Last modified: 2/26/2003 21:53-0600

This file highlights some of the changes in the 3.x branch. The version on this site is 2.3.3. To get a newer version, go to the SourceForge Project Page

phpSecurityAdm is a PHP application that was designed to be implemented in custom Content Management Systems (CMS). The ease of use allows the CMS programmer to concentrate on creating a quality application without having to waste a lot of time on the security access side of the system.

This application can be used for restricting access to web pages based on user names and passwords. The system will allow the client to:

• Manage user accounts and access rights
• Add, edit, or delete users
• Change access and connection rights
• Control basic system parameters such as user name and password lengths and where connections are allowed to be made from
• Create and manage "user profiles" in order to allow an efficient method of creating multiple users with similar access rights

INSTALLATION

1. Download the Metabase (http://koivi.users.phpclasses.org/metabase) database abstraction layer.
2. Uncompress the PSA and Metabase packages into the directories on your server where you would like to access them from.
3. Edit the config.php file found in the include directory according to the comments found there.*
4. Run the install_db.php script to initiate your database tables. (Like all database schema installs, it is recommended that you run this script from a command prompt rather than a browser.)

* It is best not to store the database connection details in the config.php file. To achieve a higher level of security, set up the SQL_* variables to be passed by the web server. [SetEnvIf Host domain\.com SQL_x=value inside the virtual host directives of apache for example.]

REQUIREMENTS

This system was initially developed using the apache 1.3.20 web server, mysql 3.23.40 database server, and PHP-4.1.1 compiled as a DSO module all running on a linux server. Version 3.0 development was done mostly on Apache 1.3.26, mysql 3.23.51, and PHP 4.2.2 on various Windows 98/ME/2000/XP machines as well as linux. For best results, you should have at least the above setup. You will need to have gettext support, session support, and trans-sid enabled as well.

I have limited resources when it comes to testing other platforms, web servers, database servers, etc. If you would like to contribute the development and/or testing of this project, post a message at http://sourceforge.net/forum/?group_id=67410

PROFILES

Think of profiles as being similar to groups. You can easily give groups of users the same (or similar) access rights by creating profiles. All you need to do is create a profile by giving it a name to identify it and selecting which pages to allow access to.

You can then apply these profiles to users either during creation or by editing their access rights. During editing, applying a profile is as simple as choosing the name from the drop-down list and submitting the form.

As of version 2.4.0, users can now belong to more than one profile. This would allow you (the administrator) to create profiles that can be used to give users rights to different sections without having to define a separate profile for each possible combination.

For instance, if I have a protected section called "Book Reviews" and one called "Movie Reviews", I would create 2 profiles: "books" and "Movies." Then if I want a user to access "Books," I'd assign them that profile. If the user should access only "Movies," then I'd use that profile. If I want this particular user to access both, I could simply assign both profiles. In previous versions, you would have needed to create a "Books and Movies" profile to accommodate.

CLASS API (Starting with version 3.0)

Most functions now return boolean TRUE or FALSE as a value and set the new ERROR string in the class. The class constructor now takes arrays as arguments rather than a long list of single variables. Detailed information on specific function APIs can be found in the comments for each function is phpSecurityAdm.class.php. This should be the standardized API for the class. There may be some exceptions to the new API (like the getProfiles function) which return specific values.

GETTING HELP

As of 2/26/2002, there is a bulletin board for phpSecurityAdm located at http://sourceforge.net/forum/?group_id=67410. You can use this site to ask user/developers questions about your install, suggest features, or just find out what is in store for furutre releases of phpSecurityAdm.

HELPING OUT

If you'd like to see this project grow and would like to offer your help, contact koivi@users.sourceforge.net. Developers and testers of all skills are welcome to participate. People willing to write documentation for the project are also welcomed.

CHANGELOG

Version 3.0

• Global variables as well as variables in forms have now been changed to include the 'PSA_' prefix to minimize conflicts with other scripts.
• Added an outlet for user-defined error functions.
• Name change (dropped the "in" at the end) to reflect major changes. (SourceForge.net also only allows 14 chars for a project name.)
• Class API changes - consult class.phpSecurityAdm for detailed function API changes (There are no plans for major chages in the API beyond this point).
• Complete class rewrite to use MetaBase for database abstraction.
• Interface tweaks to get rid of some of the bad habits.
• Removed language support in preparation of GetText to clean up code.

Version 2.4 (not released)

• Added multiple profile support.
• Changed hard-coded session name to use "session_name()" instead in hasRights() function
• Fixed bug in getPages function that produced errors.
• Added Portugal Portuguese language support
• Added Swedish language support
• Added Romanian language support

TODO List

• Ability for User to request a new password for one that is lost/forgotten.
• Add functionality to set read, write, or no access to pages.

Copyright (C) 2001-2003

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. (Found in the LICENSE file.)

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA