I have tried to accomplish the following.
1) Allow the public to link directly and view all the database postings using
http://www.marscafe.com/cgi-bin/test/jobs/db.cgi?db=default&uid=default&%20&sb=0&view_records=1&so=descend&ID=*

2) Require those who want to post to register. They then receive the following permissions of:: View, Add, Delete, Modify (1,1,1,1,0) and can make multiple posts.

3) I have set up a guest with View only permissions (1,0,0,0,0)

--> For a registered user everything works fine.
--> For a directly linking user everything works fine and they view the database listings.
--> BUT the guest is denied permission to search the database (List All works fine) and I get the following message:

Error: Unauthorized Action
The database program received a command that you are not authorized for.
| Home | Search/View | List All | Log Off |

I am using version Version: 2.05 of DBMan. The relevant sections of my default.cfg file and the sub html_footer from html.pl follow.

If someone could take a look at my configuration settings and point me in the right direction I would greatly appreciate it.

Regards,
Chef Mars

%db_def = (
'ID' => [0, 'numer', 5, 8, 1, '', ''],
'date' => [1, 'date', 12, 15, 1, &get_date, ''],
'name' => [2, 'alpha', 40, 255, 1, '', ''],
'email' => [3, 'alpha', 40, 255, 1, '', '.+\@.+\..+'],
'CompanyName' => [ 4, 'alpha', 40, 255, 1, '', ''],
'title' => [5, 'alpha', 0, 255, 1, '', ''],
'JobLocationCountry' => [ 6, 'alpha', 0, 255, 1, '', ''],
'JobLocationState' => [ 7, 'alpha', 0, 255, 0, '', ''],
'companytype' => [8, 'alpha', 40, 255, 1, '', ''],
'Compensation' => [ 9, 'alpha', 40, 255, 0, '', ''],
'comments' => [10, 'alpha', '40x3', 2000, 1, '', ''],
'phone' => [ 11, 'alpha', 40, 30, 0, '', ''],
'fax' => [ 12, 'alpha', 40, 40, 0, '', ''],
'CompanyUrl' => [13, 'alpha', 40, 255, 0, 'http://', '^http://'],
'userid' => [ 14, 'alpha', -2, 15, 0, '', '']

);

# The column name for the database key. Can be any column, but it must be unique!
# You can't have two records with the same key value!
$db_key = 'ID';
# Track the key? Should DBMan keep a counter of the next key to use? This isn't
# neccessary if you can guarantee that your entry in the key field will be unique
# (i.e. a userid).
$db_key_track = 1;
# Database delimeter.
$db_delim = '|';
# Use file locking (1 = Yes, 0 = No). Should be used, but won't work on Win95.
$db_use_flock = 1;
# Auto generate the html forms (1 = Yes, 0 = No).
$db_auto_generate = 0;
# Display Benchmarking Information (1 = Yes, 0 = No).
$db_benchmark = 0;
# Display Debugging Information (1 = Yes, 0 = No).
$db_debug = 0;

###########################################################
# Authorization Options
###########################################################
# --------------------------------------------------------
# No Authentication? (1 = "there is no authentication", 0 = "there is authentication")
# If you choose no authentication, then set the permissions of what
# people can do with: @auth_default_permissions below.
$auth_no_authentication = 0; #original


# The amount of time in seconds that user files are kept in the
# auth directory before the program removes them. 2-6 hours is
# probably a good value.
$auth_time = 21600; # 6 hours (in seconds)


# Enable (1) or disable (0) logging.
$auth_logging = 1;

# Allow a default user? This means you can specify a user via the URL
# and skip the logon process. Use this to allow people to search without
# logging on, but require log in if they want to add/modify/remove etc.
# (1 = "yes", 0 = "no")
$auth_allow_default = 1;

# Default permissions used if there is no authentication, or for a default
# user. (View, Add, Delete, Modify, Admin), 1 = enable, 0 = disable.
@auth_default_permissions = (1,0,0,0,0);

# Allow people to sign up for their own userid/passwords? They will
# recieve default permissions.
$auth_signup = 1;

# Permissions a new signup should get.
@auth_signup_permissions = (1,1,1,1,0);

# Registered users: can modify/delete _only_ own records. For this to make
# sense you should set default off or to 1,0,0,0.
$auth_modify_own = 1;

# Registered users: can view _only_ own records. For this to make sense
# you should turn off default permissions.
$auth_view_own = 0;

# Auth user field. This is the field position in the database used for storing
# the userid who owns the record. Set to -1 if not used.
$auth_user_field = 14; # was the original

# This is the field position in the database used for storing
# the email address of the one who owns the record. Set to -1 if not
# used.
#$auth_email_field = 4; #original
$auth_email_field = -1;

-----------------------------------------------------------------

Permissions: |;
print " View " if ($per_view);
print " Add " if ($per_add);
print " Delete " if ($per_del);
print " Modify " if ($per_mod);
print " Admin " if ($per_admin);
print " None " if (!($per_view || $per_add || $per_del || per_mod));
print qq|</b></font>
<P>
<P>
|; &html_footer; print qq|

-----------------------------------------------------------------

print qq!<P align=center><$font>!;
print qq!| <A HREF="$db_script_link_url">Home</A> !;
print qq!| <A HREF="$db_script_link_url&add_form=1">Add</A> ! if ($per_add);
print qq!| <A HREF="$db_script_link_url&view_search=1">Search/View</A> ! if ($per_view);
print qq!| <A HREF="$db_script_link_url&delete_search=1">Delete</A> ! if ($per_del);
print qq!| <A HREF="$db_script_link_url&modify_search=1">Modify</A> ! if ($per_mod);
print qq!| <A HREF="$db_script_link_url& &sb=0&view_records=1&so=descend&ID=*">List All</A> ! if ($per_view);
print qq!| <A HREF="$db_script_link_url&admin_display=1">Admin</A> ! if ($per_admin);
print qq!| <A HREF="$db_script_link_url&logoff=1">Log Off</A> |!;
print qq!</font></p>!;

I logged on as "guest" and I was able to click all the different links that were available. I didn't see any place to click to do a search, but when I manually created the search link, I got a form. I ran into trouble when I clicked the link on the form that says "OR CLICK HERE TO DISPLAY ALL THE LISTINGS." It said there was an "invalid/expired user session." It looks like you have a guest session hard-coded in that link. My guest session was guest.112859945794301, but in the link was uid=guest.103058646966535.

Also, when I clicked the "Search" button on the form, nothing happened at all.

Personally, I think it would be better to dispense with the "guest" login altogether and just allow default users to view.


JPD
----------------------------------------------------
JPDeni's DBMan-ual
How to ask questions the smart way.

I often get "userid" and "uid" confused in my links. You may have meant to do:

&userid=guest&pw=guest (or something to that extent.)

<scratches head for a minute>
Or is it $user_id ??? I always have to look it up in the FAQ (if it weren't for LoisC I'd be lost...)
</scratches head for a minute>

You should always use $db_script_link_url. Backing up through the script, you can see what it's made of:

$db_script_link_url = "$db_script_url?db=$db_setup&uid=$db_uid";

And before that, you can see what some of the parts are:

$in{'db'} ? ($db_setup = $in{'db'}) : ($db_setup = 'default');
$in{'uid'} ? ($db_uid = $in{'uid'}): ($db_uid = '');



JPD
----------------------------------------------------
JPDeni's DBMan-ual
How to ask questions the smart way.

$in{'db'} ? ($db_setup = $in{'db'}) : ($db_setup = 'default');

I had to look up this up to see what was happening and then "translate" it into Perl I can understand (ie, the "long way"). Now I get it...

if ($in{'db'}) {
$db_setup = $in{'db'};
} else {
$db_setup = 'default';
}

The question mark "?" is the if/then part and the colon ":" separates the values to match for true/false part. Now I can condense a lot lines of stuff. Too cool.

Yep. Everything I know about Perl I learned from looking at the DBMan scripts. Well, I guess I did a little looking in books, but the vast majority is from DBMan. The lines I posted above are straight out of html.pl and db.cgi. It's quite an interesting exercise to go through the scripts, line by line, to see what they do. Having a well-written script like DBMan as an example is a much better way of learning a language, IMO, than the way languages are often taught in schools.

Regarding the shorter version of the "if/then" statement: It only works if you have simple a simple "if" and "thens." Multiple conditions or actions require the longer version of the command.


JPD
----------------------------------------------------
JPDeni's DBMan-ual
How to ask questions the smart way.

JPDeni,
Thank you for your promt rswponse and please forgive my late thank you.
I have implemented your suggestion and the guest option has been eliminated. The default users can view.

Is there any way to allow the default user to view_search ... that is, search the database? Right now I use the short/long mod so a default user sees 10 short listings per page. If there are 100 records some of the draw of the database could be lost as they plow throught the many pages.

Regards,
chef mars

Certainly. But your footer doesn't have a link to the search form. There's no way to get there. I manipulated the URL myself and got to the search form, but for some reason the "Search" button isn't doing anything.

The two things for you to look at are sub_html_footer and sub html_view_search, both of which are in the html.pl file.

Not to worry about late thank yous. :-) You're welcome.


JPD
----------------------------------------------------
JPDeni's DBMan-ual
How to ask questions the smart way.

JPDeni,
I have it fixed.

In sub html_view_search I had a bad link. Instead of
<INPUT TYPE="SUBMIT" NAME="view_records" VALUE="View Records"> <INPUT TYPE="RESET" VALUE="Reset Form">

I had somehow inserted this code many years ago probably.
<INPUT TYPE="SUBMIT" NAME="delete_form" VALUE="Search"> <INPUT TYPE="RESET" VALUE="Reset Form">

It was your response that made me review sub html_view_search so once again, "muchas gracias"

chef mars