Thanks for the elucidation, Melvyn! Short and precise, as always. Only miss your "wq!" signature a little ;-)
IFRAMES: No! Perl: maybe. hmm. pondering... PROFILES! Hey! Couldn't really find much docs on that. Do they work under 5.0prod? Where can I read more? Sounds like a good way to store user preferences... And thanks! Matthias > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of > Melvyn Sopacua > Sent: Sunday, October 14, 2001 5:18 PM > To: [EMAIL PROTECTED] > Subject: Re: [sambar] 5.0prod - RCEgroupname variable? > > > At 14:54 14-10-01, you wrote: > > >Hi, all. > > > >Is there such a thing as a "RCEgroupname" environment variable? > > http://localhost/sysadmin/reports/envt.stm > Nope. > > >I have multiple user groups and need to check if the logged-in user > >belongs to the "right" group. Probably this is not feasible > since a user > >*could* be in more than one group? > > Right. If the variable would exist it would be an array, which > is as far as I know, still not available in Sambar Script. > > >1. I have "secret" information in a directory "/sdb". > > Thank you. > > >2. I only want to allow access for users in a group called > >"feilbach-sdb". > > It's good practice to keep group names short, and only containing > word characters, ie: the alfabet, numbers and the underscore. > > >3. Simply using .htaccess to restrict everything in the > directory I dont > >want, because: > > > >a) I find it too rude to pop up a login screen when clicking > a link. I > >want to show him *part* of the page and some note stating > "if you were > >registered, you could see more...". > > Sounds like an IFRAME is a good solution, unless the design doesn't > permit it. > > >b) Hee hee... AND I want all the spiders in the world to SEE my pages > >since they contain potentially useful information! So I cannot simply > >restrict access to the directory... With my construct, > spiders could see > >all the product data sheets, users would go to my customer's > site and be > >politely reminded to register for more. > > Perl is the easiest solution here whether in an IFRAME or via > RCC, since > access to the file system is not supported directly by Sambar Script. > Simply keep a file of allowed usernames, seperated by a newline and > compare it to RCEusername. Use the <RCC command in your page, > to question > de perl script transparently or use the IFRAME with a src > pointng to your > perl script. > > Alternatively, you could use profile variables (see docs), > but I don't know > about the security then, since profile vars are modifyable by > the users, if > they know what to do. > > ____________________________________________________ > > </MELVYN> > > void wakeup() > { > for(long int cuppajava;drink();cuppajava++); > } > > -------------------------------------------------------------- > ------------------ > For unsubscription of this list send an email to > [EMAIL PROTECTED] with email > data containing unsubscribe emailadd sambar > > -------------------------------------------------------------------------------- For unsubscription of this list send an email to [EMAIL PROTECTED] with email data containing unsubscribe emailadd sambar
