Now we have an application working, but there are different actors in our application. For example, visitors and administrators. Administrators are allowed to modify data from the application, they use IDM components. And visitors are allowed to see the application.

For an initial set up just add to your bifConfig.inc.php

$bifcfg['Auth']['mode'] = 'site'; $bifcfg['Auth']['param'] = "mysql://user:password@localhost/database"; $bifcfg['Auth']['table'] = "auth"; $bifcfg['Auth']['reload'] = false; $bifcfg['Auth']['anonymous_username'] = 'anonymous'; $bifcfg['Auth']['anonymous_level'] = '50'; $bifcfg['Auth']['anonymous_keys'] = '';

We'll need an 'auth' table!! so let's get this working with mysql:

CREATE TABLE `auth` ( `username` varchar(250) NOT NULL default '', `password` varchar(250) NOT NULL default '', `keys` varchar(250) NOT NULL default '', `level` int(6) NOT NULL default '10', `habilitado` tinyint(1) NOT NULL default '1', PRIMARY KEY (`username`) ) TYPE=MyISAM; # # this is username admin, password admin # INSERT INTO `auth` VALUES ('admin', '21232f297a57a5a743894a0e4a801fc3', 'a', 100, 1);

To use a diferent password,

php -r 'echo md5(password) . "\n";'

at a shell and a good copy&paste will do the trick.

What is

$bifcfg['Auth']['mode'] = 'site';

. There are two modes in BIF authentication: 'system' and 'site'. system is system wide authentication, that is every part of the application will need authentication, no anonymous users will be allowed. This is a backward compatibility feature but also a usefull for extranet applications.

site is used to allow anonymous users to our application, but also there is a login (thats a username/password field with a login button) widget. When a user has to do special actions (for example administration).

what's the name of that widget? AuthStatus. The Default skin will show username/password field for the anonymous (not logged user) and username logged, her level and keys, also a logout button for the rest.

Great! you can try this by logging with username admin and password admin (if you used mysql code above). But what's the difference? Nothing. Yet.

Try this index.bif (you already know how to use render_file()).

<BifRoot> <TitleBox title="only a few" WidgetAccess="username = admin"> Only the 'admin user' can see this box. </TitleBox> <TitleBox title="for anyone"> Hello welcome to my site!! is open to everyone... come and enjoy. </TitleBox> </BifRoot>

Start playing logging in and logging out.

WidgetAccessYou can see WidgetAccess="username = admin" in the example above, if a username is admin then she can see that Titlebox (and it's children). But there are others modifiers,

• 'level': a number. For example, users are level 10, revisors are level 20 and admins are level 50.

  <TitleBox title="20 and more" WidgetAccess="level >= 20 "> </TitleBox>

  will give access to revisors and admins. There are no predifined levels, use as you like (or you may not use it at all)
• 'keys': charactes. For example, users located in Argentina have the key 'a'. So,

  <TitleBox title="Argentinos" WidgetAccess="keys = a"> </TitleBox>

  will give access to Argentina to that widget, leaving the rest of the world outside

Also, you can combine Widget access with logical operators 'and', 'or', 'not' and with parenthesis. And create complex expresions:

(keys = a and level > 5) or (user = admin)

is a valid widget access.

Conclusion:With powerfull expresions you can change the look and functionality for a .bif without much pain. Easy maintenance has been the key for this feature, also provides flexibility.