Previous: Macro Variables| Zot-Dispatch 2.0| Next: Filters

Zot-Dispatch: Append Access Authorization

At one point or another it may become necessary to limit appending to a group of specific users. For this reason, Zot-Dispatch can use a password file to control access to appending.

Zot-Dispatch allows each file to which data is going to be appended to have its own password file. The name of the password file is the same as the name of the append file with .zda as an extension. If a file exists with this name for any file to which data is being appended, append authorization will take place. If the file does not exist, then appending will take place as usual. This file contains three types of information:

User password entries: Each of these lines contains four pound (#) separated fields. A username, a password, and two fields which can be used to hold other information about the user.
Success Template: This line specifies a template to be returned to the user's browser if they were successfully authorized and there are no other ZD-Relfects (except default response reflects).
Fail Template: The fail template line specifies a template to be used if the user was not successfully authorized. This template will be returned to the user's browser and will override any other ZD-Reflects.

The addition of append authorization also introduces two input elements into which a user's username and password can be entered.

ZD-User
ZD-Password

User Password Entries

The four fields of a password entry are the username, password, zda-var-1, and zda-var-2 fields, and they are specified on a single line in a password file separated by pound (#) signs as follows:

username#password#zda-var-1#zda-var-2

Username
The username field can be any string of characters (excluding a pound sign). When matching the username, the match is case insensitive.

Password
The password field can contain either an encrypted password or an unencrypted password. If the first character of the password entry is an equals (=) sign then the password is considered unencrypted (the equals sign is not considered part of the password). Otherwise the password is considered encrypted using the same algorithm as the C crypt library function.

ZDA-Var-1 and ZDA-Var-2
ZDA-Var-1 and ZDA-Var-2 are the third and fourth fields of a password entry, respectively. They can contain any information desired. If a user is successfully authorized for append, these two values will be placed in variables capable of being substituted by using ZDA-Var-1 and ZDA-Var-2. One use of these fields could be storing information about users so that when they append, information about the authorized user can be included.

Example Password Lines:

lmegliol#afrctaq6ONht2#Leonard Megliola#http://www.oac.uci.edu/indiv/lmegliol/
juser#=example-password#Joe User#http://www.someplace.net/

The first line has the username set as lmegliol, the password is encrypted, and the third and fourth fields contain my real name and homepage URL, respectively.

The second line has the username set to juser, the password is unencrypted and set to "example-password", and the third and fourth fields contain his real name and homepage URL, respectively.

Remember, if lmegliol or juser are successfully authorized, the values of the third and fourth fields will be placed into variables named ZDA-Var-1 and ZDA-Var-2 and can be substituted into templates.

Success Template

The success template line of a password file specifies a template which will be sent to the user's browser if the user is successfully authorized and there is no other ZD-Reflect (or there is only a ZD-Reflect which returns the default response). The success template is specified on its own line in the password file as:

SUCCESS=Success Template

Where Success Template is either a file reference to a template or a URL to a template document. In either case they are specified the same as is done in the Template field of a ZD-Method variable. The only difference is that there can be no body: template specified here.

Examples:

SUCCESS=file:/templates/template.1


   or

SUCCESS=http://www.oac.uci.edu/templates/template.1

Fail Template

The fail template is slightly different from the success template in that if the user's authorization fails, the fail template will be returned regardless of what other ZD-Reflects exist. The fail template is specified in the password file as:

FAIL=Fail Template

Where Fail Template is either a file reference or a URL as in the success template above.

Examples:

FAIL=file:/templates/template.1


   or

FAIL=http://www.oac.uci.edu/templates/template.1

This is useful for explaining to a unauthorized user that they have been denied.

`ZD-User` and `ZD-Password`

Two new Zot-Dispatch input elements are introduced here to aid in the append authorization

ZD-User and ZD-Password:

ZD-User: ZD-User is the username entered in a form by a person wishing to append to a file.
ZD-Password: ZD-Password is the password that they enter to verify their identity (the form element should be of the type password).

The value of the ZD-User element will be searched for within the password file that is associated with an append file. If found, the value of the ZD-Password element will be checked with the password associated with the username. If there is a match between the two, the append will take place.

Regardless of the success or failure of an authorization, the value of ZD-User can be substituted into a template, while for security reasons, the value for ZD-Password can never be substituted.

ZD-All

In case you'd like to have users who can append with a their name and password and you'd like to have other people append also, Zot-Dispatch understands a special username ZD-All to mean that anyone can append.

If there is any user named ZD-All, then all users who fail to provide valid usernames and passwords will be allowed to append. The values of ZDA-Var-1 and ZDA-Var-2 will be set to the values in the third and fourth fields of the ZD-All line. If a user is successfully authorized with their own username and password, then their own third and fourth fields will be used for ZDA-Var-1 and ZDA-Var-2.

Access Authorization Behavioral Details

All ZD-Appends are executed before ZD-Mails which are executed before ZD-Reflects.

If more than one ZD-Append is being executed, then only the values for ZDA-Var-1 and ZDA-Var-2 from the last ZD-Append will be left when executing the other ZD-Methods.

If any append access authorizations fail then the fail template will be returned. Keep in mind, though, that there may appends that already did succeed. One situation where an append will succeed with one file and fail with another is if the two .zda files vary with regards to the user who is attempting the append. One solution of getting around this is creating a single .zda file and using hard links. This assures that they all have the same data.

Examples

This example will append to a file with the following .zda file:

    FAIL=file:/indiv/lmegliol/cgi-src/ZD/zd-2.0-docs/ZD-2.0-Unauthorized.html
    SUCCESS=http://www.oac.uci.edu/indiv/lmegliol/cgi-src/ZD/zd-2.0-docs/ZD-2.0-Success.html
    user1#=password#User Number 1#unencrypted
    user2#52lMw8K6okfFg#User Number 2#encrypted

Both passwords are "password".

Enter in a username below and a password (not necessarily a valid combination) below and press the Authorize Append button below.

Take a look at ZD-2.0-Unauthorized.html and ZD-2.0-Success.html.