I am using CakePHP 2.4. I am using AuthComponent.
There is an User Management module in Admin Panel, where I am showing list of users. I have given a link Login as User corresponds to each user.
Now I have to handle multiple user sessions on the basis of user_type field in a way that an Admin & the specific user sessions can maintain in the same browser.
There are 3 user_types in users table: admin,dealer and general.
Please suggest, If AuthComponent have this feature. Any other alternate solution would also be appreciated.
Related
Note: There is no code to show or prove it, we just need a methodology to solve the problem before implementing the code to our code base.
We have more than one user for our fashion web (laravel app)
Guest (does not matter to this issue)
User (Fashion lovers/Customers/Clients)
Tailors (Fashion designers new/existing accounts in the platform)
The users(customers) can login and register to their application without no problem but our problem is how can we filter the two users(customers/tailors) such that when a user (tailor) logins to www.app.dev/tailor#dashboard (without access) it redirects to (www.app.dev/login) and when the user is a tailor it takes the user to tailors login page instead the user (customers) login, Do you understand me??
check for following stackoverflow questions
Can anyone explain Laravel 5.2 Multi Auth with example
How to use multi Auth in laravel 5.2
Multiple auth user types in Laravel 5
In my company we have some technology restrictions. Currently I have a IIS server with PHP. IIS is configured to authenticate users over our Active Directory using NTLM.
I have installed WordPress on this server and am able to login on it using admin user (id=1), and any user is able to read articles and post comments anonymously.
"Thanks" to NTLM, I can retrieve users' login with $_SERVER['REMOTE_USER']. This way I can identify (in a plugin) users. But WP doesn't automatically logs them and identifies them.
What I need now is to control users permissions inside Wordpress. I need to attribute roles to them, define groups of people allowed to publish, post and edit without being allowed to publish, comment and register their login on their comments, and also users that are allowed only to read articles (guests) and users not allowed to read articles. Maybe I'll also need to attribute read access relating roles to categories, so that a given role is allowed to read articles from a category and not from another category.
Users are related to departments and have one charge (job title). Users are frequently moving over departments and changing charge. I need to use both to define some roles. I can develop a plugin to hook on some WP filter, retrieve their data and dynamically set their role.
To retrieve their department, charge and name, I could use LDAP. If not possible, I have a MSSQL database that also has their data. So, if I can't use LDAP, I'd need to make WordPress connect to MSSQL and query it.
It's unpractical to register tens of thousands of users in WordPress, and even more to request them to keep their passwords. I need WordPress to identify users and automatically add new ones to its wp_users table. I also need to be able to manually register a few users without requiring them to first enter the site. I then can manually manage users to WordPress roles.
I see 3 possible solutions here:
1) Use IIS's NTLM to authenticate users, and use $_SERVER['REMOTE_USER'] to retrieve their login and log them into WordPress. If they aren't yet registered on wp_users, that's done so. I then query MSSQL for their data. This seems to be the easiest solution.
2) Use IIS's NTLM to authenticate users, and use $_SERVER['REMOTE_USER'] to retrieve their login. Then retrieve their names from AD using LDAP, and provide these data to authenticate WordPress and handle wp_users. This is the most desired solution, but also the most complex.
3) Ignore NTLM and require users to manually provide their login and password to WordPress's login form, then authenticate them over LDAP and handle wp_users. Provided password is their AD one. HTTPS is already working and being forced inside backend. This is the least desired solution, because users are already used to be authenticated from NTLM and may not want or understand the login form (yes...).
Has anybody done that and could help me? Is there a plugin that solves this need, or some open source code I can use as basis to develop a plugin?
I am trying to create roles and permissions functions in php. I have checked some tutorials
A Better Login System
RBAC in PHP
but it is not clear that the permissions are that of the ones granted by mysql or they are improvised in php.
For example if I have roles like admin and user and developer, so should I have to create different users in database and then use those to perform different operations or should I create one root user and then control the access in php. To me it seems like the database should restrict it by having different users.
First clear yourself on roles & permissions. In front end these are different things to provide access to certain pages & changes.
As per your question let me tell you the roles as Admin/User/Developer can be managed by MySQL user rights. MySQL user rights restrict user access on tables, creating tables,deletion and insertion etc. Now if you create different users in database with custom user rights you will have to include different connection credentials for each of the users.
Further in controlling PHP pages restrict user access with user pages assignment by php codes.
If you are really going for custom access management module. I would recommend you to create role table where roles will be placed
table:role
Columns:
id (pk, auto-increment)
role_name (Varchar)
keep 'role_id' in the user table.
you don't need to create a separate table for user_role since each use will have one role.
But if you are planning to have completely page level access.. You would need that table and a UI should be created where you would assign pages (access) to the user while creating a user.
If you are using any framework, do look for the available apis. YII has a very good security feature which access rules and filters are defined.
I have seen Joomla using many types of user access for the admin site. For example user, admin user, registered user and super user. The system actually know what type of user you are once we logged in. I'm trying to do the same thing for my web app. I need any suggestions on how this features can be achieved using PHP.
Assuming a user is in a database, you could have an column like role which would be user, admin, registered, and super.
Then in PHP you can use switch / if-condition blocks based on that role variable.
I'm developing a CakePHP 1.3 application which needs to login users backend and frontend.
On the backend, admins and others must login to edit pages and data.
On the frontend, users can login to see "private" pages.
I'm using CakePHP ACL/Auth to login backend users (but i dont'have so clear how it works).
What do you suggest? I was thinking to set frontend users as a particular "acl" group to see that pages.
User admin routing.( http://book.cakephp.org/view/945/Routes-Configuration )
This will allow you to create separate functionality for ADMINS and USERS. You can even create additional user types and create routes for them too.
ACL is a bit difficult to understand and does not make sense for all situations. This blog may be of some use to help you get started:
http://www.studiocanaria.com/articles/cakephp_auth_component_users_groups_permissions_revisited