Symphony.

Would it be possible to add one more field type for sections? Perhaps it could have options for encryption method.

Maybe it should be an extension, but it would be very handy to have this plus a way to select whether a user has access to the Symphony admin. If I can allow access only to custom admin pages, this would allow for the creation of a membership registration system that restricts these users from access to the Symphony admin.

I am desperately waiting for the incarnation of "advanced access control 2.0" etc...

Is there a simple way to restrict users ("authors") from access to the Symphony admin? Let's assume these users will be defined by an administrator. All I need is restricting access to certain pages (and pages' content, which can be done in XSLT), plus keeping those users out of the admin system.

I gather you mean something like a "login field". I think it would be easiest to make this an integrated field which manages all login-related tasks:

• username/password pairs
• password stored as md5 hash
• adds a login event, which automatically adds cookie
• adds additional event for saving/creating users
• support for confirm password field when saving
• support for changing passwords only if original password was entered first
• tokenisable, like in the admin, for remote login

The purpose of this is to be able to add a "Members" section and provide a front-end login system distinct from the Symphony admin's. It should be possible to make the Members section form look mostly the same as the current System>Authors form.

I don't know how easy this would be, or whether it's even possible, but it certainly sounds like an attractive idea!

Yes, Scott, something like this would be great! If this is not possible, I would, like Michael, be very happy to see Advanced Access Control for Symphony 2.

http://symphony21.com/forum/discussions/206/1/

This might be part-way what you are looking for. It just hashes a value. Nothing more. However it could make the basis for a password related system.

Thanks, Alistair. I'm not quite sure what to do with it yet, but it gives me a reason to learn more about user authentication.

Basically, a passport field would create a hash value that you can store in the database. If a user enters his password to log in, a similar function would be necessary to use the password as input to create the same hash value. E.g. if the user enters a wrong password, the two hash values are different and the user can't log in. If it is the same value and the hash function works correctly, entering the same password will result in the same hash value and the user can log in. There is no way to recover the password from a hash value, that's why it is safe to store them in a database and the actual password isn't stored usually.