Page 1 of 2
How to setup Admin/User Account and it respective features in livecode
Posted: Tue Jan 19, 2021 7:32 am
by lemodizon
Hello Everyone,
I was trying to create a login stack where if the user is under the category of "admin" it enabled all the full access my application such as add, delete, edit and etc. however if it is under the category "user" it has limited access. I have code here, but it displayed all the data of my users. I just want to display the that the user who logged in is "admin" or "user" and can you teach me on how can I create a function or command for the full access/features for "admin" and "User". Hope you can help me. Thanks in advance.
Code: Select all
on mouseUp
local lDatabaseFile
global gDatabaseID
put specialFolderPath("Documents") & "\DCMA.db" into lDatabaseFile
if there is no file lDatabaseFile then
Beep
Answer Error "No Database Found!" titled " Dental Clinic Management Application"
else
put revOpenDatabase("Sqlite", lDatabaseFile) into gDatabaseID
put the text of fld "UserNameFld" into tUser
put the text of fld "PasswordFld" into tPassword
put "SELECT Password FROM TBLUSERS WHERE UserName='" & tUser & "'" into tSQLStatement
put "SELECT UserName,Category FROM TBLUSERS" into tPrivilege
put revDataFromQuery(tab,return, gDatabaseID, tSQLStatement) into tRecords
put revDataFromQuery(tab,return, gDatabaseID, tPrivilege) into tUSerRights
if fld "UserNameFld" is empty or fld "PasswordFld" is empty then
answer error "Please fill up the login"
else
if tRecords = tPassword then
answer "your account type is" &tUSerRights
go to stack "DashBoard"
RevCloseDatabase (gDatabaseID)
else
answer error "Bad password"
end if
end if
end if
end mouseUp
Re: How to setup Admin/User Account and it respective features in livecode
Posted: Tue Jan 19, 2021 10:43 am
by richmond62
- HClevels.gif (2.93 KiB) Viewed 11413 times
-
Implementing this sort of thing would be quite useful BOTH in
LiveCode itself, and in standalones.
Or . . . even if a base stack were to be deployed with a Stack runner.
Re: How to setup Admin/User Account and it respective features in livecode
Posted: Tue Jan 19, 2021 1:04 pm
by richmond62
Re: How to setup Admin/User Account and it respective features in livecode
Posted: Tue Jan 19, 2021 2:54 pm
by Klaus
Hi lemodizon,
the script looks OK, here some minor modifications:
Code: Select all
on mouseUp
local lDatabaseFile
global gDatabaseID
## Get used to the SLAH as a pathedlimiter!
## LC always uses this internally, ALSO for Windows pathnames!
put specialFolderPath("Documents") & "/DCMA.db" into lDatabaseFile
## Avoid many IF THEN clauses by sorting things like this out:
if there is no file lDatabaseFile then
Beep
Answer Error "No Database Found!" titled " Dental Clinic Management Application"
exit to top
end if
put the text of fld "UserNameFld" into tUser
put the text of fld "PasswordFld" into tPassword
## We have to check BEFORE we try to access the database!
## See above:
if tUser = empty or tPassword = empty then
answer error "Please fill up the login!"
exit to top
end if
## Do db stuff now:
put revOpenDatabase("Sqlite", lDatabaseFile) into gDatabaseID
put "SELECT Password FROM TBLUSERS WHERE UserName='" & tUser & "'" into tSQLStatement
put "SELECT UserName,Category FROM TBLUSERS" into tPrivilege
## This should return only ONE record!
## If it does not, maybe you have 2 entries for ADMIN?
put revDataFromQuery(tab,return, gDatabaseID, tSQLStatement) into tRecords
put revDataFromQuery(tab,return, gDatabaseID, tPrivilege) into tUSerRights
if tRecords = tPassword then
answer "your account type is" && tUSerRights
go to stack "DashBoard"
RevCloseDatabase (gDatabaseID)
else
answer error "Bad password"
end if
end mouseUp
See my comments before the DB stuff, that should work actually.
Best
Klaus
Re: How to setup Admin/User Account and it respective features in livecode
Posted: Tue Jan 19, 2021 4:08 pm
by FourthWorld
I hate to be the bearer of bad news, but modern password management for systems exposed to the internet is a non-trivial task.
For starters, the password must be stored in hashed form only, ideally double hashed with a good salt and a strong algo (SHA2 or SHA3).
This means that password recovery should be impossible, requiring password reset instead.
Our community could use a solid library for this.
Right now I'm exploring using Nextcloud's user management features for this, giving me all the above plus OAuth, federation, arbitrary user storage, group management, and more, all maintained by a vast global pool of developers.
If the experiments pan out as I hope I'll share the library.
Re: How to setup Admin/User Account and it respective features in livecode
Posted: Thu Jan 21, 2021 2:04 pm
by lemodizon
Hi richmond62,
Thanks for the site. This will help me.
Re: How to setup Admin/User Account and it respective features in livecode
Posted: Thu Jan 21, 2021 2:16 pm
by lemodizon
Klaus wrote: ↑Tue Jan 19, 2021 2:54 pm
Hi lemodizon,
the script looks OK, here some minor modifications:
Code: Select all
on mouseUp
local lDatabaseFile
global gDatabaseID
## Get used to the SLAH as a pathedlimiter!
## LC always uses this internally, ALSO for Windows pathnames!
put specialFolderPath("Documents") & "/DCMA.db" into lDatabaseFile
## Avoid many IF THEN clauses by sorting things like this out:
if there is no file lDatabaseFile then
Beep
Answer Error "No Database Found!" titled " Dental Clinic Management Application"
exit to top
end if
put the text of fld "UserNameFld" into tUser
put the text of fld "PasswordFld" into tPassword
## We have to check BEFORE we try to access the database!
## See above:
if tUser = empty or tPassword = empty then
answer error "Please fill up the login!"
exit to top
end if
## Do db stuff now:
put revOpenDatabase("Sqlite", lDatabaseFile) into gDatabaseID
put "SELECT Password FROM TBLUSERS WHERE UserName='" & tUser & "'" into tSQLStatement
put "SELECT UserName,Category FROM TBLUSERS" into tPrivilege
## This should return only ONE record!
## If it does not, maybe you have 2 entries for ADMIN?
put revDataFromQuery(tab,return, gDatabaseID, tSQLStatement) into tRecords
put revDataFromQuery(tab,return, gDatabaseID, tPrivilege) into tUSerRights
if tRecords = tPassword then
answer "your account type is" && tUSerRights
go to stack "DashBoard"
RevCloseDatabase (gDatabaseID)
else
answer error "Bad password"
end if
end mouseUp
See my comments before the DB stuff, that should work actually.
Best
Klaus
Hi Klaus,
Thank you for the modification.
## Avoid many IF THEN clauses by sorting things like this out:
I think this is my weakness... in this forum i discovered techniques thank you.
How can I display one record only?
Code: Select all
## This should return only ONE record!
## If it does not, maybe you have 2 entries for ADMIN?
put revDataFromQuery(tab,return, gDatabaseID, tSQLStatement) into tRecords
put revDataFromQuery(tab,return, gDatabaseID, tPrivilege) into tUSerRights
if tRecords = tPassword then
answer "your account type is" && tUSerRights
go to stack "DashBoard"
RevCloseDatabase (gDatabaseID)
else
answer error "Bad password"
end if
Re: How to setup Admin/User Account and it respective features in livecode
Posted: Thu Jan 21, 2021 2:26 pm
by Klaus
Hi Lemodizon,
How can I display one record only?
Code: Select all
put revDataFromQuery(tab,return, gDatabaseID, tPrivilege) into tUSerRights
returns the data from the SQL query as ONE record per line, so you can:
Code: Select all
put line 1 of tUserRights into tOnlyOneUserRights
Best
Klaus
Re: How to setup Admin/User Account and it respective features in livecode
Posted: Fri Jan 22, 2021 11:44 am
by stam
FourthWorld wrote: ↑Tue Jan 19, 2021 4:08 pm
If the experiments pan out as I hope I'll share the library.
That would be truly excellent, thank you Richard...
Re: How to setup Admin/User Account and it respective features in livecode
Posted: Fri Jan 22, 2021 9:52 pm
by FourthWorld
stam wrote: ↑Fri Jan 22, 2021 11:44 am
FourthWorld wrote: ↑Tue Jan 19, 2021 4:08 pm
If the experiments pan out as I hope I'll share the library.
That would be truly excellent, thank you Richard...
Have you used Nextcloud?
Re: How to setup Admin/User Account and it respective features in livecode
Posted: Sun Jan 24, 2021 3:14 am
by stam
FourthWorld wrote: ↑Fri Jan 22, 2021 9:52 pm
Have you used Nextcloud?
Hi Richard - no I haven't but it's not something i've considered using - running a server for the intended purpose is simply not going to be possible because of draconian information governance in the workplace, and while i can use hosted services for this, their enterprise version starts at €3,600/year, which is not a cost i can cover.
I think i misread your post and was thinking you may be referring to a library to cryptographically store passwords:
FourthWorld wrote: ↑Tue Jan 19, 2021 4:08 pm
For starters, the password must be stored in hashed form only, ideally double hashed with a good salt and a strong algo (SHA2 or SHA3).
This means that password recovery should be impossible, requiring password reset instead.
Our community could use a solid library for this.
but looking back at your post you were probably referring to library to use NextCloud...
Re: How to setup Admin/User Account and it respective features in livecode
Posted: Sun Jan 24, 2021 3:26 am
by FourthWorld
richmond62 wrote: ↑Tue Jan 19, 2021 10:43 am
HClevels.gif
-
Implementing this sort of thing would be quite useful BOTH in
LiveCode itself, and in standalones.
Or . . . even if a base stack were to be deployed with a Stack runner.
Where did HyperCard provide authentication?
Re: How to setup Admin/User Account and it respective features in livecode
Posted: Wed Jan 27, 2021 6:29 pm
by mtalluto
As an alternative, LiveCloud has user management built in. The front-end, LiveCode Manager, provides a GUI to manage your users. APIs allow you to programmatically manage users.
Re: How to setup Admin/User Account and it respective features in livecode
Posted: Wed Jan 27, 2021 9:11 pm
by FourthWorld
I replied to this a couple days ago, but logging in today I see my reply isn't here. I'll try again and hope this one sticks:
stam wrote: ↑Sun Jan 24, 2021 3:14 am
FourthWorld wrote: ↑Fri Jan 22, 2021 9:52 pm
Have you used Nextcloud?
Hi Richard - no I haven't but it's not something i've considered using - running a server for the intended purpose is simply not going to be possible because of draconian information governance in the workplace, and while i can use hosted services for this, their enterprise version starts at €3,600/year, which is not a cost i can cover.p[/code]
Nextcloud is open source and freely available. I have five Nextcloud instances running right now, and have never paid any fee.
Perhaps you were looking at their enterprise service offerings? I would agree, the scope of those services seem outside your project's needs.
[quote[I think i misread your post and was thinking you may be referring to a library to cryptographically store passwords:
FourthWorld wrote: ↑Tue Jan 19, 2021 4:08 pm
For starters, the password must be stored in hashed form only, ideally double hashed with a good salt and a strong algo (SHA2 or SHA3).
This means that password recovery should be impossible, requiring password reset instead.
Our community could use a solid library for this.
but looking back at your post you were probably referring to library to use NextCloud...
No, I was referring to things that can be done fully within LC. The messageDigest function provides access to modern hashes like SHA3, and the rest of mostly DB access, also provided right in LC.
But I think I had misunderstood your original post to be a client-server arrangement. On re-reading it seems this is only for single-user local installs, yes?
If it is client-server, Mark's suggestion of looking into LiveCloud is a good one.
If it's local only, depending on the sensitivity of the data you may have other security considerations beyond password access, such as the user's ability to copy the SQLite DB for use in any other tool that works with SQLite.
Re: How to setup Admin/User Account and it respective features in livecode
Posted: Thu Jan 28, 2021 2:52 am
by stam
Thanks Richard, I think you’re probably confusing me with the OP, or I’m confused. All I said was that it would be cool if you did share a crypto library - there was no question implied.
Mark - I am using LiveCloud and there is a lot to commend it. But there are limitations with the authentication system. Our users won’t use a an email as a username for one (work emails are far too long and doctors far too lazy). For another there are no assignable privilege sets/roles.
Not a big deal - my plan is is to create a small number of access level accounts/group accounts and assign them to users. I would maintain my own username/password and relevant account details in a different table, hard code the user account credentials in the app and if the local username/password passes the test it would log on via the appropriate group. A nice crypto library would be good for password storage - hence I expressed interest when Richard mentioned he may be sharing a library.