Difference between revisions of "HyperAdmin"

Woozle: HyperAdmin

This is my attempt to create a general user administration system for use by other web-based applications (mostly mine) which might need one.

Login Sequence

Major phases

1. check what came in (form/cookies); set flags
2. inspect the database; set flags
3. set cookies and show html

Flow chart

• Phase I: check what came in
  1. Get user form input (user, pass, possibly extra pass & email)
  2. If no user given:
     • check cookies for user/pass combination:
       • If user/pass found in cookies, set $is_revisit flag
       • If no user/pass found in cookies:
         • set $do_login_screen flag
         • set login message to "Please log in"
  3. ...else (user given):
     • If password also given
       • If 2nd password given:
         • If 2 passwords match set $do_create_user flag
         • If 2 passwords don't match:
           • set $do_login_screen flag
           • set login message to "passwords don't match"
         • ...else (no 2nd password):
           • set $do_login_attempt flag
• Phase II: check database
  1. Open database and inspect "users" table.
  2. If no users yet:
     • If $do_create_user:
       • Add user to database
       • Give user "god" permissions
       • Set $login_ok flag
     • ...else (not $do_create_user):
       • Set login message to "you are the first user; please create a new account"
  3. ...else if users found:
     • If $do_login_attempt:
       • Lookup encrypted password for given user
       • If encryption of new password matches
         • set $login_ok flag
         • if previous login was successful (check timestamps), set login attempts to zero
       • ...else (password mismatch):
         • increment login attempts for this user
     • ...else (not $do_login_attempt):
       • If $new_pass_valid:
         • Create new account
         • Set $login_ok flag
       • ...else (not $new_pass_valid):
         • set $do_login_screen flag
         • set login message to "invalid user/password"
         • if $is_revisit, log a HACK WARNING
• Phase III: set cookies and show html
  1. if $do_login_screen:
     • Show login screen, login message, and # of login attempts for this user
  2. ...else if $login_ok
     • Set user/pass cookie
     • Show control bar, with appropriate applications enabled and user info:
       • Time of last successful login
       • Time of last unsuccessful login
       • Number of failed login attempts

Possible bugs:

• Can $do_login_screen and $login_ok both end up false? In this case, nothing would be displayed.
• Can $do_login_screen and $login_ok both end up true? Is the resulting behavior appropriate?

Tables

• "K" indicates Primary Key fields
• "#" indicates autonumbered fields

Main data tables

• users -- users with access to the admin system

• groups -- each group has a role to play, and each role requires a particular set of privileges

• privs -- particular privileges; meaning is defined in code

Collection/link tables

• users_x_groups -- users in each group / groups to which each user belongs

• groups_x_privs -- privileges each group has / groups having a particular privilege

Logging tables

• log -- logs of login attempts as well as what users did while logged in