Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums CodeIgniter 4 CodeIgniter 4 Support Roles and Permissions
Roles and Permissions
#3
06-04-2023, 04:59 AM
(This post was last modified: 06-04-2023, 05:01 AM by captain-sensible. Edit Reason: more )

I don't use shield for my CMS ; thats because basically its aimed at a single admin user. The advantage of writting code youself is that you can tailor make it for your own requirments, you know exactly what the code does its requirmemts , the way it works and you are in a position to update it to your needs.

The elements in an admin user are:

1) There is a hidden url , that admin will use . That URL will bring up a view , which has a form to log in .
2) The input fields are : i) admin user name
II) admin password
ii) Enter the captach symbols displayed
The form is procted in that 5 goes of someone trying to log in with failure will be a "brush off"

The admin table field is in a sqlitedatabase fields being :

Id, name, Password ( that has been encrypted before stroing) and role

So a typical entry would be : 1, AdminNAme, $2y$10$scmpB8B9o5k/yXVn66h8Xu/n.....etc, admin


the input from the form is processe by a controller.

The user name and password are encrypted and checked against the encrpyted in the db, the role is checked, the captcha is checked .


if everything OK I set a session like

Code:
    $_SESSION['role']="admin";


Thwen to control things what I do is have routes and filters comtrolling what can be accessed . The filter will check to see if a session has been set with role "admin" .
Checks can be made ad naseum

Typical urls that admin would want to go to would be /editBlogs , createBlog and such and such

II then have

Code:
    public $filters = [    'myfilter' => ['before' => ['removeProduct','editOneProduct','editProducts','addProduct','newblog','editBlogs','removeBlog','addGallery','delGallery','admin' ]]];


So basically to edit a blog admin would go to somedomain.com/editBlogs

You can't g othere to access it unless logged in as admin role in a session

at that url there is a form ,whith existing blog text etc and a submit. ON submission input goes to a controller to porcess. But unless your logged in with a session that yo uare admin you will nto be able to access that URL

So thats my crue approach. There may be better ways but m ystance is hey a Million users use WordPress and security has so many holes its like a pirce of Swiss cheese; meaning mine is superior .

Original poster, if yo ucome back and want to know more i can elaborate
CMS CI4     I use Arch Linux by the way 

Reply


Messages In This Thread
Roles and Permissions - by mayurkoshti - 06-02-2023, 04:15 AM
RE: Roles and Permissions - by InsiteFX - 06-02-2023, 09:51 PM
RE: Roles and Permissions - by captain-sensible - 06-04-2023, 04:59 AM
RE: Roles and Permissions - by DeanE10 - 06-09-2023, 09:20 AM
RE: Roles and Permissions - by Corsari - 06-11-2023, 07:20 AM
RE: Roles and Permissions - by JustJohnQ - 06-11-2023, 11:51 AM
RE: Roles and Permissions - by Corsari - 06-12-2023, 04:08 AM
RE: Roles and Permissions - by pippuccio76 - 12-26-2023, 01:51 AM



Theme © iAndrew 2016 - Forum software by © MyBB