Gossamer Forum
(Advanced Search)
for
Home : Products : DBMan : Customization :

Multiple login via link

Jul 13, 2005, 10:13 AM
Budb
Novice (20 posts)
Jul 13, 2005, 10:13 AM
Post #1 of 5
Views: 3311
Shortcut
Quote Reply
Multiple login via link
We have a database setup to display the results of an analysis for brokers. (Thanks JPDeni for your excellent help on the averages).

The database is accessed via a link from the main site. When a broker click on a link on the analysis page, it basically searches his record only to modify/view using the ID field, which is also his username on the main site.
  • All broker records are created in DBman for them.
  • All ID' s for Administrators, Wholesalers and Brokers are created for them.
  • There is no authentication so a broker clicks on his link and is taken directly to his record without login.

What we would like is to be able to have everything below accessed from the same link on the main site.
  • A broker can view/modify only his own record (We have this working already)
  • A wholesaler can view only the brokers with his ID in the WID field.
  • An administrator can view everyone.


When clicking on the link on the main site, wholesalers and administrators would be taken to a list view (via long/short mod) where they would choose the broker's record they want to view.

Is this possible, or do we need a different link on the main site.

Your thoughts?
Thanks
Buddy
Jul 13, 2005, 5:38 PM
JPDeni
Veteran / Moderator (8669 posts)
Jul 13, 2005, 5:38 PM
Post #2 of 5
Views: 3226
Shortcut
Quote Reply
Re: [Budb] Multiple login via link In reply to
You have a link for each broker?

You can set the link up as

http://url/to/db.cgi&userid=userid&pw=password&login=1

The trouble with that is that any of the brokers can click on the link for any other broker and access anyone else's account.

The thing with the wholesaler will require an added permission. I'm not sure how to do that.

You would not want a link for the admin. You'd want to make the admin log in. Otherwise everyone will, in effect, have full access to the database.

The first thing that someone sees when they enter the database is programmed into html.pl, sub html_home. First, though, you'd need to figure out that other permission.


JPD
----------------------------------------------------
JPDeni's DBMan-ual
How to ask questions the smart way.
Jul 14, 2005, 9:04 AM
Watts
Veteran (1141 posts)
Watts's avatar
Jul 14, 2005, 9:04 AM
Post #3 of 5
Views: 3220
Shortcut
Quote Reply
Re: [Budb] Multiple login via link In reply to
What do the broker ID's and WID's look like? Are they some how different? (for example all broker id's start with B and wholesalers start with W).

You mentioned a username on the "main site" how are you getting that username? How are you generating the main site (static html pages, php, cgi, etc?).

I have some ideas on how to produce the db link for brokers vs. wholesalers, but that depends...

How sensitive or critical is the data - if it's really confidential then that makes a difference too. Like JPDeni said, some people might be able to "guess" at usernames and hack their way in.
Jul 14, 2005, 10:43 AM
Watts
Veteran (1141 posts)
Watts's avatar
Jul 14, 2005, 10:43 AM
Post #4 of 5
Views: 3225
Shortcut
Quote Reply
Re: [Budb] Multiple login via link In reply to
Here's what I would do (assuming you are passing a username along from some kind of login page)

Use javascript to determine which link prints on the html page.

If I've already logged in to your main page, or have in some way identified myself as either a broker or wholesaler (such as with a username of B1234 or W1234) then the following would work.

Code:
<script language="javascript">
if (/B/i.test(form.USERNAME.value)) { //if username contains a "B"
$LINK = "http://www.yourdomain.com/cgi-bin/db.cgi?db=default&view_records=1&UserName=";
$LINK = $LINK + form.USERNAME.value; //view records where UserName=B1234
}
if (/W/i.test(form.USERNAME.value)) { //if username contains a "W"
$LINK = "http://www.yourdomain.com/cgi-bin/db.cgi?db=default&view_records=1WID=";
$LINK = $LINK + form.USERNAME.value; //view records where WID=W1234
}
</script>

Then in the body of your page have something like:

<P>Check your <script>document.write('<A HREF=' + $LINK + '>Page Analysis</A>')</script>

Last edited by:

Watts: Jul 14, 2005, 10:45 AM
Jul 14, 2005, 11:14 AM
Budb
Novice (20 posts)
Jul 14, 2005, 11:14 AM
Post #5 of 5
Views: 3225
Shortcut
Quote Reply
Re: [Watts] Multiple login via link In reply to
Wow Watts, This looks like the ticket. Actually the security is handled on the main site and the three access types to the DB are:

Administrators (anybody with AIG as their WID)
Wholesalers (These do have individual ID's)
Brokers (The have individual ID's as well)

The only significat difference in the Broker ID's and the Wholesaler IDs is that the Wholesaler's ID is always formatted as JM1000 for John Marshall. This is also the Wholesalers WID. All of the broker ID's for him are JM1001, JM1002, JM1003 and so forth. So. . . all wholesalers IDs end in 1000. The ID for administrators is always their last name. (PS. The ID's for everyone are hidden on the main site so someone would have to look to find it).

These usernames are assigned to them so they will never be changed.

It seems that your solution may accommodate this. Just a little further explanation, I'm using the short/long display, so when a wholesaler clicks into the DB, since there are several records with his ID in the WID field, a list of only those come up. Since brokers access the db with the ID field, which is unique, they can only see and modify their record. It's certainly possible that one could hack into the others, but that's pretty unlikely given the type of information we are delivering.

Sorry I didn't explain all this before, your solution just cleared up what I needed to answer.

Thanks
Buddy