authorization for dummies

I'm working on a mini-micro CMS that amounts to
a semi-automatic page-generation system that allows
authorized users to manipulate an administrative menu.

Once installed, the system is remarkably easy to use,
even for non-html jokies.

Installation is always a bit of adventure.
On linux, mysql is usually but not always available.
If mysql is available, a config file can be edited with a form.
The user might need help from a sys-admin to get the
db-user-name and password.

If mysql is not available (if I could figure out a way to dynamically
test for that) I could fall back on a form that sets up .htaccess and
..htpasswd, so an admin user can gain access to the admin forms.

But htpasswd etc, is only available (isn't this correct?) if the right
stuff has been pre-set in /etc/httpd.conf

If that isn't available, then my installation for dummies goal
has hit a brick wall. What third-tier authorization tricks could
my system try to fall back on, if and only if mysql and .htaccess
has already failed (for the unsophisticated installer).

Re: authorization for dummies

On 30 Aug, 16:08, salmobytes wrote:
> I'm working on a mini-micro CMS that amounts to
> a semi-automatic page-generation system that allows
> authorized users to manipulate an administrative menu.
>
> Once installed, the system is remarkably easy to use,
> even for non-html jokies.
>
> Installation is always a bit of adventure.
> On linux, mysql is usually but not always available.
> If mysql is available, a config file can be edited with a form.
> The user might need help from a sys-admin to get the
> db-user-name and password.
>
> If mysql is not available (if I could figure out a way to dynamically
> test for that) I could fall back on a form that sets up .htaccess and
> .htpasswd, so an admin user can gain access to the admin forms.
>
> But htpasswd etc, is only available (isn't this correct?) if the right
> stuff has been pre-set in /etc/httpd.conf
>
> If that isn't available, then my installation for dummies goal
> has hit a brick wall. What third-tier authorization tricks could
> my system try to fall back on, if and only if mysql and .htaccess
> has already failed (for the unsophisticated installer).

htaccess is only implemeted on Apache servers, not on IIS for instance.

Re: authorization for dummies

On Aug 30, 9:19 am, Captain Paralytic wrote:
> htaccess is only implemeted on Apache servers, not on IIS for instance.

I'm content to let IIs users twist in the wind. Microsoft has been
doing that to everybody else for years....so a every possible bit
of their own medicine is great in my book.

......can php even be installed on IIs?

Re: authorization for dummies

salmobytes wrote in
news:1188486532.054627.173040@q5g2000prf.googlegroups.com:


> If that isn't available, then my installation for dummies goal
> has hit a brick wall. What third-tier authorization tricks could
> my system try to fall back on, if and only if mysql and .htaccess
> has already failed (for the unsophisticated installer).

you could put a text file with usernames/passwords in a directory above the
www directory, and use PHP to check for that when the person logs in.

if they log in successfully, set a $_SESSION so that you never have to
check it again unless they log out.... and all your subsquent pages should
search to see that your particular $_SESSION is there/valid....

Re: authorization for dummies

salmobytes wrote in
news:1188488040.066931.26910@q4g2000prc.googlegroups.com:

> On Aug 30, 9:19 am, Captain Paralytic wrote:
>> htaccess is only implemeted on Apache servers, not on IIS for instance.
>
> I'm content to let IIs users twist in the wind. Microsoft has been
> doing that to everybody else for years....so a every possible bit
> of their own medicine is great in my book.
>
> .....can php even be installed on IIs?

yes.

are you really sure you want to let users 'twist in the wind'? you really
don't want your app accessible to everyone possible?

Re: authorization for dummies

On Aug 30, 9:37 am, Good Man wrote:
> are you really sure you want to let users 'twist in the wind'? you really
> don't want your app accessible to everyone possible?

OK, I want to let IIs users twist in the wind, but it's probably not a
good idea.
But I have no idea how to debug IIs without using it, and I don't have
it.
I boot windows to use photoshop and my scanner. That's about it.

....if php is installed on IIs and mysql does not fail, great.
If it does fail, then we know .htaccess will fail too, and I could
try to fall back on the previous directory trick. Then I might have
something that would work on IIs without having to install it.