I don't know how to be able skip the logon process, then to let my visitors only be able to view and search records, but allow only the default user/admin to add, delete or modify records via URL.

The first 2 requirements seem alright with my settings, but I don't know how to specify the admin via the URL to be able to maintain the database records (add/delete/mody).

I have set default.cfg's authorization options as follows:

# Authorization Options
# --------------------------------------------------------
# No Authentication? (1 = "there is no authentication", 0 = "there is authentication")
# If you choose no authentication, then set the permissions of what
# people can do with: @auth_default_permissions below.
$auth_no_authentication = 1;

# The amount of time in seconds that user files are kept in the
# auth directory before the program removes them. 2-6 hours is
# probably a good value.
$auth_time = 21600; # 6 hours (in seconds)

# Enable (1) or disable (0) logging.
$auth_logging = 1;

# Allow a default user? This means you can specify a user via the URL
# and skip the logon process. Use this to allow people to search without
# logging on, but require log in if they want to add/modify/remove etc.
# (1 = "yes", 0 = "no")
$auth_allow_default = 1;

# Default permissions used if there is no authentication, or for a default
# user. (View, Add, Delete, Modify, Admin), 1 = enable, 0 = disable.
@auth_default_permissions = (1,0,0,0,0);

# Allow people to sign up for their own userid/passwords? They will
# recieve default permissions.
$auth_signup = 0;

# Permissions a new signup should get.
@auth_signup_permissions = (1,0,0,0,0);
# Registered users: can modify/delete _only_ own records. For this to make
# sense you should set default off or to 1,0,0,0.
$auth_modify_own = 0;

# Registered users: can view _only_ own records. For this to make sense
# you should turn off default permissions.
$auth_view_own = 0;

# Auth user field. This is the field position in the database used for storing
# the userid who owns the record. Set to -1 if not used.
$auth_user_field = -1;

# URL to send user if they chose log off. Leave blank and the script will return to
# the logon prompt (although this only makes sense if you are using authentication).
$auth_logoff = "http://www.domainname.com";


# ===========================================================================



Any assistance would be appreciated (non-programmer in distress)....

Anxiously checking back for feedback...

Here's what you are looking for, I believe, two great resources where many questions have already been answered:

JPDeni's site & tutorial on permissions http://www.jpdeni.com/dbman/tutorial4.html

And the Unofficial FAQ maintained by LoisC http://webmagic.hypermart.net/dbman/

Good Luck!

You have most of the settings right.

# Allow people to sign up for their own userid/passwords? They will
# recieve default permissions.
$auth_signup = 0;

# Permissions a new signup should get.
@auth_signup_permissions = (1,0,0,0,0);


You have a conflict in those two settings. In one, you're saying people cannot register for their own userid and in the other you're saying new sign-ups get view priveledges.

If you do NOT want people to sign-up and add records, you should change the second setting to:

# Permissions a new signup should get.
@auth_signup_permissions = (0,0,0,0,0);




# Registered users: can modify/delete _only_ own records. For this to make
# sense you should set default off or to 1,0,0,0.
$auth_modify_own = 0;

If you'll have registered users accessing your database, you'll want to change this setting to $auth_modify_own = 1; otherwise, any registered user would be able to modify/delete any record. You'd want them (in most instances) to have ability for changing only their own entries.



# Registered users: can view _only_ own records. For this to make sense
# you should turn off default permissions.
$auth_view_own = 0;

# Auth user field. This is the field position in the database used for storing
# the userid who owns the record. Set to -1 if not used.
$auth_user_field = -1;

On this parameter, if you have a userid field in your database, you should indicate what field (the number) is used to store that information.

For default (don't have to login) users, you simply provide a link to your db.cgi file and pass along the uid ... like this:

/path/to/db.cgi?db=default&uid=default&view_records=1&ID=*



~ Karen

You can also just add a link in your sub html_footer for the admin to be able to login:

print qq!|<BR>| <A HREF="$db_script_url?db=realtor">Admin Login</A> !;

Just change it to the name of your database.

Unoffical DBMan FAQ

http://creativecomputingweb.com/dbman/index.shtml/