Notice: Undefined variable: s_offline in /homepages/6/d168803796/htdocs/officetrio.com/o3/o3start.php on line 314
OfficeTrio: Access Permissions - User Manual

EWS is no longer available

Notice: Undefined variable: us_name in /homepages/6/d168803796/htdocs/officetrio.com/right-menu.php on line 35

Notice: Undefined variable: us_email in /homepages/6/d168803796/htdocs/officetrio.com/right-menu.php on line 35

Login Page

Introduction
Payments
Users
Login
Access
Categories
Products
Downloads
Deliveries
Containers
Catalog
Cart
Search
Orders
Emails
IPN
Stats

Modules
Affiliates
Content
Types
List Items
Image Upload
Scheduler
File Browser
Stock Control

Appendices
Settings
Functions
Actions
Caching

Forums
Members Area
Customers Area
Affiliates

Contribute
Installation
Contact Details
Terms
FAQ
Testimonials

Free Tutorials
Free EBooks
Free Scripts

O3 comes with a full 30-day, no-quibble money back guarantee.

Nothing can stop the man with the right mental attitude from achieving his goal; nothing on earth can help the man with the wrong mental attitude.
W.W. Ziege

Access Permissions

Introduction

O3's has a sophisticated system for authenticating and remebering users. All users have an Access Group which defines their permissions. All resources have an Access Rule which defines who can access them, and this goes beyond simple groups, as described below.

All users are cookied, if their browser is set to accept cookies. If not, a cart cannot be maintained for them, and the 'No Cookies' message defined in the settings is displayed in place of the cart (or favorites list).

Visitors are given the access group 'visitor'. Members are given the access group 'member'. Admins are given the access group 'admin'. Admins get full access to O3, although you can easily modify the O3 admin pages themselves to offer different levels of access to different parts of the system.

Search engine spiders are a special case. Wherever possible, they are identified prior to the cookie-ing process, and given the access goup 'visitor|spider'. This means you can give spiders access to parts of your site (or extra content) that visitors don't get. Some websites use this to great advantage (like Experts Exchange) but it is a dubious practice (IMHO).

Settings

The settings relating to user authentication are as follows:

In General Settings:
- Users Update Form - This defines the form used by the Login page, when a user is logged-in, to allow the user to update their details. It can contain fields to update the user's type-data too so they can maintain their whole profile from the login page.
- Access Denied Message
- No Cookies Message - displayed in place of the cart if the browser has cookies disabled.
- Always Add Users - This adds all visitors who can accept cookies to the database. It's a reserved field, the default is ON, and O3 will not work properly if this is switched off.
In 'Membership': Cookie Duration and Session Duration

Functions

check_permissions($rule, $creator, $thing='item'). Check the permissions on a thing, and return TRUE if OK, or an error message

Authenticating Users

O3 ALWAYS authenticates your visitors, it's part of the o3start.php script. If the user is logged in the values of the following variables are set:
$GLOBALS['loggedin'] is set to TRUE, and ALL the users details are made available as local PHP variables - i.e. $us_name and $us_email (accesible in containers using the O3VAR# macro). You can use these values in your menus etc - just like on the OfficeTrio website - if you're logged in it says so, else it shows the login form.

When a user successfully logs in O3 places cookies on their PC to identify them. Cookies are the only sure way to track users, and hence manage a shopping cart. If you use O3's internal cart the browser must have cookies enabled (as on most major ecommerce wesbites!) although single item purchases are still possible, and the payment-provider managed carts may still work.

Protecting Pages

To protect pages, you just have to specify an Access Rule at the very top of the page, before the o3start.php script. See the section below for a list of valid access rules...

Once this code is in your pages, only logged in users with permission will be shown the page, all others will be re-directed to the login page:
<? $level=ACCESS-LEVEL; require_once '03/o3start.php'; ?>

Protecting Other Things

Objects like Items, Schedules and Events all have Permissions you can set. This is done in the appropriate O3 Management page.

The Access rule you can set for these things is the same as for pages. See below for details...

Access Rules

To specify whether a user can access a resource like viewing a page, or updating an item, you can use any of the following rules:

ALL - Anyone can access this resource.
NONE - No one can access this resource.
CREATOR - Only the thing's creator can access this resource.
user@ - Only logged-in users with this in their email address can access this resource.
user@|user2@|user3@... - Only logged-in users with one of these (pipe delimited) values in their email address can access this resource.
group - Only logged-in users with this group in their access list can access this resource.
group|group2|group3... - Only logged-in users with one of these groups in their access list can access this resource.

Two special permissions are available for Schedules:

SCCREATOR - Only the schedule creator can access this resource.
CREATORS - Either the event's creator, or the schedule creator can access this resource.