- Impact
- 4
This login script allows you to add and remove users easily by editing the XML file accounts.xml. Out of the box, the script supports 4 user account types. These are as follows:
You may easily add new user accounts by creating a new file in the levels folder. Each access level has a separate class and file, and should always implement the TalkPHP_Level_Interface interface.
Configuration
By default there are 4 user accounts of all 4 user permissions. The index.php file is set-up to login to the first account: User1 with the password as password. Logging in is easily done via the login function:
All these accounts may be edited, and new ones added via the accounts.xml file in the TalkPHP_Login directory.
Adding Accounts
If you open up accounts.xml in a plain text editor such as Notepad or Vi, you will see how easy it is to add and remove user accounts. A basic user segment is formatted like so:
The username and password nodes should be fairly self-explanatory, whilst the level is also self-explanatory, there is a set way to do them. The 4 levels you may enter here are as follows:
The username and password are case-sensitive, whereas the user levels are not. It's best to stick to the case-sensitivity as described above, however, merely for standard reasons.
If you enter an incorrect user level name then that account will not be added, and casually ignored without throwing any errors. If an account is not being added then ensure you have specified a correct user level. As the user levels are all dynamic, these levels are named after the class name as outlined below.
Adding User Levels
In order to add a new user level you will need to have a little experience in PHP. Let's add a Gremlin account who will have both Moderator and User permissions, but no more.
Create a new file in TalkPHP_Login/levels called levels_gremlin.php. If you copy and paste the details from one of the other files in there then we can easily edit just a few items and have done with it.
The items you need to modify are as follows:
The class name itself also needs to be changed to: TalkPHP_Level_Gremlin.
Those are the only changes we need to make so save the file! As you can see we have used a constant called TALKPHP_LOGIN_GREMLIN which we have not yet defined. To add the constant open the file TalkPHP_Login/access.class.php and at the top where the defines are, add a new line like so:
You don't necessarily need to know what these bitwise operators do exactly, but to have a little inkling, they basically set the permissions. The basic rule to adding them is keep the 1 as is, and just increment the second digit by 1 from the define above it. Therefore for every new account after the one above will be:
Once you have done all that we are ready to go! Our new user level has been added, and none of the other accounts have been affected. All we have to do test it is modify our accounts.xml file to set a user to the Gremlin level, like so:
The Gremlin level's name is taken directly from the class itself that we created in TalkPHP_Login/levels:
Security
As far as I can see, there are no security holes in the system. However, one potential security hole is the accounts.xml file being in a readable format. Out of the box the file is protected from outside access via a .htaccess file in the TalkPHP_Login directory.
If the aforementioned .htaccess file is removed, or your web-server is not Apache and therefore doesn't support .htaccess files, then the accounts.xml file is open for anybody to download. The best way to check is try and access the file yourself.
If the file is accessible then you will need to contact your host for a way in which you can protect the file. They'll be a way.
External Libraries
There is only one requisite really, although technically there are 2, if you have PHP 5 then you will also have SimpleXML. Ensure SimpleXML is enabled, and that you're running PHP 5. PHP recently announced it is discontinuing its support for PHP 4 and so all hosts should now support PHP 5, either as the primary PHP interpreter, or at least available through a .htaccess modification. Contact your host for further assistance.
Download Script
The script may be downloaded over at TalkPHP.com in the following thread.
- Registered User
- Moderator
- Administrator
- Super Administrator
You may easily add new user accounts by creating a new file in the levels folder. Each access level has a separate class and file, and should always implement the TalkPHP_Level_Interface interface.
Configuration
By default there are 4 user accounts of all 4 user permissions. The index.php file is set-up to login to the first account: User1 with the password as password. Logging in is easily done via the login function:
PHP:
$pLogin->login('User1', 'password');All these accounts may be edited, and new ones added via the accounts.xml file in the TalkPHP_Login directory.
Adding Accounts
If you open up accounts.xml in a plain text editor such as Notepad or Vi, you will see how easy it is to add and remove user accounts. A basic user segment is formatted like so:
Code:
<account>
<username>User1</username>
<password>password</password>
<level>User</level>
</account>The username and password nodes should be fairly self-explanatory, whilst the level is also self-explanatory, there is a set way to do them. The 4 levels you may enter here are as follows:
- User
- Moderator
- Administrator
- Super Administrator
The username and password are case-sensitive, whereas the user levels are not. It's best to stick to the case-sensitivity as described above, however, merely for standard reasons.
If you enter an incorrect user level name then that account will not be added, and casually ignored without throwing any errors. If an account is not being added then ensure you have specified a correct user level. As the user levels are all dynamic, these levels are named after the class name as outlined below.
Adding User Levels
In order to add a new user level you will need to have a little experience in PHP. Let's add a Gremlin account who will have both Moderator and User permissions, but no more.
Create a new file in TalkPHP_Login/levels called levels_gremlin.php. If you copy and paste the details from one of the other files in there then we can easily edit just a few items and have done with it.
The items you need to modify are as follows:
PHP:
/* Used as the account level name: */
$this->m_szLevelName = 'Cheeky Gremlin';
/* Permissions which this user has: */
return TALKPHP_LOGIN_GREMLIN | TALKPHP_LOGIN_USER | TALKPHP_LOGIN_MODERATOR;The class name itself also needs to be changed to: TalkPHP_Level_Gremlin.
Those are the only changes we need to make so save the file! As you can see we have used a constant called TALKPHP_LOGIN_GREMLIN which we have not yet defined. To add the constant open the file TalkPHP_Login/access.class.php and at the top where the defines are, add a new line like so:
PHP:
define('TALKPHP_LOGIN_GREMLIN', 1 << 5);You don't necessarily need to know what these bitwise operators do exactly, but to have a little inkling, they basically set the permissions. The basic rule to adding them is keep the 1 as is, and just increment the second digit by 1 from the define above it. Therefore for every new account after the one above will be:
PHP:
define('TALKPHP_LOGIN_GREMLIN_2', 1 << 6);
define('TALKPHP_LOGIN_GREMLIN_3', 1 << 7);
define('TALKPHP_LOGIN_GREMLIN_4', 1 << 8);Once you have done all that we are ready to go! Our new user level has been added, and none of the other accounts have been affected. All we have to do test it is modify our accounts.xml file to set a user to the Gremlin level, like so:
Code:
<account>
<username>User1</username>
<password>password</password>
<level>Gremlin</level>
</account>The Gremlin level's name is taken directly from the class itself that we created in TalkPHP_Login/levels:
PHP:
class TalkPHP_Level_Gremlin implements TalkPHP_Level_Interface
{
}Security
As far as I can see, there are no security holes in the system. However, one potential security hole is the accounts.xml file being in a readable format. Out of the box the file is protected from outside access via a .htaccess file in the TalkPHP_Login directory.
If the aforementioned .htaccess file is removed, or your web-server is not Apache and therefore doesn't support .htaccess files, then the accounts.xml file is open for anybody to download. The best way to check is try and access the file yourself.
If the file is accessible then you will need to contact your host for a way in which you can protect the file. They'll be a way.
External Libraries
There is only one requisite really, although technically there are 2, if you have PHP 5 then you will also have SimpleXML. Ensure SimpleXML is enabled, and that you're running PHP 5. PHP recently announced it is discontinuing its support for PHP 4 and so all hosts should now support PHP 5, either as the primary PHP interpreter, or at least available through a .htaccess modification. Contact your host for further assistance.
Download Script
The script may be downloaded over at TalkPHP.com in the following thread.
Just a heads up. :tu:
