[Phplogcon-dev] phplogcon without user managment

[Brian Shea]

Okay, it should work with _ENABLEUI setting now. Only will authenticate
users when _ENABLEUI is set to 1.

Michael, were you having trouble with the trailing slash removal? If so what
was the problem? we should fix it to work with IIS and Apache.

1.2.5_bgs is posted and can be downloaded. Changes include:

Removed redirect to remove ?page from url, was causing trouble posting data.

Added User Config settings back in. Tested on Apache.

_ENABLEUI for authentication control.

I think this covers most of the major issues. User login bypassing, insecure
cookies and such. If the trailing slash is causing too much trouble, lets
remove it for now. You guys can test on apache, and IIS to find major bugs.
I can help correct any that might occure.

Installer needs to setup some new config vars. I'll send another email with
the vars that need to be setup and how they should be setup.


On 12/9/05, Brian Shea <bgshea at gmail.com> wrote:
>
> Got ya.
>
> It was a bit confusing with the excessive use of the session varible in
> the code. It looked like you were trying to use sessions, but wanted some
> other method of storage. Okay, the _SERVER_AUTH can be replaced by _ENABLEUI
> so auth will just return true. No user will be authenticated by phpLogCon.
> Or Auth is never called, i perfer the other way one central auth method that
> does not required multiple pages to be updated.
>
> I'm going to update my auth flow chart i made last night a post it. This
> should now show with EnableUI and with EnableUI auth flow.
>
> Filter settings will only be written to the DB when Filter Settings are
> updated from Filter Options page.
>
> Quick Filter settings will override the stored filter settings but not
> overwrite!
>
> Brian
>
> On 12/9/05, Michael Meckelein <mmeckelein at hq.adiscon.com> wrote:
> >
> > > One question?
> > >
> > > If Apache or IIS is used to authenticate users, how do you know which
> > user
> > > got authenticated?
> > >
> > > Or does phplogcon not care? Single user web app.
> >
> > Phplogcon does not care! Yes, some admins want to use it as a single
> > user app.
> >
> > I have a quick discussion with Rainer and he has a good idea, I think.
> > What's about to use a "hidden user" if phplogcon is installed without
> > user management. This means that in spite of user said "NO I want not
> > use phpLogCon's user management", phplogcon creates a user account. Also
> > during the install process phplogcon puts a _AutoLogin_User = Userid var
> > into config.php where the userid is the user account created for this
> > purpose. If a user name is set to _AutoLogin_User, phplogcon
> > automatically logins to this user account without any interaction from
> > the user.
> >
> > [snip]
> > > But I suspect that in future
> > > version of phpLogCon most of the filter and config setting will be
> > stored
> > > into UserPrefs table.
> >
> > Actually this is possible in the current release. In the user-config.php
> > page, the user can set "Save filter settings in database and load them
> > while logging in". But this does not mean that which each page request
> > phplogcon reads the filter options / user options from the database.
> >
> > Let me elaborate a little in which way it works and what was our
> > intension.
> >
> > If you login to phplogcon, it reads the user settings from UserPrefs
> > table and store it into session's variables. Each phplogcon's page you
> > visit, it reads the settings from the session variable pool.
> >
> > About the following three pages in phplogcon and their relation with
> > database/sessions:
> >
> > - User_Options
> > Here a user can set things he prefer like language, stylesheet settings
> > and so on. By "Update Config" the settings are stored into database and
> > into the current session vars.
> >
> > - Filter_Options
> > Here you can alter your default filter settings which are used to
> > display data e.g. in Show_events page.
> > [quote from manual]
> > If User Interface is enabled and the option "Save filter settings in
> > database and load them while logging in" is checked, all filter settings
> > will be saved in database. Otherwise, they only will stay like this in
> > current session!
> >
> > If User Interface is disabled, the settings will only stay like this in
> > the current session. Next time opening phpLogCon, they will be default.
> > [/quote from manual]
> >
> > This means if user management is enabled, clicking "Update Config"
> > stored the filter settings in database and into session vars. You can
> > say that the user can define his default filter settings on the Filter
> > Options page. These filter settings are read during user login.
> >
> > - Show_Events
> > [quote from manual]
> > Here you can see the events; listed in respect to the current filter
> > settings. Also you can use the quick filter, that allows you to override
> > (not overwrite!) temporally your current filter settings. This provides
> > a quick view on different filtered events, without going to the filter
> > options. You can also choose how much event's should be displayed per
> > page, color and search for an expression and search for a Host or IP.
> > [/quote from manual]
> >
> > "override (not overwrite!) temporally your current filter settings" this
> >
> > is the most important point. Clicking "Submit" does not change any
> > values in the database neither it change the filter settings defined on
> > the Filter_Options page.
> >
> > Hold in mind, the form elements you see on Show_Events page are so
> > called "Quick Filters":
> > [quote from manual]
> > They will override the general filters while staying in Events Display.
> > They provide you quick changes for temporally viewing different and
> > little bit fine filtered events, without changing your general filter
> > settings.
> > [/quote from manual]
> >
> > Hope it is clear how it works. If you have any questions or any concern
> > with this approach, don't hesitate to write ;)
> >
> > Best regards,
> > Michael
> > _______________________________________________
> > Phplogcon-dev mailing list
> > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev
> >
>
>