Safe modules in XMLNuke
Creating Users and Associating Roles
How to create a user and associate a role. Internal details on how a user is stored and how to customize the user repository.
Table of contents
1. How does validation for secure modules work?
2. Creating Users and Associating Roles
3. How to configure a module?
4. Creating your own Login module
5. How to create your own validation mechanism
On this page
How to create a user
Inside the user
Using your own structure of the database
How to create a user
The simplest way to create a user is through the administrative tool of XMLNuke. Using the tool, you can select which roles you want to associate to a specific user. There are no roles associated to a user when a user is created, and therefore the user will be able to access practically any modules.
The roles that can be associated are defined in the file "roles.anydata.xml". This file seeks to facilitate the process of association to avoid typing errors.
Inside the user
By default, users are stored in the file "user.anydata.xml", as shown in the example below:
File users.anydata.xml
<row>
<field name="name">John Doe</field>
<field name="username">me</field>
<field name="email">me@email.com</field>
<field name="password">45FCB22C7BD17402852C58D54F922D85A1F57AD0</field>
<field name="admin" />
<field name="created">2006-07-09 18:21:40</field>
<field name="roles">EDITOR</field>
<field name="roles">DESIGNER</field>
<field name="sites">sample</field>
</row>
But instead of saving to the text file (AnyDataSet), it is possible to save it to a relational database. This must be specified in the configuration of XMLNuke: "xmlnuke.USERSDATABASE" which is the DATABASE that will store the user data. The table structure must be as follows:
SQL for defining a user - MySQL
-- ------------------------------
create table xmlnuke_users
(
userid integer identity not null,
name varchar(50),
email varchar(120),
username varchar(15) not null,
password char(40) not null,
created datetime,
admin char(3),
constraint pk_users primary key (userid)
)
TYPE = InnoDB;
-- ------------------------------
create table xmlnuke_custom
(
customid integer identity not null,
name varchar(20),
value varchar(100),
userid integer not null,
constraint pk_custom primary key (customid),
constraint fk_custom_user foreign key (userid) references xmlnuke_users (userid),
)
TYPE = InnoDB;
-- ------------------------------
create table xmlnuke_roles
(
roleid integer identity not null,
site varchar(50),
role varchar(100),
constraint pk_roles primary key (roleid)
)
TYPE = InnoDB;
-- New user
-- username: admin
-- password: pwd)
insert into xmlnuke_users (name, email, username, password, created, admin)
values
('Administrator', 'your@email.com', 'admin', '37FA265330AD83EAA879EFB1E2DB6380896CF639', now(), 'yes' );
Using your own structure of the database
XMLNuke also permits users to use their own database structure to store usernames and passwords. It's important that this structure has at least:
- Have the same fields that XMLNuke users (which do not need to have the same names)
- A structure for the CUSTOM and ROLES tables
.
After this, the UsersDBDataSet must be inherited and the configTableNames() method must be overwritten::
CSharp
virtual protected void configTableNames()
{
this._UserTable = new UserTable();
this._UserTable.Table = "xmlnuke_users";
this._UserTable.Id = "userid";
this._UserTable.Name = "name";
this._UserTable.Email= "email";
this._UserTable.Username = "username";
this._UserTable.Password = "password";
this._UserTable.Created = "created";
this._UserTable.Admin = "admin";
this._CustomTable = new CustomTable();
this._CustomTable.Table = "xmlnuke_custom";
this._CustomTable.Id = "customid";
this._CustomTable.Name = "name";
this._CustomTable.Value = "value";
// Table "CUSTOM" must have userid Foreign Key.
this._RolesTable = new RolesTable();
this._RolesTable.Table = "xmlnuke_roles";
this._RolesTable.Site = "site";
this._RolesTable.Role = "role";
}
PHP
protected function configTableNames()
{
$this->_UserTable = new UserTable();
$this->_UserTable->Table = "xmlnuke_users";
$this->_UserTable->Id = "userid";
$this->_UserTable->Name = "name";
$this->_UserTable->Email= "email";
$this->_UserTable->Username = "username";
$this->_UserTable->Password = "password";
$this->_UserTable->Created = "created";
$this->_UserTable->Admin = "admin";
$this->_CustomTable = new CustomTable();
$this->_CustomTable->Table = "xmlnuke_custom";
$this->_CustomTable->Id = "customid";
$this->_CustomTable->Name = "name";
$this->_CustomTable->Value = "value";
// Table "CUSTOM" must have userid Foreign Key.
$this->_RolesTable = new RolesTable();
$this->_RolesTable->Table = "xmlnuke_roles";
$this->_RolesTable->Site = "site";
$this->_RolesTable->Role = "role";
}
You must also set the property "xmlnuke.USERSCLASS" in your configuration file to inform the full namespace to access the class. Note: This instance must implement the IUsersBase interface and must have a constructor that receives two parameters: engine.Context and connection string.
CSharp
public YourClass(com.xmlnuke.engine.Context context, string conn)
{
//...
}
PHP
public function __construct($context, $conn)
{
// ...
}
|