Database, file manipulation and user management in next version.
Quote from luishp on February 14, 2019, 2:08 pmHi everyone,
As you know, we are working hard to bring to VisualNEO Web database and file management capabilities.
As VisualNEO Web projects are intended to be delivered online and NeoScript runs in client side, it involves a lot of security considerations, so this is the approach we are working on:A local PHP webserver will be included in next release (as a tool you can use or not).
A php config file will be generated automatically for the current project when you start the webserver for the first time.
A built-in code editor allows editing the config file.
The config file includes the following information:
- Admin user and password.
- Name of allowed files to be read or written and their permissions "r","w" or "rw".
- Name of allowed SQLite databases.
- Allowed SQL querys (with params ie: "UPDATE users SET username = ? WHERE id = ?")
A built-in user management system based in SQLite database will be automatically created when you start the webserver.
Each user will have a username, a password and a user level.
So for every listed file and query in the config file, there is also an allowed level access:
0 only admin.
-1 any one even if not logged-in.
2,3,4,5... indicates the maximum level a user must have to be allowed to use that file ot query.Once the config file is defined, the Commands are really easy to use from within VisualNEO Web
Although in a preliminary stage we already have a working version.
Any thought is very much appreciated.This is a sample config file:
<?php //neoPHP Plugin configuration file. //This file contains important security configuration settings. //It will be copied automatically to your root folder if not exists. //You should edit and customize it for each App project. //--------------Remote access-------------------------------------------------------- //Uncomment next line if you want to allow cross-origin access to neofunctions.php //header("Access-Control-Allow-Origin: *"); //--------------Admin credentials---------------------------------------------------- //Although users can be added to a database, there is a main admin you can always use. //******************************************************************* //VERY IMPORTANT: YOU MUST CHANGE THIS VALUES BEFORE PUBLISHING YOUR APP //NEVER HARDCODE USER AND PASSWORD IN YOUR APP //******************************************************************* $adminName="admin"; $adminPass="admin"; //--------------Users database------------------------------------------------------- //MySQL database to store and retrieve users and other usage. $usersDb="neophp.db"; //--------------File alias section--------------------------------------------------- //On VisualNEO Web use an alias for your file name and assign here the real file name and permissions for each one. //Add or remove fileAlias and corresponding fileNames and permissions to the list. //$filePermissions possible values: //r = only read //w = only write. //rw = read and write. //$fileMaxUserLevel stores maximum logged-in user level allowed to perform operations on file. //User level 0 (admin) is allowed to perform any operation on files. //User level -1 indicates no user needs to be loged-in. //This way you will not expose your file names. $fileAlias = array(); $fileNames = array(); $filePermissions = array(); $fileMaxUserLevel = array(); $fileAlias[0]="file1"; $fileNames[0]="neophpdata.txt"; $filePermissions[0]="rw"; $fileMaxUserLevel[0]=0; $fileAlias[1]="file2"; $fileNames[1]="text.txt"; $filePermissions[1]="rw"; $fileMaxUserLevel[1]=-1; $fileAlias[2]="file3"; $fileNames[2]="neophpdata.txt"; $filePermissions[2]="r"; $fileMaxUserLevel[2]=-1; //-------------Database alias section-------------------------------------------------------------- //On VisualNEO Web use an alias for your databases and assign here the real file name for each one. //This way you will not expose your database file name. //Add or remove dbAlias and corresponding dbNames to the list. $dbAlias = array(); $dbNames = array(); $dbAlias[0]="db1"; $dbNames[0]="neophp.db"; //-------------SQL queries section------------------------------------------------------------------ //On VisualNEO Web use an alias for each SQL sentence and assign here the real query. //Use the ? character where you want to use a parameter from your Neo Script code. //$sqlMaxUserLevel stores maximum logged-in user level allowed to execute a query. //User level 0 (admin) is allowed to execute any query. //User level -1 indicates no user needs to be loged-in. $sqlAlias = array(); $sqlQuerys = array(); $sqlMaxUserLevel = array(); $sqlAlias[0]="updateUserName"; $sqlQuerys[0]="UPDATE users SET username = ? WHERE id = ?"; $sqlMaxUserLevel[0]=0; $sqlAlias[1]="selectUsers"; $sqlQuerys[1]="SELECT * FROM users"; $sqlMaxUserLevel[1]=-1; $sqlAlias[2]="selectUsersByName"; $sqlQuerys[2]="SELECT * FROM users WHERE username=?"; $sqlMaxUserLevel[2]=-1; $sqlAlias[3]="selectUsersById"; $sqlQuerys[3]="SELECT * FROM users WHERE id=?"; $sqlMaxUserLevel[3]=-1; ?>
Hi everyone,
As you know, we are working hard to bring to VisualNEO Web database and file management capabilities.
As VisualNEO Web projects are intended to be delivered online and NeoScript runs in client side, it involves a lot of security considerations, so this is the approach we are working on:
A local PHP webserver will be included in next release (as a tool you can use or not).
A php config file will be generated automatically for the current project when you start the webserver for the first time.
A built-in code editor allows editing the config file.
The config file includes the following information:
- Admin user and password.
- Name of allowed files to be read or written and their permissions "r","w" or "rw".
- Name of allowed SQLite databases.
- Allowed SQL querys (with params ie: "UPDATE users SET username = ? WHERE id = ?")
A built-in user management system based in SQLite database will be automatically created when you start the webserver.
Each user will have a username, a password and a user level.
So for every listed file and query in the config file, there is also an allowed level access:
0 only admin.
-1 any one even if not logged-in.
2,3,4,5... indicates the maximum level a user must have to be allowed to use that file ot query.
Once the config file is defined, the Commands are really easy to use from within VisualNEO Web
Although in a preliminary stage we already have a working version.
Any thought is very much appreciated.
This is a sample config file:
<?php
//neoPHP Plugin configuration file.
//This file contains important security configuration settings.
//It will be copied automatically to your root folder if not exists.
//You should edit and customize it for each App project.
//--------------Remote access--------------------------------------------------------
//Uncomment next line if you want to allow cross-origin access to neofunctions.php
//header("Access-Control-Allow-Origin: *");
//--------------Admin credentials----------------------------------------------------
//Although users can be added to a database, there is a main admin you can always use.
//*******************************************************************
//VERY IMPORTANT: YOU MUST CHANGE THIS VALUES BEFORE PUBLISHING YOUR APP
//NEVER HARDCODE USER AND PASSWORD IN YOUR APP
//*******************************************************************
$adminName="admin";
$adminPass="admin";
//--------------Users database-------------------------------------------------------
//MySQL database to store and retrieve users and other usage.
$usersDb="neophp.db";
//--------------File alias section---------------------------------------------------
//On VisualNEO Web use an alias for your file name and assign here the real file name and permissions for each one.
//Add or remove fileAlias and corresponding fileNames and permissions to the list.
//$filePermissions possible values:
//r = only read
//w = only write.
//rw = read and write.
//$fileMaxUserLevel stores maximum logged-in user level allowed to perform operations on file.
//User level 0 (admin) is allowed to perform any operation on files.
//User level -1 indicates no user needs to be loged-in.
//This way you will not expose your file names.
$fileAlias = array();
$fileNames = array();
$filePermissions = array();
$fileMaxUserLevel = array();
$fileAlias[0]="file1";
$fileNames[0]="neophpdata.txt";
$filePermissions[0]="rw";
$fileMaxUserLevel[0]=0;
$fileAlias[1]="file2";
$fileNames[1]="text.txt";
$filePermissions[1]="rw";
$fileMaxUserLevel[1]=-1;
$fileAlias[2]="file3";
$fileNames[2]="neophpdata.txt";
$filePermissions[2]="r";
$fileMaxUserLevel[2]=-1;
//-------------Database alias section--------------------------------------------------------------
//On VisualNEO Web use an alias for your databases and assign here the real file name for each one.
//This way you will not expose your database file name.
//Add or remove dbAlias and corresponding dbNames to the list.
$dbAlias = array();
$dbNames = array();
$dbAlias[0]="db1";
$dbNames[0]="neophp.db";
//-------------SQL queries section------------------------------------------------------------------
//On VisualNEO Web use an alias for each SQL sentence and assign here the real query.
//Use the ? character where you want to use a parameter from your Neo Script code.
//$sqlMaxUserLevel stores maximum logged-in user level allowed to execute a query.
//User level 0 (admin) is allowed to execute any query.
//User level -1 indicates no user needs to be loged-in.
$sqlAlias = array();
$sqlQuerys = array();
$sqlMaxUserLevel = array();
$sqlAlias[0]="updateUserName";
$sqlQuerys[0]="UPDATE users SET username = ? WHERE id = ?";
$sqlMaxUserLevel[0]=0;
$sqlAlias[1]="selectUsers";
$sqlQuerys[1]="SELECT * FROM users";
$sqlMaxUserLevel[1]=-1;
$sqlAlias[2]="selectUsersByName";
$sqlQuerys[2]="SELECT * FROM users WHERE username=?";
$sqlMaxUserLevel[2]=-1;
$sqlAlias[3]="selectUsersById";
$sqlQuerys[3]="SELECT * FROM users WHERE id=?";
$sqlMaxUserLevel[3]=-1;
?>
