I am new to DBMan. I have a few questions that needed your assistance.

1) How do one change his/her password?
2) If a user forgotten their password, how does he/she retrieve her password?
3) I want to create a database where different users will have access to only view certain database. For example, I have 3 items in my database - A, B, and C. I have two users - 001 and 002. When 001 log-in using his password, he will only have access to item A. User 002 will have access to Item B and C. How do I go about setting it in this way.

Any assistance on the above is greatly appreciated.

Ben

1) With the default DBMan distribution, password changes must be done by the admin. There is a modification I wrote, which is available at
http://www.jpdeni.com/dbman/change_password.txt
which will allow users to change their passwords.

2) With the default DBMan distribution, the only thing you can do is have the admin change the password and send it to the user. With my password lookup mod, available at
http://www.jpdeni.com/dbman/lookup.txt
you can allow users to have their passwords emailed to them.

3) Are you saying that you want users to be able to see only certain fields in the records or only certain records?


------------------
JPD

Thank you JPDeni for your prompt reply. I looked through the two URL that you gave me. How do I use both the scripts? How do I ensure security so that no one will have access to my password file since the passwords won't be encrypted?

For your question....yes, I want certain individual to access certain file. Let me give you a clearer example.

I created have 10 records in my default database. I have two users, namely A & B. When A logged in using his ID, I want him to see only record 1 - 5, whereas B will have access to record 6 - 10. How do I do it?

I have another new question. How do I prevent someone from creating his own user/password?

Regards.
Ben

I am in the midst of writing a new, more secure password lookup modification. (I just took a little break to see what was going on at the forum.) It may be a couple of days before the new one is available, though, depending on what happens in my life. If you can wait a few days, you'll have a much more secure password lookup that will retain encryption. I am going to bed right now, though, so I'll get back to it tomorrow -- later today.

I'm not sure how you would restrict users to certain records. That would be pretty complicated. It might come to me later on, but I don't know how you would do it right now.

(A couple of minutes later) You might be able to have a field that includes the usernames of those who can view the record and set $auth_view_own = 1 in the default.cfg file. You'd have to do a little work in sub query to get it to recognize more than one user as "owning" the record, though. If you only had one user for each record it wouldn't be a problem.

As for preventing users from creating their own username and password -- do you want people to sign up online and have the username and password created for them or do you want to just add the username and password yourself?

If it's the latter, just set $auth_signup = 0 in the default.cfg file. If it's the former, just wait until I get the new password lookup mod done. I have it set up so that it generates a password for new users. It would be easy enough to generate a username as well, if you wanted to.


------------------
JPD







[This message has been edited by JPDeni (edited July 11, 1999).]

Dear JPD,

In order to restrict my user to certain records, you suggested that I change $auth_view_own = 1. Well, if I do that, this user will only be able to view the record that he fills in himself.

I am only allowing my users access to view the records and not to add records. All records will be added by the admin. How can the admin select certain records to be viewed by certain users only when inputing the records?

Ben

What I had in mind was that you would be setting the userid to the one who is allowed to view it.

You can change db.cgi so that the auth user field is not automatically set to the userid.

And you can also change db.cgi so that it would recognize more than one userid in the auth user field. You would just need to separate the userids by spaces.


------------------
JPD

You have to pardon me, JPD. I am not familiar with programming. Therefore, if it involves changing the db.cgi script, I really need your help.

Could you please elaborate it in a simplified step by step instructions just like in your site where you guide a person to set-up the script?

TQ.
Ben

Sure. I was just making sure this is what you wanted before I went on.

Set the maximum length of the userid field to a large number -- 255 would be good.

In db.cgi, look for sub add_record. After the comment lines, you'll see:


Change the last line of the above to


This will allow you to add whatever you want to the userid field.

Then, also in db.cgi, but this time in sub query, look for


Change the last line above to


Then, when you add a record, put the userids of the users you want to have access to the record in the auth user field, separated by spaces.

This should work, although I haven't tried it directly on a database.


------------------
JPD

JPD,

I tried configuring what you said but the script can't work. It says 500 Internal Server Error.

I'll have to take a look at your script, then. Please copy your db.cgi script to a web-accessible directory -- one where you would place html files -- and rename the file to db_cgi.txt. Then let me know where I can see it.


------------------
JPD

Please check my script at:

http://www.penang.org/JMMD/db_cgi.txt

TQ.
Ben

I made a typo in what I gave you.

The change in sub add_record should be:



------------------
JPD

Another error occurs. This time it says,

CGI ERROR==========================================
Error Message : Error loading required libraries.
Check that they exist, permissions are set correctly and that they compile.
Reason: syntax error at default.cfg line 74, near "'Userid'"

I am not too sure how to set my userid. Please advise.

Ben

If you'll post your .cfg file, I'll take a look at it.


------------------
JPD

Please find my .cfg file at,

http://www.penang.org/JMMD/default_cfg.txt

TQ.
Ben

You left out a comma at the end of the previous line:



------------------
JPD

Great, JPD, my script is now running.

I have a slight problem. I created the userid which is only seen by the admin. How do I create a new user that is only able to view that record with the userid?

Ben

I don't understand your question.


------------------
JPD

What I wanted for my database is to allow admin to add record and users to only view records. Users will have restricted access to certain records respectively. For example, I have...

Record 1, 2, 3, 4, 5 (all added by admin)
I created 2 users - A & B
I want A to be only able to view record 1 & 3, whereas B to have access to view only record 2, 4 & 5.

You suggested that I create a userid which is linked to the respective records. Take the example above, I will key-in a same userid for record 1 & 3, and I will use another userid for record 2, 4 & 5. So when I create user A to be able to view only record 1 & 3, how do I link user A to the userid of record 1 & 3? (Note that userid is keyed in by the admin and is not visible to the users when viewing the records)

I hope I am not confusing you with the above. Let me know if you still don't understand :-)

Ben