Hey, doing some thing about the new blog code -- I have a nice Master-Administrator system set up for that one already, but that only affect me! Working now on the regular blog-administrator stuff and was going to integrate it right into the actual page. This mean, session management! erg. Never done that before, but here's how I'm looking at it... Pardon the psuedo-code, it'll be converted into python later -- feel free to take it, use it, burn it, hex it, exorcise it then turn it into something you also can use.
Incoming Page request:
----------------------------------
Check if IP is banned:
Y: Display IP banned message, with system feedback form.
+-- Feedback is processed by another script altogether, control is passed off.
Check if this blog account has been suspended:
Y: Display account suspension notice, with system feedback form.
+-- Feedback is processed by another script altogether, control is passed off.
Check to see if a session-id came in with the URL:
Y: Verify security on the session-id, if failed, log and display error
Note the username the corresponds, and determine appropriate access level.
Jump to Page Rendering Stage
Check to see if a logon request came in:
Y: Verify Password, if failed, log and display failure message
Generate SessionID, Note username, and determine appropriate access level
Jump to Page Rendering Stage
Generate a SessionID for user 'Guest'
Note username as 'Guest'
Set access level down to Guest access
Jump to Page Rendering Stage
That would do session management without Cookies (evil).
The session ID would contain their username, the ip they used when logging on, a timestamp, and a checksum. It would then be binary encrypted, and turned into a string of HEX for transmission inside the URL. It would expire once the id is more than 24 hours old, and would only work if they were accessing the page from the same ip, and their password doesn't change in the meantime.
By the way, you folks should see the code I have for logging events. It's amazing! Anyway, that's beside the point... you will only ever see the new log viewer page, which is utterly astounding in it's simple elegance. No more purging logs when they get too long either...
Also, with this SID thing going to be in place, administators will be able to grant limited content authority to others - they could allow others to do comment moderation and post to the front page, as well as change the links and images section.
Also, very importantly: pervasive editing will be allowed. IE: you can change an article, but as an author or administrator, can go look back at all previous modifications done to an article. This would be great for a reviews site, or a site collaborating on a project - where they would be interested in the previous revisions of certain articles, documents, etc.
Was thinking about doing threading in comments, but instead I'll just add hooks for now. I haven't seen a 50 comment post yet, so threading is not yet required to keep track of who's saying what and to whom. If I ever implemented the actual threading, this thing would become a full fledged web-BBS system. *grins* Too much work for now.
Be safe.
- Log in to post comments