Admin vs Client rights

[Kosse]

Hi,

I'm trying to find a solution to get a "user" (means NOT admin) to login into the back-end and only be able to "see":
- files
- discussions
- profile
- messages

I don't want them to access the " phpwcms.php?do=articles " page, as I am not a php specialist, how could I get a simple way to do that? (instead of "waiting" for the front end to come out? ...

Thank you if anybody has a clue.

brans

Joined: 06 Nov 2003
Posts: 310
Location: Zurich

Posted: Sun Dec 19, 2004 18:02 Post subject:

ouhm so simply create a new field in your user-Table and set some rights there... you can figure out a mathematic system to check what category ppl are able to see. In your case you would just need two numbers... (ex. 1 and 2) simply enter a check wether users are from the first or the second group before allowing them to acces the pages and to see the links to those pages...

Ok,

I'm kinda noob but I got this figured out:

1) In my Mysql table [ phpwcms_user ]
I have a column: [ usr_admin ] , there it says 1 if admin or 0 if user. So I guess there are my "rights".

2) I went to the phpwcms.php page, I guess there I have to write somewhere a line that says something like:

Code: Select all

SELECT * FROM `phpwcms_user` WHERE `usr_admin`

...

In words: I guess here is where I have to say get the user table, check if usr_admin is 1 or 0 and then show or not the section.
Like in line 60 if usr_admin is 1 show:
case "articles" --> blabla
if not, don't show
case "articles" --> blabla

But as I said I am a noob, so I'm stuck here...

Sorry to bother if someone (and I'm sure there are a lot) could take 5 minutes (or is it more complicated than that?) to check this out
10.000 times thanks!

[Kosse]

Hope this will be usefull, I found something (I don't know if it is secure but it does it)

I went to the phpwcms.php file and modified from the line 157:

Code: Select all

//Wenn der User kein Admin ist, anderenfalls
if(!intval($_SESSION["wcs_user_admin"])) {
	unset($wcsnav["admin"]);
} else {
	if($do  == "admin") {
		//$do = $_GET["do"];
		$wcsnav["admin"] = '<strong class="navtexta">'.$wcsnav["admin"].'</strong>';
	}	
}

I added

Code: Select all

	unset($wcsnav["articles"]);
	unset($wcsnav["modules"]);

The result:

Code: Select all

//Wenn der User kein Admin ist, anderenfalls
if(!intval($_SESSION["wcs_user_admin"])) {
	unset($wcsnav["admin"]);
	unset($wcsnav["articles"]);
	unset($wcsnav["modules"]);
} else {
	if($do  == "admin") {
		//$do = $_GET["do"];
		$wcsnav["admin"] = '<strong class="navtexta">'.$wcsnav["admin"].'</strong>';
	}	
}

So, if somebody logs in as admin he will see everything, else (i.e. a "client") only the files, messages, discussion, profile.
So, you can customize it by adding or removing the

Code: Select all

unset($wcsnav["name_of_the_function"]);

where name_of_the_function is the backend section you want to show or not.

It is not much, but it helped me. So I have some pple as admins and other that can exchange files without modifiying the sites content or structure. Usefull for pple who don't know what a ftp client is and need to have private areas. I think Oliver started phpwcms from that idea (exchanging files).

Hope it does it for somebody as well.

The perfect thing would be to make this feature accessible from the admin section. For example, a ticker you check or uncheck. I'll try to do this, if I succeed I'll post it here. (I guess the back-end/front-end will manage all that but meanwhile...)

Cheers

[phalancs]

thanx that was pretty much what i was looking for!

perfectly and clean!

[trip]

Kosse
nice one
maybe Oliver can flag this in the admin backend, so this can added to a backend user

TriP