Difference between revisions of "HyperAdmin"

Woozle: HyperAdmin

This is my attempt to create a general user administration system for use by other web-based applications (mostly mine) which might need one.

Login Sequence

Major phases

1. check what came in (form/cookies); set flags
2. inspect the database; set flags
3. set cookies and show html

Flow chart

• Phase I: check what came in
  1. Get user form input (user, pass, possibly extra pass & email)
  2. If no user given:
     • check cookies for session key
       • If session key found in cookies:
         • If session is active and valid:
           • Set $login_ok flag
         • ...else (session invalid or expired):
           • Set login message to "invalid or expired session; please log in"
           • Set $do_login_screen flag
       • If no session key found in cookies:
         • set $do_login_screen flag
         • set login message to "Please log in"
  3. ...else (user given):
     • If password also given
       • If 2nd password given:
         • If 2 passwords match set $do_create_user flag
         • If 2 passwords don't match:
           • set $do_login_screen flag
           • set login message to "passwords don't match"
         • ...else (no 2nd password):
           • set $do_login_attempt flag
• Phase II: check database
  1. Open database and inspect "users" table.
  2. If no users yet:
     • If $do_create_user:
       • Add user to database
       • Give user "god" permissions
       • Set $login_ok flag
     • ...else (not $do_create_user):
       • Set login message to "you are the first user; please create a new account"
  3. ...else if users found:
     • If user matches existing username, set $do_login_attempt flag
     • If $do_login_attempt:
       • Lookup encrypted password for given user
       • If encryption of new password matches
         • set $login_ok flag
         • if previous login was successful (check timestamps), set login attempts to zero
       • ...else (password mismatch):
         • increment login attempts for this user
         • set login message to "invalid user/password"
         • if $is_revisit, log a HACK WARNING
     • ...else (not $do_login_attempt):
       • If $new_pass_valid:
         • Create new account
         • Set $login_ok flag
       • ...else (not $new_pass_valid):
         • set $do_login_screen flag
• Phase III: set cookies and show html
  1. if $do_login_screen:
     • Show login screen, login message, and # of login attempts for this user
  2. ...else if $login_ok
     • Set user/pass cookie
     • Show control bar, with appropriate applications enabled and user info:
       • Time of last successful login
       • Time of last unsuccessful login
       • Number of failed login attempts

Possible security holes:

• Can $do_login_screen and $login_ok both end up false? In this case, nothing would be displayed.
• Can $do_login_screen and $login_ok both end up true? Is the resulting behavior appropriate?

Notes

"Session key" could be dumbed down to just username+password sent in a single parameter, if proper sessions were not otherwise needed for a site, though sessions do provide better security even if they aren't used for anything else.

Tables

• "K" indicates Primary Key fields
• "#" indicates autonumbered fields

Main data tables

• users -- users with access to the admin system

• groups -- each group has a role to play, and each role requires a particular set of privileges

• privs -- particular privileges; meaning is defined in code

Collection/link tables

• users_x_groups -- users in each group / groups to which each user belongs

• groups_x_privs -- privileges each group has / groups having a particular privilege

Logging tables

• log -- logs of login attempts as well as what users did while logged in