I betcha you can tell I'm getting better at this, right? hehe.

I'm sure many of you know what a roster is, and I'm sure some of you don't; it's a list of people who are in an organization. Well, that's what I'm trying to build. One of the fields in this roster database is called "Password" and therefore holds the members' password. However, I only want him to be able to see it, and thefore be the only one who can modify it. The permissions are set as follows:
Default Users can only view.
Registered Users (Users that I, as admin, add to the user list - no one is allowed to sign up) can add only once, modify only that one record, never delete any record, and never admin.

The problem I am having is when a member adds their record to the database. Because the Password field is required, and set to admin only, they can't see the field and thus can't add the record (you get "Password (Can not be left blank)").

Any ideas?

Thanks,


Michael DeLong

Bad idea. Keep the password in the .pass file, encrypted, where it belongs and you won't have the problem.

The only other thing you could do would be to add a record when you add the new user and include the password. Then the user would only have view and modify permissions.



JPD
http://www.jpdeni.com/dbman/

No, the password in the database isn't the same as the password in the field. The one in the database that the user uses to log into the database and the one in the records are not for the same uses and are usually different. I think I have an idea, but it would make the html.pl file quite a bit larger in size. I'll try to write the code as best I can and then post it to show you - maybe you'll understand a little better then.

Michael DeLong

I see.

If only you (as admin) can add the password, then you will have to either make the password not required or add the record yourself.

JPD
http://www.jpdeni.com/dbman/

But that's a problem though. I expect to be getting fifty applications to join my organization per week or two. I don't want to be up until 3 in the morning (don't think my parents would either) adding members. So, I'm planning on letting the user add their own record. Would it be possible to have it to where if the $db_userid matched the key_field, it would show the field, and if there wasn't a match, it wouldn't show it? That's for viewing and modifying - and for adding, it would show it all the time.

Thoughts?


Michael DeLong

I think I'm going to have to wait for your full explanation. I'm confused now as to what you're going to do.

If you don't want to add records for each new user, then make the password an optional field. That way the user won't get an error message because it's blank.

As to your question, yes, I'm sure it's possible.

JPD
http://www.jpdeni.com/dbman/

Sorry for the late reply, had a busy Sunday and computer problems just aren't any fun.

Let me start over in the "point of view" of a non-admin member.

I find out about an organization and I want to join. Before I join, I go and search around and view other people already on the roster. Their information tells me everything about them except for a password field (this is because I'm a default user, I'm not logged in, and most of all, the record doesn't belong to me). Once I'm ready to join, I log in (because the admin has added me to the user list). Once I log in, I can continue to view the roster (but I'm still not able to see other members' password field) or I can add my information. This information includes a password field. Once I am done adding myself, I can never add another record, only modify my record, never delete a record, and never admin. If I need to modify my record, I can modify everything about it including the password field. Even after I have added a record, I can only see the password field if the record belongs to me (i.e. $db_userid = $db_key). If I view someone elses record, I can't see their password field because $db_userid and $db_key don't match.

Now, from the administrators point of view:
I've been told that someone wants to join my organization. So, I go log in and in the admin section, I add a user and tell that person to log into the database. From there, they add their record, as described above. However, ALL administrators are allowed to view everything; all records, all fields (including the password field in the records), everything. I'm also allowed to delete, modify, and add users and records as needed.

Better?

Michael DeLong

For when the password field is displayed, you can use

JPD
http://www.jpdeni.com/dbman/

Just from looking at the code, it looks great. Lemme go test it and I'll get back to you....Okay, I went and added that to the _record and _record_form subroutines. It works great; all except for adding - it doesn't show the password field because the person adding the record doesn't quite yet own the record. I can fix that by going into the add_record sub and just manually printing the form instead of calling the subroutine. This will make the html.pl file larger, thus making the CPU usage greater. BUT, I think there might be another way - what if I were to take your code and do this:

if (($db_userid eq $rec{$db_cols[$auth_user_field]}) || $in{'add_form'} || $per_admin) { print qq|the password field|;}

Would it work?


Thanks,


Michael DeLong

Probably. Give it a shot and see what happens.

JPD
http://www.jpdeni.com/dbman/

Yep, I'm getting better at this - it works great! I've also gone and made some "mini" mods aimed directly for my orgranization. Thanks JPD - you're a great help.



Michael DeLong

Excellent!! The best thanks I can get is people telling me that they've learned something and they're going on from what I've taught them. I really can't tell you how good that makes me feel.

JPD
http://www.jpdeni.com/dbman/