Roles and Permissions |
06-04-2023, 04:59 AM
(This post was last modified: 06-04-2023, 05:01 AM by captain-sensible. Edit Reason: more )
I don't use shield for my CMS ; thats because basically its aimed at a single admin user. The advantage of writting code youself is that you can tailor make it for your own requirments, you know exactly what the code does its requirmemts , the way it works and you are in a position to update it to your needs.
The elements in an admin user are: 1) There is a hidden url , that admin will use . That URL will bring up a view , which has a form to log in . 2) The input fields are : i) admin user name II) admin password ii) Enter the captach symbols displayed The form is procted in that 5 goes of someone trying to log in with failure will be a "brush off" The admin table field is in a sqlitedatabase fields being : Id, name, Password ( that has been encrypted before stroing) and role So a typical entry would be : 1, AdminNAme, $2y$10$scmpB8B9o5k/yXVn66h8Xu/n.....etc, admin the input from the form is processe by a controller. The user name and password are encrypted and checked against the encrpyted in the db, the role is checked, the captcha is checked . if everything OK I set a session like Code: $_SESSION['role']="admin"; Thwen to control things what I do is have routes and filters comtrolling what can be accessed . The filter will check to see if a session has been set with role "admin" . Checks can be made ad naseum Typical urls that admin would want to go to would be /editBlogs , createBlog and such and such II then have Code: public $filters = [ 'myfilter' => ['before' => ['removeProduct','editOneProduct','editProducts','addProduct','newblog','editBlogs','removeBlog','addGallery','delGallery','admin' ]]]; So basically to edit a blog admin would go to somedomain.com/editBlogs You can't g othere to access it unless logged in as admin role in a session at that url there is a form ,whith existing blog text etc and a submit. ON submission input goes to a controller to porcess. But unless your logged in with a session that yo uare admin you will nto be able to access that URL So thats my crue approach. There may be better ways but m ystance is hey a Million users use WordPress and security has so many holes its like a pirce of Swiss cheese; meaning mine is superior . Original poster, if yo ucome back and want to know more i can elaborate |
Messages In This Thread |
Roles and Permissions - by mayurkoshti - 06-02-2023, 04:15 AM
RE: Roles and Permissions - by InsiteFX - 06-02-2023, 09:51 PM
RE: Roles and Permissions - by captain-sensible - 06-04-2023, 04:59 AM
RE: Roles and Permissions - by DeanE10 - 06-09-2023, 09:20 AM
RE: Roles and Permissions - by Corsari - 06-11-2023, 07:20 AM
RE: Roles and Permissions - by JustJohnQ - 06-11-2023, 11:51 AM
RE: Roles and Permissions - by Corsari - 06-12-2023, 04:08 AM
RE: Roles and Permissions - by pippuccio76 - 12-26-2023, 01:51 AM
|