
- Set login message to "invalid or expired session; please log in"
- Set $do_login_screen flag
- If session is active and valid:
- If no session key found in cookies:
- set $do_login_screen flag
- set login message to "Please log in"
- If session key found in cookies:
- check cookies for session key
- ...else (user given):
- If password also given
- If 2nd password given:
- If 2 passwords match set $do_create_user flag
- If 2 passwords don't match:
- set $do_login_screen flag
- set login message to "passwords don't match"
- ...else (no 2nd password):
- set $do_login_attempt flag
- If 2nd password given:
- If password also given
- Phase II: check database
- Open database and inspect "users" table.
- If no users yet:
- If $do_create_user:
- Add user to database
- Give user "god" permissions
- Set $login_ok flag
- ...else (not $do_create_user):
- Set login message to "you are the first user; please create a new account"
- If $do_create_user:
- ...else if users found:
- If user matches existing username, set $do_login_attempt flag
- If $do_login_attempt:
- Lookup encrypted password for given user
- If encryption of new password matches
- set $login_ok flag
- if previous login was successful (check timestamps), set login attempts to zero
- ...else (password mismatch):
- increment login attempts for this user
- set login message to "invalid user/password"
- if $is_revisit, log a HACK WARNING
- ...else (not $do_login_attempt):
- If $new_pass_valid:
- Create new account
- Set $login_ok flag
- ...else (not $new_pass_valid):
- set $do_login_screen flag
- If $new_pass_valid:
- Phase III: set cookies and show html
- if $do_login_screen:
- Show login screen, login message, and # of login attempts for this user
- ...else if $login_ok
- Set user/pass cookie
- Show control bar, with appropriate applications enabled and user info:
- Time of last successful login
- Time of last unsuccessful login
- Number of failed login attempts
- if $do_login_screen:
Possible security holes:
- Can $do_login_screen and $login_ok both end up false? In this case, nothing would be displayed.
- Can $do_login_screen and $login_ok both end up true? Is the resulting behavior appropriate?
Notes
"Session key" could be dumbed down to just username+password sent in a single parameter, if proper sessions were not otherwise needed for a site, though sessions do provide better security even if they aren't used for anything else.
Tables
- "K" indicates Primary Key fields
- "#" indicates autonumbered fields
Main data tables
- users -- users with access to the admin system
| #K | ID | int(4) | |
| Name | varchar(32) | ||
| Pass | text | ||
| varchar(128) | email address for password confirmation and such | ||
| WhenGood | timestamp | when user last logged in | |
| WhenBad | timestamp | when user last attempted to log in but failed (bad password) | |
| QtyFails | int(4) | number of failed login attempts since last success |
- groups -- each group has a role to play, and each role requires a particular set of privileges
| #K | ID | int(4) | |
| Name | varchar(32) | ||
| Descr | text | text describing the purpose of this group |
- privs -- particular privileges; meaning is defined in code
| #K | ID | int(4) | |
| Name | varchar(32) | ||
| Descr | text | text describing this permission |
Collection/link tables
- users_x_groups -- users in each group / groups to which each user belongs
| K | ID_User | int(4) | users.ID |
| K | ID_Group | int(4) | groups.ID |
- groups_x_privs -- privileges each group has / groups having a particular privilege
| K | ID_Group | int(4) | groups.ID |
| K | ID_Priv | int(4) | privs.ID |
Activity tables
- sessions -- shopping sessions
| K# | ID | int(4) | |
| Cookie | text | session-ID cookie (at least | |
| User | int(4) | users.ID of authenticated user (logged in with password); NULL = no user, or not authenticated | |
| Remote_Client | text | browser user_agent string | |
| Remote_Host | text | remote host domain info (reverse lookup), if any | |
| Remote_Addr | int(4) | remote host IP address | |
| Remote_Key | text | remote address or host domain plus user_agent - for quick search of userless sessions | |
| WhenStarted | timestamp | when session was started | |
| WhenLastAct | timestamp | timestamp of last activity on this session | |
| WhenExpires | timestamp | when this session will expire; NULL=never (see HyperAdmin Sessions) | |
| WhenExpired | timestamp | when this session was actually expired (see Rules below) |
Rules:
- if same user connects with new session, any existing sessions are automatically deactivated
- sessions.WhenExpired can be NULL even after WhenExpires if session is never accessed after WhenExpires and same user does not ever reconnect
- events -- logs of login attempts as well as what users did while logged in
| K# | ID | int(4) | |
| ID_User | int(4) | users.ID - which user, if any (NULL = unknown user) | |
| ID_Session | int(4) | sessions.ID - more information in case user is unknown | |
| When | timestamp | when this action was taken | |
| Seq | int(4) | Order in which actions were executed, if done at the same time | |
| Type | text(8) | short code for event type - [event_types] table (to be designed) | |
| Descr | text | description of action taken (should be very specific) |