anybody integrate user login/auditing with datatables?
anybody integrate user login/auditing with datatables?
dp@ii.net
Posts: 38Questions: 10Answers: 0
Has anyone integrated multiple user functionality with datatables/editor?
I want a framework to allow users to be chosen outside the datatable and then the username be passed with POST so that an audit record/column could be maintained to show which user did the NEW or other TableTool custom operation.
thanks.
This question has an accepted answers - jump to answer
This discussion has been closed.
Answers
Can´t you just pass the login info with ajax (for example) and handle the login normally at the backend?
Same with the audit columns. Can´t you just log the data to DB and fetch it to be shown in the Datatable?
I guess I'm still feeling around how to pass through extra variables to the POST command.
You would use
ajax.datato send extra data, but I would suggest against using that method if you are handling a user session. It would be trivial for someone to modify the request to say "yeah - sure - I'm an admin" otherwise! Whatever server-side environment you are using will likely have something for session handling already - in PHP there are sessions for example.Allan
OK makes sense of course - the browser will pass a username associated with the php session with the POST command anyway.
So the question then becomes is there a recommended way to add to the PHP code that comes with Editor to augment each update command that is received by the sql back end ?
Do I have to edit Editor.php by hand to add this sort of thing?
Editor does not implement any user authentication - that is the "job" of some other code. Editor is just a CRUD editing tool :-)
Personally I think that is not good for security. What would stop someone modifying the request to change their user name?
Allan
Yes my question and comments are all written poorly .... sorry.
What I meant was that the php session id would let the server deduce the username and be able do something with it. The browser doesn't pass the username per se of course, just a token shared for the session.
Anyway I was just wondering if there were hooks in the PHP back to do this - read the session variables and magically use them for update operations.
datatables is wonderfully modular and configurable so I was thinking the server side would be like the client side - but it seems datatables is really more about the client CRUD side. That is fine - it does that really well !
So it is off to Editor.php for me (I think).
Are you using PHP's sessions? If so, there should be no need to send any extra data - PHP will handle it all for you when you simply use
session_start().Allan
Yes exactly.