I have tried to accomplish the following.
1) Allow the public to link directly and view all the database postings using
http://www.marscafe.com/cgi-bin/test/jobs/db.cgi?db=default&uid=default&%20&sb=0&view_records=1&so=descend&ID=*
2) Require those who want to post to register. They then receive the following permissions of:: View, Add, Delete, Modify (1,1,1,1,0) and can make multiple posts.
3) I have set up a guest with View only permissions (1,0,0,0,0)
--> For a registered user everything works fine.
--> For a directly linking user everything works fine and they view the database listings.
--> BUT the guest is denied permission to search the database (List All works fine) and I get the following message:
Error: Unauthorized Action
The database program received a command that you are not authorized for.
| Home | Search/View | List All | Log Off |
I am using version Version: 2.05 of DBMan. The relevant sections of my default.cfg file and the sub html_footer from html.pl follow.
If someone could take a look at my configuration settings and point me in the right direction I would greatly appreciate it.
Regards,
Chef Mars
%db_def = (
'ID' => [0, 'numer', 5, 8, 1, '', ''],
'date' => [1, 'date', 12, 15, 1, &get_date, ''],
'name' => [2, 'alpha', 40, 255, 1, '', ''],
'email' => [3, 'alpha', 40, 255, 1, '', '.+\@.+\..+'],
'CompanyName' => [ 4, 'alpha', 40, 255, 1, '', ''],
'title' => [5, 'alpha', 0, 255, 1, '', ''],
'JobLocationCountry' => [ 6, 'alpha', 0, 255, 1, '', ''],
'JobLocationState' => [ 7, 'alpha', 0, 255, 0, '', ''],
'companytype' => [8, 'alpha', 40, 255, 1, '', ''],
'Compensation' => [ 9, 'alpha', 40, 255, 0, '', ''],
'comments' => [10, 'alpha', '40x3', 2000, 1, '', ''],
'phone' => [ 11, 'alpha', 40, 30, 0, '', ''],
'fax' => [ 12, 'alpha', 40, 40, 0, '', ''],
'CompanyUrl' => [13, 'alpha', 40, 255, 0, 'http://', '^http://'],
'userid' => [ 14, 'alpha', -2, 15, 0, '', '']
);
# The column name for the database key. Can be any column, but it must be unique!
# You can't have two records with the same key value!
$db_key = 'ID';
# Track the key? Should DBMan keep a counter of the next key to use? This isn't
# neccessary if you can guarantee that your entry in the key field will be unique
# (i.e. a userid).
$db_key_track = 1;
# Database delimeter.
$db_delim = '|';
# Use file locking (1 = Yes, 0 = No). Should be used, but won't work on Win95.
$db_use_flock = 1;
# Auto generate the html forms (1 = Yes, 0 = No).
$db_auto_generate = 0;
# Display Benchmarking Information (1 = Yes, 0 = No).
$db_benchmark = 0;
# Display Debugging Information (1 = Yes, 0 = No).
$db_debug = 0;
###########################################################
# Authorization Options
###########################################################
# --------------------------------------------------------
# No Authentication? (1 = "there is no authentication", 0 = "there is authentication")
# If you choose no authentication, then set the permissions of what
# people can do with: @auth_default_permissions below.
$auth_no_authentication = 0; #original
# The amount of time in seconds that user files are kept in the
# auth directory before the program removes them. 2-6 hours is
# probably a good value.
$auth_time = 21600; # 6 hours (in seconds)
# Enable (1) or disable (0) logging.
$auth_logging = 1;
# Allow a default user? This means you can specify a user via the URL
# and skip the logon process. Use this to allow people to search without
# logging on, but require log in if they want to add/modify/remove etc.
# (1 = "yes", 0 = "no")
$auth_allow_default = 1;
# Default permissions used if there is no authentication, or for a default
# user. (View, Add, Delete, Modify, Admin), 1 = enable, 0 = disable.
@auth_default_permissions = (1,0,0,0,0);
# Allow people to sign up for their own userid/passwords? They will
# recieve default permissions.
$auth_signup = 1;
# Permissions a new signup should get.
@auth_signup_permissions = (1,1,1,1,0);
# Registered users: can modify/delete _only_ own records. For this to make
# sense you should set default off or to 1,0,0,0.
$auth_modify_own = 1;
# Registered users: can view _only_ own records. For this to make sense
# you should turn off default permissions.
$auth_view_own = 0;
# Auth user field. This is the field position in the database used for storing
# the userid who owns the record. Set to -1 if not used.
$auth_user_field = 14; # was the original
# This is the field position in the database used for storing
# the email address of the one who owns the record. Set to -1 if not
# used.
#$auth_email_field = 4; #original
$auth_email_field = -1;
-----------------------------------------------------------------
Permissions: |;
print " View " if ($per_view);
print " Add " if ($per_add);
print " Delete " if ($per_del);
print " Modify " if ($per_mod);
print " Admin " if ($per_admin);
print " None " if (!($per_view || $per_add || $per_del || per_mod));
print qq|</b></font>
<P>
<P>
|; &html_footer; print qq|
-----------------------------------------------------------------
print qq!<P align=center><$font>!;
print qq!| <A HREF="$db_script_link_url">Home</A> !;
print qq!| <A HREF="$db_script_link_url&add_form=1">Add</A> ! if ($per_add);
print qq!| <A HREF="$db_script_link_url&view_search=1">Search/View</A> ! if ($per_view);
print qq!| <A HREF="$db_script_link_url&delete_search=1">Delete</A> ! if ($per_del);
print qq!| <A HREF="$db_script_link_url&modify_search=1">Modify</A> ! if ($per_mod);
print qq!| <A HREF="$db_script_link_url& &sb=0&view_records=1&so=descend&ID=*">List All</A> ! if ($per_view);
print qq!| <A HREF="$db_script_link_url&admin_display=1">Admin</A> ! if ($per_admin);
print qq!| <A HREF="$db_script_link_url&logoff=1">Log Off</A> |!;
print qq!</font></p>!;
1) Allow the public to link directly and view all the database postings using
http://www.marscafe.com/cgi-bin/test/jobs/db.cgi?db=default&uid=default&%20&sb=0&view_records=1&so=descend&ID=*
2) Require those who want to post to register. They then receive the following permissions of:: View, Add, Delete, Modify (1,1,1,1,0) and can make multiple posts.
3) I have set up a guest with View only permissions (1,0,0,0,0)
--> For a registered user everything works fine.
--> For a directly linking user everything works fine and they view the database listings.
--> BUT the guest is denied permission to search the database (List All works fine) and I get the following message:
Error: Unauthorized Action
The database program received a command that you are not authorized for.
| Home | Search/View | List All | Log Off |
I am using version Version: 2.05 of DBMan. The relevant sections of my default.cfg file and the sub html_footer from html.pl follow.
If someone could take a look at my configuration settings and point me in the right direction I would greatly appreciate it.
Regards,
Chef Mars
%db_def = (
'ID' => [0, 'numer', 5, 8, 1, '', ''],
'date' => [1, 'date', 12, 15, 1, &get_date, ''],
'name' => [2, 'alpha', 40, 255, 1, '', ''],
'email' => [3, 'alpha', 40, 255, 1, '', '.+\@.+\..+'],
'CompanyName' => [ 4, 'alpha', 40, 255, 1, '', ''],
'title' => [5, 'alpha', 0, 255, 1, '', ''],
'JobLocationCountry' => [ 6, 'alpha', 0, 255, 1, '', ''],
'JobLocationState' => [ 7, 'alpha', 0, 255, 0, '', ''],
'companytype' => [8, 'alpha', 40, 255, 1, '', ''],
'Compensation' => [ 9, 'alpha', 40, 255, 0, '', ''],
'comments' => [10, 'alpha', '40x3', 2000, 1, '', ''],
'phone' => [ 11, 'alpha', 40, 30, 0, '', ''],
'fax' => [ 12, 'alpha', 40, 40, 0, '', ''],
'CompanyUrl' => [13, 'alpha', 40, 255, 0, 'http://', '^http://'],
'userid' => [ 14, 'alpha', -2, 15, 0, '', '']
);
# The column name for the database key. Can be any column, but it must be unique!
# You can't have two records with the same key value!
$db_key = 'ID';
# Track the key? Should DBMan keep a counter of the next key to use? This isn't
# neccessary if you can guarantee that your entry in the key field will be unique
# (i.e. a userid).
$db_key_track = 1;
# Database delimeter.
$db_delim = '|';
# Use file locking (1 = Yes, 0 = No). Should be used, but won't work on Win95.
$db_use_flock = 1;
# Auto generate the html forms (1 = Yes, 0 = No).
$db_auto_generate = 0;
# Display Benchmarking Information (1 = Yes, 0 = No).
$db_benchmark = 0;
# Display Debugging Information (1 = Yes, 0 = No).
$db_debug = 0;
###########################################################
# Authorization Options
###########################################################
# --------------------------------------------------------
# No Authentication? (1 = "there is no authentication", 0 = "there is authentication")
# If you choose no authentication, then set the permissions of what
# people can do with: @auth_default_permissions below.
$auth_no_authentication = 0; #original
# The amount of time in seconds that user files are kept in the
# auth directory before the program removes them. 2-6 hours is
# probably a good value.
$auth_time = 21600; # 6 hours (in seconds)
# Enable (1) or disable (0) logging.
$auth_logging = 1;
# Allow a default user? This means you can specify a user via the URL
# and skip the logon process. Use this to allow people to search without
# logging on, but require log in if they want to add/modify/remove etc.
# (1 = "yes", 0 = "no")
$auth_allow_default = 1;
# Default permissions used if there is no authentication, or for a default
# user. (View, Add, Delete, Modify, Admin), 1 = enable, 0 = disable.
@auth_default_permissions = (1,0,0,0,0);
# Allow people to sign up for their own userid/passwords? They will
# recieve default permissions.
$auth_signup = 1;
# Permissions a new signup should get.
@auth_signup_permissions = (1,1,1,1,0);
# Registered users: can modify/delete _only_ own records. For this to make
# sense you should set default off or to 1,0,0,0.
$auth_modify_own = 1;
# Registered users: can view _only_ own records. For this to make sense
# you should turn off default permissions.
$auth_view_own = 0;
# Auth user field. This is the field position in the database used for storing
# the userid who owns the record. Set to -1 if not used.
$auth_user_field = 14; # was the original
# This is the field position in the database used for storing
# the email address of the one who owns the record. Set to -1 if not
# used.
#$auth_email_field = 4; #original
$auth_email_field = -1;
-----------------------------------------------------------------
Permissions: |;
print " View " if ($per_view);
print " Add " if ($per_add);
print " Delete " if ($per_del);
print " Modify " if ($per_mod);
print " Admin " if ($per_admin);
print " None " if (!($per_view || $per_add || $per_del || per_mod));
print qq|</b></font>
<P>
<P>
|; &html_footer; print qq|
-----------------------------------------------------------------
print qq!<P align=center><$font>!;
print qq!| <A HREF="$db_script_link_url">Home</A> !;
print qq!| <A HREF="$db_script_link_url&add_form=1">Add</A> ! if ($per_add);
print qq!| <A HREF="$db_script_link_url&view_search=1">Search/View</A> ! if ($per_view);
print qq!| <A HREF="$db_script_link_url&delete_search=1">Delete</A> ! if ($per_del);
print qq!| <A HREF="$db_script_link_url&modify_search=1">Modify</A> ! if ($per_mod);
print qq!| <A HREF="$db_script_link_url& &sb=0&view_records=1&so=descend&ID=*">List All</A> ! if ($per_view);
print qq!| <A HREF="$db_script_link_url&admin_display=1">Admin</A> ! if ($per_admin);
print qq!| <A HREF="$db_script_link_url&logoff=1">Log Off</A> |!;
print qq!</font></p>!;