Administration Interface Design

Breezer95

I just started using PHP.. well... yesterday. I took the painful task of going the route of Apache2 with PHP and MySQL on WinXP and hand installing everything to learn it... In any case I have a basic self-maintaining website for news updates right now with the database accessable by myself via phpMyAdmin.

However I wanted to know how complex or feasible the following ideas would be - and perhaps get an idea of what you guys might think the best route to take is on this. I'm not new to programming so I've just been diving right in and trying everything PHP and MySQL will let me do.

The site I am creating will not have any users logging into it (for now), but I will have the administrators log in from any location in order to update news, reviews, or other topics we include. Would it be simple enough to write an interface with PHP to have them log-in by a direct URL that I give them and authenticate themselves with the database - THEN - upon doing so have the code check their privelages to determine what they can do?

I will be hosting this site myself eventually and have everything locked down/secure except perhaps the correct authentication method. Using PHP and abiding by the manual and the config file, I am using http authentication - which to me doesn't seem secure enough as I know that is attacked often. Albeit the login URL will only be known by the administrators of the site - it still doesn't seem secure enough to me - looking for any suggestions there...

Anyway.. back to the site itself. I use the term "Interface" loosely in the subject. I want each administrator of the site to go to this given URL, log in, and after doing so a page appears with their tools....if say.. they have privelages to update the News or Reviews sections - they would simply have to click on one or the other and a page would come up with forms requesting their input for either section. I might write this somewhat slack and not do actual privelage checks - but rather when their user is checked have a specific database file sent to the screen with "their" tools. Meaning each admin could theoretically modify any other section if I simply changed their tool screen and not bothering with their access to each area specifically.

I am in the process of writing an algorithm to handle the length of sections (again.. News for example) in order to pass old news into an archived database for storage and maintainace of the main page. This way any administrator can just log in - update the news - and if for example... there were 5 news listings - the oldest one will be removed from the news database and passed. I think I can handle that easy enough... but again - any suggestions are more than welcome since I am still learning how to manipulate the database well within PHP.

So.. does this sound like a possibility? Being that I am new with PHP & MySQL? lol 🙂 I have only been using the manuals - so saying RTFM won't do me any good - if its in there I'm simply not finding it and could use some assistance. Hopefully somebody can give me some insight.

Thanks!

~Breezer

Bunkermaster

http://www.phpnuke.com <--- that's what you need.
It already exists with secured (well as secured as possible... maybe) features and user priviledges.

Have fun

dannys

Actually I'd recommend PostNuke - it's an OOP version of PHP-Nuke which began after most of the developers fell out with the founder (or something) - seems to have more 3rd party extensions than PHP-Nuke. (http://www.postnuke.com)

MBK

Sorry to dive in Breezer!

What is PostNuke and PHPNuke, what do they do?
I have looked at info on the site, but it isn't very clear.

bastien

there is no reason you can't do this...table based authentication may be easier to maintain the .htacces files if there are many users with different scopes of access.

Just create a table for security and another for access levels...when the user logs in, confirm the password, look up the access level and build the menu for the user's option on the fly...you wold need one additional maintenance page to add users and change access levels as roles are changed, secured to be used by a trusted member only.

But as mentioned below there are content management systems out there, or do what I did and build you own....

Bunkermaster

Originally posted by MBK
What is PostNuke and PHPNuke, what do they do?

basically they separate content from code and give easy access to content publishers (non technical staff members) to site updating features.

Breezer95

Thanks guys - a local friend asked me why I hadn't tried out PHPNuke yet...told him the only time I saw that was a couple years ago. In any case I will be doing some more reading this weekend - too much actual work to finish up till then so all plans on hold.. but thanks for all the input 🙂

when the user logs in, confirm the password, look up the access level and build the menu for the user's option on the fly...

as for this - this is pretty much what I had in mind... I also have the stubborn idea of always writing everything myself (just so I become more fluent in writing it) so thats why I have tried going this route without even looking to see if there were tools or code for grabs out there to do similar work.

I will give an update on how it goes this weekend 🙂

MytchE

You could also try www.siteworkspro.com or www.sourceforge.org for a nice PHP CMS 🆒

Breezer95

I can not get PHPNuke to work for the life of me... I've spent all last night and today troubleshooting it to no avail. The problem I am occuring seems to be rather typical - I can not get my super user created from the intitial admin screen (Also known as Admin Loop error). The screen simply repeats after hitting submit as if nothing happened. I've tried just about everything possible short of reinstalling my OS.. so I believe I may have given up on theirs 🙂