[Website] RBAC - Role Based Access Control

[Morketh]

Python installer script is set to create a user during install. This should create a user and a password and save to the database using a sha512 hash. If you try and use the newly created user and password the login page goes white. Ordinarily it should login or tell the user bad user-name/password.

1) I think we need to set up debug info in the PHP script and see what is causing it to break down.

2) Also id like to match the Sha512 sums from the MySQL statement in the PHP script against the Python script to see if the hashes are being computed correctly.

3) In the event an error on the login page does happen we need to keep a log of it in /var/log/ufgq.log and give the user a 500 Internal Server Error.

[Morketh]

Sha512 sums do not match.

echo admin | sha512sum 
d83f900baedb967c3b4e5fb5411abb4ea1986b018804bfea9887345626e9a36efb711872a76fa212ab83e634f96bb7c711808bc8231db849777361eb7ae409db

Sha512 from MySQL database table:

c7ad44cbad762a5da0a452f9e854fdc1e0e7a52a38015f23f3eab1d80b931dd472634dfac71cd34ebc35d16ab7fb8a90c81f975113d6c7538dc69dd8de9077ec

PHP sql statement:

"SELECT ID FROM accounts WHERE username = '$myusername' and password = SHA2('$mypassword', 512)"

Python SQL statement.

sql = "INSERT INTO `ufgq`.`accounts` (`username`, `password`, `db_privlage_level`) VALUES (%s, SHA2(%s, 512), 3)"

[Morketh]

I'm not entirely convinced that the login page is even redirecting at this point. Or for that matter if the page is is even submitting login credentials to the database supplied by the user.

[Morketh]

after further reflection on the issue i verified the results on separate browsers and the page is breaking with a 500 internal server Error. there's something wrong with the way the page is scripted just not sure what at the moment

[Morketh]

after fixing several issues that delt with the MySQL database handlers and correcting lookup information. ive come full circle to identifying the problem. 8162120 this fixes a few things that related to the MySQL database lookups and verifies that the errors are handled properly.

[Morketh]

Ive set up a new branch called LoginSystem 6377fc212b540d2cb65cd8f405f66f9585fb53f5 Ive found a somewhat usable system that can be tweaked for UFGQ needs. I want to strip out the email and confirmation sections as SL already verifies your account during SecondLife login a simple password generator and in world IM should be enough to get the user actually logged in after that they can reset there password on the website. Also from the basic look that i had of the page it doesn't have a way of getting permission levels, but rather checks to see if the user exists. this should be a simple modification of the code in order to verify access level on top of the login check.

[Morketh]

This system will need a full tear down on the website as it stand. The current login system is pretty much not existent at this point however i want to keep the style sheets that we've set up for the pages,

[Morketh]

This is related to PR #68

[Morketh]

Depending on the requirements for Role-play Environments RBAC might need to have some of the Database information changed around to handle permission levels.