Projects / phpSecurityAdmin


phpSecurityAdmin is a PHP application that was designed to be implemented in custom Content Management Systems (CMS). It is designed to be easy to use, so that CMS programmers do not have to spend a lot of time managing user access. It can be used for controlling access to Web pages based on user names and passwords. The system allows the client to manage user accounts and access rights, and to add, edit, or delete users. It also features "user profiles" which provide an efficient method for creating multiple users with similar access rights. It includes localization support and a few language translations.

Recent releases

  •  11 Mar 2003 04:32

    Release Notes: The checkbox was changed to select for Active flag in user_edit_connections.php. Spanish gettext translations were added. $hits was changed to $this in changePassword method. user_edit_details.php was fixed to actually update the user. Dutch gettext translations were added. A typo in class.phpSecurityAdm.php was fixed, and non-gettext enabled servers can use English-only versions.

    •  03 Mar 2003 18:35

      Release Notes: Wildcard URL matching has been added and a few bugs have been fixed.

      •  27 Feb 2003 00:17

        Release Notes: Variables have now been changed to include the 'PSA_' prefix. An outlet was added for user-defined error functions. Class API changes were made (there are no plans for major chages in the API beyond this point). The class was completely rewritten to use MetaBase for database abstraction. The interface was tweaked to get rid of some of the bad habits. GetText language definitions were implemented. Multiple profile support was added. The hard-coded session name was changed to use "session_name()", and a bug was fixed in getPages function that produced errors.

        •  23 Aug 2002 21:53

          Release Notes: A register_globals=Off bug when adding users has been fixed.

          •  09 Aug 2002 16:22

            Release Notes: A bug that was related to "register_globals = Off" was fixed. The loginForm method was changed to pass along POSTed data as hidden form fields.

            Recent comments

            01 Mar 2003 14:19 koivi

            Re: Netscape issues
            Although I haven't received any word about working in one browser and not another, there were some issues with session management that have been cleared up On Friday. 3.0b has these changes, and it all was working for me with opera, msie, netscape 4, netscape 7, and mozilla.

            07 Jan 2003 12:09 Omer99

            Netscape issues

            So far this script seems very nice.

            However, doing some testing and I can't get this script to work for netscape 4.7,6, or 7.0

            The login page appears, but the user cannot proceed past it: always get a:
            "You do not have access rights to this content."

            while on IE everything works fine with the same username ....

            anyone else run into this ?

            01 Jul 2002 18:52 koivi

            Re: missing file

            > Your script seems to be missing
            > class.phpMysqlConnection.php,

            No, it's not. If you look at the first item in the install instructions, you will see the following:

            1. Download the phpMysqlConnection class definition file and place it in the include directory. You can get it from

            > needless to say this is very annoying.

            No comment. ;)

            25 Jun 2002 14:13 moonie

            missing file
            Your script seems to be missing class.phpMysqlConnection.php, needless to say this is very annoying.

            12 Jun 2002 21:04 koivi

            Re: Hmmmm

            > By example, POST variables are
            > either accessed by $_POST[], and 1 line
            > after, with $name.

            I just spent the better part of a week looking through version 2.1 (CVS is up to 2.2.5), and I did not find anything like that in any of the UI scripts or the class itself. The only thing that I can figure you are refering to is where all the super global arrays ($_POST, $_GET, $_SESSION, etc.) are used to set global variables that are used later in the scripts. There is nothing wrong with that, especially since sometimes the variable is POST and other times it is GET - no need to check everyt time you use a variable, right?

            %If you look more
            > deeper in scripts, you will see plenty
            > of errors, like defining a function to
            > exit with TRUE or FALSE, and doing an
            > exit(); !

            Again, never found that anywhere in the scripts. There was one function that had echo'd a string then issued an exit, but nothing that returned a value and then performed an exit.

            > I have tried to debug scripts, but
            > everything is messed up, too deep to
            > recover something.

            I would assume that you mean you don't like my programming style because I could not find any of the above comments to be factual. (If they are, I appologize in advance, but please send me the file names and line numbers of the offending code snippets.)

            > I really dont recommend this script, at
            > least at this version (2.1).

            I guess this means that I will have to make a 2.3 release instead of the planned 2.5 release.


            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.