From mitch.pirtle at gmail.com Fri Jul 1 19:32:52 2005 From: mitch.pirtle at gmail.com (Mitch Pirtle) Date: Fri, 1 Jul 2005 19:32:52 -0400 Subject: [mambo] mosCommerce In-Reply-To: References: <42BA24FF.7080803@nuthinwerked.com> Message-ID: <330532b60507011632400eb203@mail.gmail.com> D'oh! Gmail isn't showing me any new messages in the NYPHP-Mambo label!!! *spacemonkey writes foul-mouthed email to gmail Not yet, but a new project has me evaluating both this weekend. I'll post on Sunday or Tuesday what the results are, as both have made major strides lately. -- Mitch Pirtle Mambo Core Developer On 6/29/05, Alberto dos Santos wrote: > > Hey Mitch! > > Have you had the chance to try mosCommerce? > > rgds > > > > -- > > Alberto dos Santos > > email: acas at sapo.pt > skype: fatflash > > Este email e seus anexos est?o protegidos de v?rus e programas maliciosos. > Se notar algo de anormal por favor informe-me. Obrigado. > This email and it's attachments are protected from virus and malicious > software. If you notice something unusual please report. Thanks. > Este email y sus anexos est?n protegidos contra virus y software mal?volo. > Si usted nota algo inusual por favor divulgar. Gracias. > Ces email et c'est des attachements sont prot?g?s contre le virus et le > logiciel malveillant. Si vous notez quelque chose de peu commun svp pour > rapporter. Merci. > Questi email ? su collegamenti sono protetti dal virus e dal software > cattivo. Se notate qualche cosa di insolito prego segnalare. Grazie. > > > > > > ________________________________ > From: mambo-bounces at lists.nyphp.org [mailto:mambo-bounces at lists.nyphp.org] > On Behalf Of Graham Spice > Sent: Thursday, June 23, 2005 3:57 AM > To: mambo at lists.nyphp.org > Subject: [mambo] re: shop suey ;) > > > Hey Mitch- > I'm wondering if you can qualify this. What don't you like about > mambo-phpShop? I'm considering using that for an upcoming project and am > looking for feedback. Also, did you have a chance to mess around with > mosCommerce? > > Cheers- > Graham Spice > > > ________________________________ > Originally posted by Mitch Pirtle: > > My problem is: which shop app goes better with Mambo? phpShop or > > mosCommerce? > > My immediate answer is neither - but I haven't taken a look at > mosCommerce lately, and will be playing with it this afternoon to see > how well it has come along. > > _______________________________________________ > New to Mambo? Get a great start here: > http://forum.mamboserver.com/showthread.php?t=42100 > > New York PHP SIG: Mambo Mailing List > AMP Technology > Supporting Apache, MySQL, PHP & Mambo! > http://lists.nyphp.org/mailman/listinfo/mambo > http://www.nyphp.org > > From mitch.pirtle at gmail.com Sat Jul 2 18:07:47 2005 From: mitch.pirtle at gmail.com (Mitch Pirtle) Date: Sat, 2 Jul 2005 18:07:47 -0400 Subject: [mambo] mosCommerce In-Reply-To: <330532b60507011632400eb203@mail.gmail.com> References: <42BA24FF.7080803@nuthinwerked.com> <330532b60507011632400eb203@mail.gmail.com> Message-ID: <330532b60507021507295f042@mail.gmail.com> Ok, Tried the beta of mosCommerce, and have to say it is nowhere near ready for production use. It also requires $php_global = On, which is a total nono in my book... The installer is not integrated with Mambo at all, and there are errors when I try to use the admin component. For now, the ruler of the roost is Mambo-phpShop, by default (there are no other competitors at the moment). -- Mitch Pirtle Mambo Core Developer From mitch.pirtle at gmail.com Sat Jul 2 19:42:41 2005 From: mitch.pirtle at gmail.com (Mitch Pirtle) Date: Sat, 2 Jul 2005 19:42:41 -0400 Subject: [mambo] Re: Mambo (was: Consulting work) In-Reply-To: <20050702183529.Y25132@zoraida.natserv.net> References: <33DFD788D44E404CB92B90176DEC061A6DAEB3@NYCPDMSXMB06.ad.tiaa-cref.org> <42C5CE3F.3060609@php.net> <20050701233336.GA22860@uranus.faber.nom> <42C5DA6F.8000504@travelersdiary.com> <20050702044529.GB24446@uranus.faber.nom> <42C6F9D4.9020800@php.net> <42C70AAE.2060408@cyberxdesigns.com> <8d9a42800507021447262b931e@mail.gmail.com> <330532b60507021526d8bb972@mail.gmail.com> <20050702183529.Y25132@zoraida.natserv.net> Message-ID: <330532b60507021642730963a6@mail.gmail.com> Committing a heinous crime and cross-posting to the NYPHP Mambo list. *gasp!* On 7/2/05, Francisco Reyes wrote: > > * Non MySQL support. > Based on what I see on the forums and an email I sent asking it seems > Mambo will support other databases in the not too distant future. > > Do you have any guestimates when this may be? The upcoming 4.5.3 release utilizes ADOdb for database abstraction, and we support any database that ADOdb supports. We've made a lot of changes and fixes along the way, hoping to make ADOdb better as well. You can check it out of cvs from the mambo project site at MamboForge, the module is 4.5.x. Right now it runs on whatever database you want, I am finishing up the installer to work the same way. > * How big a learning curve do you see learning Mambo? We talking days or > weeks.. for an experience PHP developer. Last week a fellow walked up to me at TGIFridays and asked a couple questions. Come to find out he doesn't program at all, he basically takes mambo and installs a bunch of goodies and he is done. So if a non-programmer can use Mambo, a geek should be able to get productive too ;-) http://help.mamboserver.com/ has a couple component and module tutorials as well as the API. That in itself should get you going, but I am a learner by doing and suggest you jump in and start breaking things to learn the fastest. > * For what type of applications do you think it's best suited and least > suited? Great for corporate sites, business sites, commerce sites, and online publications. It is not especially suited for community sites at the moment, but that weakness is being taken care of rapidly. Right now Mambo is not really suited for blogging, but we are about to release a GPL blogging component that is really crazy. After that point, then there is really very little that Mambo cannot do, and do well. > I have seem some of the mambo sites users have done and it seemed a pretty > wide spectrum. >From Mitsubishi to Michael Jackson, Mambo is in use everywhere. I've seen sites with the stock template barely modified, and others (like Porsche) where the whole HTML front end has been ripped out and replaced with flash. Like my story above, if someone pays you $x to deliver a site, you can start at 0% done, or 80-90% done. Choose wisely! ;-) -- Mitch Pirtle Mambo Core Developer From mitch.pirtle at gmail.com Sat Jul 2 19:51:00 2005 From: mitch.pirtle at gmail.com (Mitch Pirtle) Date: Sat, 2 Jul 2005 19:51:00 -0400 Subject: [mambo] Re: [nycphp-talk] Mambo (was: Consulting work) In-Reply-To: <20050702230238.GD2979@leitz.reuel.net> References: <20050701020601.J76031@neptune.atopia.net> <20050701233336.GA22860@uranus.faber.nom> <42C5DA6F.8000504@travelersdiary.com> <20050702044529.GB24446@uranus.faber.nom> <42C6F9D4.9020800@php.net> <42C70AAE.2060408@cyberxdesigns.com> <8d9a42800507021447262b931e@mail.gmail.com> <330532b60507021526d8bb972@mail.gmail.com> <20050702183529.Y25132@zoraida.natserv.net> <20050702230238.GD2979@leitz.reuel.net> Message-ID: <330532b6050702165147fbe907@mail.gmail.com> On 7/2/05, leam at reuel.net wrote: > > My view of Mambo is that it's best for an informational site where the non-tech user > updates things. You can add/edit pages on-line and publish them at will. Pretty neat sutff. > On the other hand, I'm paranoid enough to want lots of backups and editing on-line gives > me the willies. We got 6 projects approved for Google's Summer of Code, and 3 others have volunteered to do the work anyway (without the pay). One of those projects is version control, which directly addresses this issue. The others are equally fascinating, and we have a really great group of students to work with this summer. We are setting up a wiki for the projects and will announce when everyone is ready. Also, note that as soon as 4.5.3 ships we can start ripping out the ACL for 4.6, where you will have full users/groups options for fine grained access control. -- Mitch Pirtle Mambo Core Developer -------------- next part -------------- An HTML attachment was scrubbed... URL: From cozimek at picnet.net Sun Jul 3 10:10:13 2005 From: cozimek at picnet.net (Ryan Ozimek) Date: Sun, 3 Jul 2005 10:10:13 -0400 (EDT) Subject: [mambo] Re: Mambo (was: Consulting work) In-Reply-To: <330532b60507021642730963a6@mail.gmail.com> References: <33DFD788D44E404CB92B90176DEC061A6DAEB3@NYCPDMSXMB06.ad.tiaa-cref.org><42C5CE3F.3060609@php.net> <20050701233336.GA22860@uranus.faber.nom><42C5DA6F.8000504@travelersdiary.com><20050702044529.GB24446@uranus.faber.nom> <42C6F9D4.9020800@php.net><42C70AAE.2060408@cyberxdesigns.com><8d9a42800507021447262b931e@mail.gmail.com><330532b60507021526d8bb972@mail.gmail.com><20050702183529.Y25132@zoraida.natserv.net> <330532b60507021642730963a6@mail.gmail.com> Message-ID: <2890.138.88.0.30.1120399813.squirrel@www.picnet.net> Hey Mitch, In your email below, you posted the following: > Right now Mambo is not really suited for blogging, but we are about to > release a GPL blogging component that is really crazy. After that > point, then there is really very little that Mambo cannot do, and do > well. Where can one check out this component for blogging? Sounds like something the community is really going to enjoy! Best, Ryan Ozimek cozimek at picnet.net > Committing a heinous crime and cross-posting to the NYPHP Mambo list. > > *gasp!* > > On 7/2/05, Francisco Reyes wrote: >> >> * Non MySQL support. >> Based on what I see on the forums and an email I sent asking it seems >> Mambo will support other databases in the not too distant future. >> >> Do you have any guestimates when this may be? > > The upcoming 4.5.3 release utilizes ADOdb for database abstraction, > and we support any database that ADOdb supports. We've made a lot of > changes and fixes along the way, hoping to make ADOdb better as well. > > You can check it out of cvs from the mambo project site at MamboForge, > the module is 4.5.x. Right now it runs on whatever database you want, > I am finishing up the installer to work the same way. > >> * How big a learning curve do you see learning Mambo? We talking days or >> weeks.. for an experience PHP developer. > > Last week a fellow walked up to me at TGIFridays and asked a couple > questions. Come to find out he doesn't program at all, he basically > takes mambo and installs a bunch of goodies and he is done. So if a > non-programmer can use Mambo, a geek should be able to get productive > too ;-) > > http://help.mamboserver.com/ has a couple component and module > tutorials as well as the API. That in itself should get you going, but > I am a learner by doing and suggest you jump in and start breaking > things to learn the fastest. > >> * For what type of applications do you think it's best suited and least >> suited? > > Great for corporate sites, business sites, commerce sites, and online > publications. It is not especially suited for community sites at the > moment, but that weakness is being taken care of rapidly. > > Right now Mambo is not really suited for blogging, but we are about to > release a GPL blogging component that is really crazy. After that > point, then there is really very little that Mambo cannot do, and do > well. > >> I have seem some of the mambo sites users have done and it seemed a >> pretty >> wide spectrum. > >>From Mitsubishi to Michael Jackson, Mambo is in use everywhere. I've > seen sites with the stock template barely modified, and others (like > Porsche) where the whole HTML front end has been ripped out and > replaced with flash. > > Like my story above, if someone pays you $x to deliver a site, you can > start at 0% done, or 80-90% done. Choose wisely! ;-) > > -- > Mitch Pirtle > Mambo Core Developer > _______________________________________________ > New to Mambo? Get a great start here: > http://forum.mamboserver.com/showthread.php?tB100 > > New York PHP SIG: Mambo Mailing List > AMP Technology > Supporting Apache, MySQL, PHP & Mambo! > http://lists.nyphp.org/mailman/listinfo/mambo > http://www.nyphp.org > > ------------------------------------ Ryan W. Ozimek PICnet, Inc. - http://www.picnet.net 1341 G St., NW, Suite 1100 Washington, DC 20005 P: 202.585.0239 F: 202.393.0712 "Empowering the missions of non-profits through technology" From mitch.pirtle at gmail.com Sun Jul 3 14:51:02 2005 From: mitch.pirtle at gmail.com (Mitch Pirtle) Date: Sun, 3 Jul 2005 14:51:02 -0400 Subject: [mambo] Re: Mambo (was: Consulting work) In-Reply-To: <2890.138.88.0.30.1120399813.squirrel@www.picnet.net> References: <33DFD788D44E404CB92B90176DEC061A6DAEB3@NYCPDMSXMB06.ad.tiaa-cref.org> <42C5DA6F.8000504@travelersdiary.com> <20050702044529.GB24446@uranus.faber.nom> <42C6F9D4.9020800@php.net> <42C70AAE.2060408@cyberxdesigns.com> <8d9a42800507021447262b931e@mail.gmail.com> <330532b60507021526d8bb972@mail.gmail.com> <20050702183529.Y25132@zoraida.natserv.net> <330532b60507021642730963a6@mail.gmail.com> <2890.138.88.0.30.1120399813.squirrel@www.picnet.net> Message-ID: <330532b605070311517b36e6bf@mail.gmail.com> On 7/3/05, Ryan Ozimek wrote: > Hey Mitch, > > In your email below, you posted the following: > > > Right now Mambo is not really suited for blogging, but we are about to > > release a GPL blogging component that is really crazy. After that > > point, then there is really very little that Mambo cannot do, and do > > well. > > Where can one check out this component for blogging? Sounds like > something the community is really going to enjoy! We will be releasing it as soon as it is at a packaged state. Right now we are done with comments and integrating trackbacks; and perhaps the neatest thing is that each blog can have a different blog type, and each blog type can have a different display template. So a blog about events could have extra information about dates and locations in the headers, and a blog about music could include extra fields about bands and genres, for example. What this really means is that you can now have meta-content within Mambo, where each part of the site can have content with different fields of information associated with them. We will announce the release, promise ;-) -- Mitch From acas at sapo.pt Mon Jul 4 05:44:38 2005 From: acas at sapo.pt (Alberto) Date: Mon, 04 Jul 2005 10:44:38 +0100 Subject: [mambo] Xaneon xtensions Message-ID: <1120470278.3440.4.camel@localhost.localdomain> Hello List... I have just installed the new mambo eCommerce 4.5.2.3 from phpshop, along with Xaneon extensions in order to create multiple sites. But after having created a new site on the xaneon admin, what must I do? must I do another complete mambo phpshop installation on the new location? Anybody has a clue to how this works? Thanks. PS[OT] Mitch: I have tried Skype with Fedora and it worked fine, both conversation and chat. We must have another go at it, right? Al. Alberto dos Santos email: acas at sapo.pt skype: fatflash -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From borchers at tridem.de Wed Jul 6 03:04:22 2005 From: borchers at tridem.de (Michael Borchers) Date: Wed, 6 Jul 2005 09:04:22 +0200 Subject: [mambo] users2groups -> zOOm Message-ID: <26FAB31EFF50034782DFE474AB44FE3E35468A@NT-SF-Exchange> I use the zOOm Media Gallery and need to make galleries only accessable to certain members. since i don't want to add every user I would like to create groups including these users and that add the group to the gallery. can mambo do it? From hans at cyberxdesigns.com Wed Jul 6 09:35:19 2005 From: hans at cyberxdesigns.com (Hans C. Kaspersetz) Date: Wed, 06 Jul 2005 09:35:19 -0400 Subject: [mambo] Access Control Question Message-ID: <42CBDE17.3030706@cyberxdesigns.com> Over the last week I have been developing a site using components developed by third parties. One of the biggest problems I have found is the inconsistent or non-existent support of access controls in components. Below you will find two functions I pulled from com_comprofiler. I have been adding these functions to other components like com_mtree and com_akoForms to control access to them. I am interested to know if the Mambo core has functions that do what allowAccess and userGID do? I would like to use Mambo core code and not access control code placed in each component. I looked through the API documentation on the Mambo site and nothing jumped out at me. Also, is there a standard way component developers should implement access control in their components? Has the Mambo team documented the recommended implementation? I regularly find it mind numbing that component developers charge for incomplete or buggy components. For example, Mosets Tree offers no access controls to their content. I emailed the developer and he said that I should not post the link to the content, to control access. Arrgg....... My one bit of gratitude is that I have to source and can add access controls if I like and can submit the patches. Thanks, Hans So here is the source: /************************************************************* * Mambo Community Builder * Author MamboJoe * @ Released under GNU/GPL License : http://www.gnu.org/copyleft/gpl.html *************************************************************/ function allowAccess( $accessgroupid,$recurse, $usersgroupid, &$acl) { // "agroup:".$accessgroupid." ugroupid:".$usersgroupid." recurse ".$recurse; if ($accessgroupid == -2 || ($accessgroupid == -1 && $usersgroupid > 0) || $usersgroupid == 17 || $usersgroupid == 23|| $usersgroupid == 24|| $usersgroupid == 25) { //grant public access or access to all registered users return 1; } else { //need to do more checking based on more restrictions if( $usersgroupid == $accessgroupid ) { //direct match return 1; } else { if ($recurse=='RECURSE') { //check if there are children groups $groupchildern=array(); $groupchildren=$acl->get_group_children( $accessgroupid, 'ARO', $recurse ); if ( is_array( $groupchildren ) && count( $groupchildren ) > 0) { if ( in_array($usersgroupid, $groupchildren) ) { //match return 1; } } } } //deny access return 0; } } function userGID($oID){ global $database; if($oID > 0) { $query = "SELECT gid FROM #__users WHERE id = '".$oID."'"; $database->setQuery($query); $gid = $database->loadResult(); return $gid; } else return 0; } From cozimek at picnet.net Wed Jul 6 12:38:58 2005 From: cozimek at picnet.net (Ryan Ozimek) Date: Wed, 6 Jul 2005 12:38:58 -0400 Subject: [mambo] Access Control Question In-Reply-To: <42CBDE17.3030706@cyberxdesigns.com> Message-ID: <004201c58249$351ddc20$5106a8c0@picnetryan> Hans, So, if I'm reading this right, these functions you have below can control front-end access to components, such as those you're developing or adding to, correct? I'm wondering if anyone has done this on the back-end as well. It would be great to have some funcs I can drop into our homemade components that will allow access to the components only if the administrator has the right level of access in the backend permissions. Did that make sense? -Ryan -----Original Message----- From: mambo-bounces at lists.nyphp.org [mailto:mambo-bounces at lists.nyphp.org] On Behalf Of Hans C. Kaspersetz Sent: Wednesday, July 06, 2005 9:35 AM To: NYPHP at nyphp.org; SIG at nyphp.org:Mambo Subject: [mambo] Access Control Question Over the last week I have been developing a site using components developed by third parties. One of the biggest problems I have found is the inconsistent or non-existent support of access controls in components. Below you will find two functions I pulled from com_comprofiler. I have been adding these functions to other components like com_mtree and com_akoForms to control access to them. I am interested to know if the Mambo core has functions that do what allowAccess and userGID do? I would like to use Mambo core code and not access control code placed in each component. I looked through the API documentation on the Mambo site and nothing jumped out at me. Also, is there a standard way component developers should implement access control in their components? Has the Mambo team documented the recommended implementation? I regularly find it mind numbing that component developers charge for incomplete or buggy components. For example, Mosets Tree offers no access controls to their content. I emailed the developer and he said that I should not post the link to the content, to control access. Arrgg....... My one bit of gratitude is that I have to source and can add access controls if I like and can submit the patches. Thanks, Hans So here is the source: /************************************************************* * Mambo Community Builder * Author MamboJoe * @ Released under GNU/GPL License : http://www.gnu.org/copyleft/gpl.html *************************************************************/ function allowAccess( $accessgroupid,$recurse, $usersgroupid, &$acl) { // "agroup:".$accessgroupid." ugroupid:".$usersgroupid." recurse ".$recurse; if ($accessgroupid == -2 || ($accessgroupid == -1 && $usersgroupid > 0) || $usersgroupid == 17 || $usersgroupid == 23|| $usersgroupid == 24|| $usersgroupid == 25) { //grant public access or access to all registered users return 1; } else { //need to do more checking based on more restrictions if( $usersgroupid == $accessgroupid ) { //direct match return 1; } else { if ($recurse=='RECURSE') { //check if there are children groups $groupchildern=array(); $groupchildren=$acl->get_group_children( $accessgroupid, 'ARO', $recurse ); if ( is_array( $groupchildren ) && count( $groupchildren ) > 0) { if ( in_array($usersgroupid, $groupchildren) ) { //match return 1; } } } } //deny access return 0; } } function userGID($oID){ global $database; if($oID > 0) { $query = "SELECT gid FROM #__users WHERE id = '".$oID."'"; $database->setQuery($query); $gid = $database->loadResult(); return $gid; } else return 0; } _______________________________________________ New to Mambo? Get a great start here: http://forum.mamboserver.com/showthread.php?t=42100 New York PHP SIG: Mambo Mailing List AMP Technology Supporting Apache, MySQL, PHP & Mambo! http://lists.nyphp.org/mailman/listinfo/mambo http://www.nyphp.org From hans at cyberxdesigns.com Wed Jul 6 13:51:19 2005 From: hans at cyberxdesigns.com (Hans C. Kaspersetz) Date: Wed, 06 Jul 2005 13:51:19 -0400 Subject: [mambo] Access Control Question In-Reply-To: <004201c58249$351ddc20$5106a8c0@picnetryan> References: <004201c58249$351ddc20$5106a8c0@picnetryan> Message-ID: <42CC1A17.7060707@cyberxdesigns.com> Ryan, You pass the allowAccess function the groupId of the user and the groupId of allowed users and it does a comparison to see if that user is allowed access. The allowAccess function also checks to see if you are in the Admin group, Super Admin or root groups. If you are in any of those groups the function returns true. The function also supports recursing through Child Groups which is nice. I imagine you can use these functions anywhere. It is a matter of passing it the correct allowed group ids. I have been calling the allowAccess function inside the Switch statements that control what action is to be taken by the component. If the user is not in an authorized group, I break out of the switch state and echo an error. You can store what groups are allowed to access your component with your component and just pass it to the function in the switch statement. I have also hardcoded the allowed groups to group 18 in a couple of places. Group 18 is the registered users group. If you want more info about group ids take a look at the mos_core_acl_aro_groups table. I hope this is helpful. My advice is to wait for Mitch to chime in on if these functions are in the core and where. Someone told me they might be available as part of the ACL libraries but I was unable to find them. Mitch, have any pearls of wisdom here? Hans Hans C. Kaspersetz Cyber X Designs Office: 201-558-7929 Mobile: 201-681-4156 http://www.cyberxdesigns.com Ryan Ozimek wrote: >Hans, > >So, if I'm reading this right, these functions you have below can control >front-end access to components, such as those you're developing or adding >to, correct? I'm wondering if anyone has done this on the back-end as well. >It would be great to have some funcs I can drop into our homemade components >that will allow access to the components only if the administrator has the >right level of access in the backend permissions. > >Did that make sense? > >-Ryan > >-----Original Message----- >From: mambo-bounces at lists.nyphp.org [mailto:mambo-bounces at lists.nyphp.org] >On Behalf Of Hans C. Kaspersetz >Sent: Wednesday, July 06, 2005 9:35 AM >To: NYPHP at nyphp.org; SIG at nyphp.org:Mambo >Subject: [mambo] Access Control Question > > >Over the last week I have been developing a site using components >developed by third parties. One of the biggest problems I have found is >the inconsistent or non-existent support of access controls in >components. Below you will find two functions I pulled from >com_comprofiler. I have been adding these functions to other components >like com_mtree and com_akoForms to control access to them. I am >interested to know if the Mambo core has functions that do what >allowAccess and userGID do? I would like to use Mambo core code and not >access control code placed in each component. I looked through the API >documentation on the Mambo site and nothing jumped out at me. > >Also, is there a standard way component developers should implement >access control in their components? Has the Mambo team documented the >recommended implementation? > >I regularly find it mind numbing that component developers charge for >incomplete or buggy components. For example, Mosets Tree offers no >access controls to their content. I emailed the developer and he said >that I should not post the link to the content, to control access. >Arrgg....... My one bit of gratitude is that I have to source and can >add access controls if I like and can submit the patches. > >Thanks, >Hans > >So here is the source: > >/************************************************************* >* Mambo Community Builder >* Author MamboJoe >* @ Released under GNU/GPL License : http://www.gnu.org/copyleft/gpl.html >*************************************************************/ > > >function allowAccess( $accessgroupid,$recurse, $usersgroupid, &$acl) > { > // "agroup:".$accessgroupid." ugroupid:".$usersgroupid." recurse >".$recurse; > if ($accessgroupid == -2 || ($accessgroupid == -1 && $usersgroupid > > 0) || $usersgroupid == 17 || $usersgroupid == 23|| $usersgroupid == >24|| $usersgroupid == 25) { > //grant public access or access to all registered users > return 1; > } > else { > //need to do more checking based on more restrictions > if( $usersgroupid == $accessgroupid ) { > //direct match > return 1; > } > else { > if ($recurse=='RECURSE') { > //check if there are children groups > $groupchildern=array(); > $groupchildren=$acl->get_group_children( $accessgroupid, >'ARO', $recurse ); > > if ( is_array( $groupchildren ) && count( $groupchildren >) > 0) { > if ( in_array($usersgroupid, $groupchildren) ) { > //match > return 1; > } > } > } > } > //deny access > return 0; > } >} > >function userGID($oID){ > global $database; > if($oID > 0) { > $query = "SELECT gid FROM #__users WHERE id = '".$oID."'"; > $database->setQuery($query); > $gid = $database->loadResult(); > return $gid; > } > else return 0; >} >_______________________________________________ >New to Mambo? Get a great start here: >http://forum.mamboserver.com/showthread.php?t=42100 > >New York PHP SIG: Mambo Mailing List >AMP Technology >Supporting Apache, MySQL, PHP & Mambo! >http://lists.nyphp.org/mailman/listinfo/mambo >http://www.nyphp.org > > > >_______________________________________________ >New to Mambo? Get a great start here: >http://forum.mamboserver.com/showthread.php?tB100 > >New York PHP SIG: Mambo Mailing List >AMP Technology >Supporting Apache, MySQL, PHP & Mambo! >http://lists.nyphp.org/mailman/listinfo/mambo >http://www.nyphp.org > > > > > From cozimek at picnet.net Wed Jul 6 14:03:26 2005 From: cozimek at picnet.net (Ryan Ozimek) Date: Wed, 6 Jul 2005 14:03:26 -0400 Subject: [mambo] Access Control Question In-Reply-To: <42CC1A17.7060707@cyberxdesigns.com> Message-ID: <004d01c58255$04e932f0$5106a8c0@picnetryan> Hans, Thanks for the detailed email. This is definitely something to munch on now, but I'm eager to hear what Mitch has to say. -Ryan -----Original Message----- From: mambo-bounces at lists.nyphp.org [mailto:mambo-bounces at lists.nyphp.org] On Behalf Of Hans C. Kaspersetz Sent: Wednesday, July 06, 2005 1:51 PM To: NYPHP at nyphp.org; SIG at nyphp.org:Mambo Subject: Re: [mambo] Access Control Question Ryan, You pass the allowAccess function the groupId of the user and the groupId of allowed users and it does a comparison to see if that user is allowed access. The allowAccess function also checks to see if you are in the Admin group, Super Admin or root groups. If you are in any of those groups the function returns true. The function also supports recursing through Child Groups which is nice. I imagine you can use these functions anywhere. It is a matter of passing it the correct allowed group ids. I have been calling the allowAccess function inside the Switch statements that control what action is to be taken by the component. If the user is not in an authorized group, I break out of the switch state and echo an error. You can store what groups are allowed to access your component with your component and just pass it to the function in the switch statement. I have also hardcoded the allowed groups to group 18 in a couple of places. Group 18 is the registered users group. If you want more info about group ids take a look at the mos_core_acl_aro_groups table. I hope this is helpful. My advice is to wait for Mitch to chime in on if these functions are in the core and where. Someone told me they might be available as part of the ACL libraries but I was unable to find them. Mitch, have any pearls of wisdom here? Hans Hans C. Kaspersetz Cyber X Designs Office: 201-558-7929 Mobile: 201-681-4156 http://www.cyberxdesigns.com Ryan Ozimek wrote: >Hans, > >So, if I'm reading this right, these functions you have below can >control front-end access to components, such as those you're developing >or adding to, correct? I'm wondering if anyone has done this on the >back-end as well. It would be great to have some funcs I can drop into >our homemade components that will allow access to the components only >if the administrator has the right level of access in the backend >permissions. > >Did that make sense? > >-Ryan > >-----Original Message----- >From: mambo-bounces at lists.nyphp.org >[mailto:mambo-bounces at lists.nyphp.org] >On Behalf Of Hans C. Kaspersetz >Sent: Wednesday, July 06, 2005 9:35 AM >To: NYPHP at nyphp.org; SIG at nyphp.org:Mambo >Subject: [mambo] Access Control Question > > >Over the last week I have been developing a site using components >developed by third parties. One of the biggest problems I have found is >the inconsistent or non-existent support of access controls in >components. Below you will find two functions I pulled from >com_comprofiler. I have been adding these functions to other components >like com_mtree and com_akoForms to control access to them. I am >interested to know if the Mambo core has functions that do what >allowAccess and userGID do? I would like to use Mambo core code and not >access control code placed in each component. I looked through the API >documentation on the Mambo site and nothing jumped out at me. > >Also, is there a standard way component developers should implement >access control in their components? Has the Mambo team documented the >recommended implementation? > >I regularly find it mind numbing that component developers charge for >incomplete or buggy components. For example, Mosets Tree offers no >access controls to their content. I emailed the developer and he said >that I should not post the link to the content, to control access. >Arrgg....... My one bit of gratitude is that I have to source and can >add access controls if I like and can submit the patches. > >Thanks, >Hans > >So here is the source: > >/************************************************************* >* Mambo Community Builder >* Author MamboJoe >* @ Released under GNU/GPL License : >http://www.gnu.org/copyleft/gpl.html >*************************************************************/ > > >function allowAccess( $accessgroupid,$recurse, $usersgroupid, &$acl) > { > // "agroup:".$accessgroupid." ugroupid:".$usersgroupid." recurse >".$recurse; > if ($accessgroupid == -2 || ($accessgroupid == -1 && $usersgroupid > > 0) || $usersgroupid == 17 || $usersgroupid == 23|| $usersgroupid == >24|| $usersgroupid == 25) { > //grant public access or access to all registered users > return 1; > } > else { > //need to do more checking based on more restrictions > if( $usersgroupid == $accessgroupid ) { > //direct match > return 1; > } > else { > if ($recurse=='RECURSE') { > //check if there are children groups > $groupchildern=array(); > $groupchildren=$acl->get_group_children( $accessgroupid, >'ARO', $recurse ); > > if ( is_array( $groupchildren ) && count( $groupchildren >) > 0) { > if ( in_array($usersgroupid, $groupchildren) ) { > //match > return 1; > } > } > } > } > //deny access > return 0; > } >} > >function userGID($oID){ > global $database; > if($oID > 0) { > $query = "SELECT gid FROM #__users WHERE id = '".$oID."'"; > $database->setQuery($query); > $gid = $database->loadResult(); > return $gid; > } > else return 0; >} >_______________________________________________ >New to Mambo? Get a great start here: >http://forum.mamboserver.com/showthread.php?t=42100 > >New York PHP SIG: Mambo Mailing List >AMP Technology >Supporting Apache, MySQL, PHP & Mambo! >http://lists.nyphp.org/mailman/listinfo/mambo >http://www.nyphp.org > > > >_______________________________________________ >New to Mambo? Get a great start here: >http://forum.mamboserver.com/showthread.php?tB100 > >New York PHP SIG: Mambo Mailing List >AMP Technology >Supporting Apache, MySQL, PHP & Mambo! >http://lists.nyphp.org/mailman/listinfo/mambo >http://www.nyphp.org > > > > > _______________________________________________ New to Mambo? Get a great start here: http://forum.mamboserver.com/showthread.php?t=42100 New York PHP SIG: Mambo Mailing List AMP Technology Supporting Apache, MySQL, PHP & Mambo! http://lists.nyphp.org/mailman/listinfo/mambo http://www.nyphp.org From mitch.pirtle at gmail.com Thu Jul 7 22:28:04 2005 From: mitch.pirtle at gmail.com (Mitch Pirtle) Date: Thu, 7 Jul 2005 22:28:04 -0400 Subject: [mambo] Access Control Question In-Reply-To: <004d01c58255$04e932f0$5106a8c0@picnetryan> References: <42CC1A17.7060707@cyberxdesigns.com> <004d01c58255$04e932f0$5106a8c0@picnetryan> Message-ID: <330532b605070719285b1887ce@mail.gmail.com> On 7/6/05, Ryan Ozimek wrote: > Hans, > > Thanks for the detailed email. This is definitely something to munch on > now, but I'm eager to hear what Mitch has to say. Also thanks to Hans, that is food for thought. I don't have a clean answer to this, as I don't think the existing system is something where we could add a couple methods to existing classes and then presto you have an easy authentication API for 3PD components and modules. I can say that I am forwarding Hans' initial post to the other core guys, hoping to spark a discussion on how we could try to provide something sooner rather than later. I agree that it is something that we all need, and the rest of the core agree, so we just need to get an approach that works from the core perspective, as opposed to just cut-n-paste for each component you want to deploy :eek: -- Mitch Pirtle Mambo Core Developer From hans at cyberxdesigns.com Sat Jul 9 01:38:23 2005 From: hans at cyberxdesigns.com (Hans Kaspersetz) Date: Sat, 09 Jul 2005 01:38:23 -0400 Subject: [mambo] Howto add session variables to Mambo 4.5.x Message-ID: <42CF62CF.3040202@cyberxdesigns.com> I recently faced with the need to add two session variables to Mambo. Searching the Internet I found a couple of resources but no straight forward directions on how to add them and access them. I thought that I would write up my experience and submit it for comment. Chris Hendry helped me figure this out. So thank you Chris for your help, thank you Mitch and thank you Mambo. We use Mambo all the time and love it. You are going to have to complete two tasks to add session variables. First task is to add a column to the session table in the data base. The second is add the variables to the session class to handle the data work. So, Mambo uses a custom session handler that stores the session data in the database. Each session variable has an associated column in the database so I started by adding a column to the database using the MySQL ALTER command. Mambo session data is stored in mos_session table. Take note, the name of the column will exactly match the name of the session variable. You will need to be able to use the MySQL command line interface or have access to phpMyAdmin or some other client that lets you run SQL directly on the db. You will also need to have a user with the privileges to ALTER the database. Sample ALTER command: ALTER TABLE `mos_session` ADD [column definition] AFTER `gid` The second step in the process is adding the session variables to the class that handles sessions in Mambo. I have to take this opportunity to state that modifying the core makes it unsupportable by the Mambo crew. In other words, you will have to hand patch the files that you modify to ensure that the patches that come out of Mambo do not overwrite your changes. What does that mean, running a diff against your files and the Mambo patch files and figuring out how to apply their changes. Enough of that rant. Open the file /includes/mambo.php and find the class mosSession extends modDBTable. This will be on or about line 2037. You will see a list of variables: var $usertype=null; /** @var string */ var $username=null; /** @var time */ var $gid=null; /** @var int */ var $guest=null; /** @var string */ var $_session_cookie=null; You will need to add your variable after the original Mambo session variables. For example: var $guest=null; /** @var string */ var $_session_cookie=null; /** @var string */ var $newMamboSessionVar='foo'; Please take care to name your session variable exactly the same thing you named your new column in the table. Now figure out where you need to use your session variable and access it through this object: $mainframe->_session->newMamboSessionVar if you want to change the value of the object do this: $mainframe->_session->newMamboSessionVar = 'bar'; $mainframe->_session->update(); //The update method commits the change to the session store. I think that is it. As long as $mainframe is in scope you should be ok. I can't recall off hand a place in Mambo that mainframe is not in scope and if it isn't just add it to the global list at the top of the function. I look forward to feed back from the NYPHP Mambo crew. If I am wrong or have made a mistake please let me know. Thanks, Hans -- Hans C. Kaspersetz Cyber X Designs New York PHP http://www.cyberxdesigns.com http://www.nyphp.org From graham at nuthinwerked.com Sat Jul 9 17:23:45 2005 From: graham at nuthinwerked.com (Graham Spice) Date: Sat, 09 Jul 2005 16:23:45 -0500 Subject: [mambo] Re: Access Control Question In-Reply-To: <20050708160006.77FD4A87C7@virtu.nyphp.org> References: <20050708160006.77FD4A87C7@virtu.nyphp.org> Message-ID: <42D04061.4080209@nuthinwerked.com> Some of these issues have been discussed in a thread titled "RFC: Extending login behavior" which explains where 4.5.3 is headed: * http://forum.mamboserver.com/showthread.php?t=32581 -------------- next part -------------- An HTML attachment was scrubbed... URL: From mitch.pirtle at gmail.com Sun Jul 10 00:32:24 2005 From: mitch.pirtle at gmail.com (Mitch Pirtle) Date: Sun, 10 Jul 2005 00:32:24 -0400 Subject: [mambo] Howto add session variables to Mambo 4.5.x In-Reply-To: <42CF62CF.3040202@cyberxdesigns.com> References: <42CF62CF.3040202@cyberxdesigns.com> Message-ID: <330532b6050709213274540cda@mail.gmail.com> I am in agreement with you Hans, and think we need to provide for this in the API. The existing implementation is not up to snuff, but we are trying to get 4.5.3 out the door so it will not make it in this release. Just thinking out loud, we have two realistic approaches for the 4.6 release: 1) rewrite the session class to not require core/table mods 2) incorporate the session handler included with ADOdb I immediately like #2 as it provides instant gratification, but I also dislike having Mambo's core functionality to depend too much on external libraries. So it will definitely happen in the 4.6 release, but I cannot promise at this point whether it will be homegrown or from an existing library. Also, using database-backed sessions means easy support for high-traffic sites that have multiple apaches in front of a clustered mysql backend. So the klunky solution at the moment still has merit :-) Your pains however, Hans, have been heard! -- Mitch Pirtle Mambo Core Developer From hans at cyberxdesigns.com Sun Jul 10 11:32:07 2005 From: hans at cyberxdesigns.com (Hans C. Kaspersetz) Date: Sun, 10 Jul 2005 11:32:07 -0400 Subject: [mambo] Howto add session variables to Mambo 4.5.x In-Reply-To: <330532b6050709213274540cda@mail.gmail.com> References: <42CF62CF.3040202@cyberxdesigns.com> <330532b6050709213274540cda@mail.gmail.com> Message-ID: <42D13F77.5040600@cyberxdesigns.com> Just to clarify my position, I am not complaining about the current implementation. I was complaining about the fact that there was no straight forward resource that I could find that described how to add new session variables. I wanted to make that resource available to other users of the 4.5.x branch. As a matter of fact, I found modifying the current implementation to be very easy and straight forward once I put the pieces together. Add a variable here, update a table there and remember to update(). Whammooo done. I have see some other implementation of custom session handlers that were much harder to change. I have no problems with the way sessions are handled now in Mambo. Other then I have to modify Mambo.php. Maybe the session class should be broken out of the core and into a library. This way when the core is patched, modifications to the session code are not impacted. Seems like session code might be an area that is regularly modified. I agree with two things Mambo has done. 1. Use a database to store session data. 2. Limiting the amount of data stored in session. I like the fact that having a higher than normal barrier to implementation on session data has limited the amount of session data carried around. I think all to often, and I am offender, too much is stuck in session. Enjoy the lovely weather today! Hans Hans C. Kaspersetz Cyber X Designs http://www.cyberxdesigns.com Mitch Pirtle wrote: >I am in agreement with you Hans, and think we need to provide for this >in the API. > >The existing implementation is not up to snuff, but we are trying to >get 4.5.3 out the door so it will not make it in this release. > >Just thinking out loud, we have two realistic approaches for the 4.6 release: > > 1) rewrite the session class to not require core/table mods > 2) incorporate the session handler included with ADOdb > >I immediately like #2 as it provides instant gratification, but I also >dislike having Mambo's core functionality to depend too much on >external libraries. So it will definitely happen in the 4.6 release, >but I cannot promise at this point whether it will be homegrown or >from an existing library. > >Also, using database-backed sessions means easy support for >high-traffic sites that have multiple apaches in front of a clustered >mysql backend. So the klunky solution at the moment still has merit >:-) > >Your pains however, Hans, have been heard! > >-- >Mitch Pirtle >Mambo Core Developer >_______________________________________________ >New to Mambo? Get a great start here: >http://forum.mamboserver.com/showthread.php?tB100 > >New York PHP SIG: Mambo Mailing List >AMP Technology >Supporting Apache, MySQL, PHP & Mambo! >http://lists.nyphp.org/mailman/listinfo/mambo >http://www.nyphp.org > > > > > From mitch.pirtle at gmail.com Sun Jul 10 11:51:05 2005 From: mitch.pirtle at gmail.com (Mitch Pirtle) Date: Sun, 10 Jul 2005 11:51:05 -0400 Subject: [mambo] Howto add session variables to Mambo 4.5.x In-Reply-To: <42D13F77.5040600@cyberxdesigns.com> References: <42CF62CF.3040202@cyberxdesigns.com> <330532b6050709213274540cda@mail.gmail.com> <42D13F77.5040600@cyberxdesigns.com> Message-ID: <330532b605071008516861a571@mail.gmail.com> On 7/10/05, Hans C. Kaspersetz wrote: > Just to clarify my position, I am not complaining about the current > implementation. Well, I am ;-) -- Mitch Pirtle Mambo Core Developer From borchers at tridem.de Mon Jul 11 11:30:30 2005 From: borchers at tridem.de (Michael Borchers) Date: Mon, 11 Jul 2005 17:30:30 +0200 Subject: [mambo] zoom gallery - upload Message-ID: <26FAB31EFF50034782DFE474AB44FE3E3546CD@NT-SF-Exchange> i would like to give rights registered users to only upload their pictures in one free gallery. i tried some configurations but couldn't get it. any ideas? From mitch.pirtle at gmail.com Thu Jul 14 21:55:49 2005 From: mitch.pirtle at gmail.com (Mitch Pirtle) Date: Thu, 14 Jul 2005 21:55:49 -0400 Subject: [mambo] zoom gallery - upload In-Reply-To: <26FAB31EFF50034782DFE474AB44FE3E3546CD@NT-SF-Exchange> References: <26FAB31EFF50034782DFE474AB44FE3E3546CD@NT-SF-Exchange> Message-ID: <330532b60507141855618cd50d@mail.gmail.com> Hey Michael, So you want everyone uploading into one directory, or what exactly are you trying to do? -- Mitch Pirtle Mambo Core Developer On 7/11/05, Michael Borchers wrote: > i would like to give rights registered users to only upload their pictures in one free gallery. > > i tried some configurations but couldn't get it. > > any ideas? > _______________________________________________ > New to Mambo? Get a great start here: > http://forum.mamboserver.com/showthread.php?tB100 > > New York PHP SIG: Mambo Mailing List > AMP Technology > Supporting Apache, MySQL, PHP & Mambo! > http://lists.nyphp.org/mailman/listinfo/mambo > http://www.nyphp.org > From borchers at tridem.de Fri Jul 15 03:32:30 2005 From: borchers at tridem.de (Michael Borchers) Date: Fri, 15 Jul 2005 09:32:30 +0200 Subject: [mambo] german.moschat.php Message-ID: <26FAB31EFF50034782DFE474AB44FE3E3546F8@NT-SF-Exchange> Warning: main(XXX/components/com_moschat/languages/german.moschat.php): failed to open stream: No such file or directory couldn't find it on the web, does anybody have the link to download the german package? From mitch.pirtle at gmail.com Mon Jul 18 20:23:01 2005 From: mitch.pirtle at gmail.com (Mitch Pirtle) Date: Mon, 18 Jul 2005 20:23:01 -0400 Subject: [mambo] german.moschat.php In-Reply-To: <26FAB31EFF50034782DFE474AB44FE3E3546F8@NT-SF-Exchange> References: <26FAB31EFF50034782DFE474AB44FE3E3546F8@NT-SF-Exchange> Message-ID: <330532b605071817236f93e997@mail.gmail.com> http://www.mos-chat.com/component/option,com_simpleboard/Itemid,108/func,view/id,695/catid,18/ First result when I googled for "moschat german" ;-) -- Mitch Pirtle Mambo Core Developer On 7/15/05, Michael Borchers wrote: > Warning: main(XXX/components/com_moschat/languages/german.moschat.php): failed to open stream: No such file or directory > > > couldn't find it on the web, does anybody have the link to download the german package? > > _______________________________________________ > New to Mambo? Get a great start here: > http://forum.mamboserver.com/showthread.php?tB100 > > New York PHP SIG: Mambo Mailing List > AMP Technology > Supporting Apache, MySQL, PHP & Mambo! > http://lists.nyphp.org/mailman/listinfo/mambo > http://www.nyphp.org > From mitch.pirtle at gmail.com Mon Jul 18 21:07:19 2005 From: mitch.pirtle at gmail.com (Mitch Pirtle) Date: Mon, 18 Jul 2005 21:07:19 -0400 Subject: [mambo] [nycphp-talk] A question for mambo experts In-Reply-To: <20050716162427.15632.qmail@web30803.mail.mud.yahoo.com> References: <20050716162427.15632.qmail@web30803.mail.mud.yahoo.com> Message-ID: <330532b6050718180765b2b0b0@mail.gmail.com> On 7/16/05, Leila Lappin wrote: > Is there a relation between mambo modules and > components? Hi Leila, Consider modules as blocks of logic that are secondary to the page content, and components as logic that *IS* the actual content. So with a base mambo install, you can see that the litle blocks are modules, but when you click on Contact Us you will see in the main content area the component itself (com_contact). Modules are strictly for the front end; whereas components can be on the front end as well as the back end (again, see contacts for an example). Further complicating things is that you can use a component on the back end to maintain a front end module (polls, for example). I don't remember when this all started making sense to me, but I do remember that it was really just an adjustment of terminology - which is a challenge no matter what CMS you choose. -- Mitch Pirtle Mambo Core Developer From mitch.pirtle at gmail.com Mon Jul 18 23:39:11 2005 From: mitch.pirtle at gmail.com (Mitch Pirtle) Date: Mon, 18 Jul 2005 23:39:11 -0400 Subject: [mambo] [nycphp-talk] A question for mambo experts In-Reply-To: <42DC678C.8080609@bitblit.net> References: <20050716162427.15632.qmail@web30803.mail.mud.yahoo.com> <330532b6050718180765b2b0b0@mail.gmail.com> <42DC678C.8080609@bitblit.net> Message-ID: <330532b605071820391b250345@mail.gmail.com> On 7/18/05, Ajai Khattri wrote: > Mitch Pirtle wrote: > > >I don't remember when this all started making sense to me, but I do > >remember that it was really just an adjustment of terminology - which > >is a challenge no matter what CMS you choose. > > > > That's putting it mildly! (Not that Mambo is any worse than any other > CMS - Ive already used it for several projects and Im just about to try > my hand at writing a component ;-) http://help.mamboserver.com Take a look at the component tutorial. That should provide a decent example to get you started. Also, you can grab Mambo Designer from mambodev.com or jamboworks.com (not launched yet). This will create a base template, module or component that you can then work from. Yes it is beta, but is quite usable :-) -- Mitch Pirtle Mambo Core Developer From borchers at tridem.de Tue Jul 19 02:32:03 2005 From: borchers at tridem.de (Michael Borchers) Date: Tue, 19 Jul 2005 08:32:03 +0200 Subject: [mambo] german.moschat.php Message-ID: <26FAB31EFF50034782DFE474AB44FE3E354704@NT-SF-Exchange> >http://www.mos-chat.com/component/option,com_simpleboard/Itemid,108/func,view/id,695/catid,18/ > >First result when I googled for "moschat german" ;-) mine too;) but thought a about a simple download, guess I'll have to register! From borchers at tridem.de Tue Jul 19 02:33:29 2005 From: borchers at tridem.de (Michael Borchers) Date: Tue, 19 Jul 2005 08:33:29 +0200 Subject: [mambo] zoom gallery - upload Message-ID: <26FAB31EFF50034782DFE474AB44FE3E354705@NT-SF-Exchange> >Hey Michael, > >So you want everyone uploading into one directory, or what exactly are >you trying to do? > >> >>On 7/11/05, Michael Borchers wrote: >> i would like to give rights registered users to only upload their pictures in one free gallery. >> >> i tried some configurations but couldn't get it. yes, exactely. i will set ONE folder (maybe some more later:)) free for uploads and all users can only upload their pictures there.