Plugin admin page for role administration, etc.

[joshp23]

In reference to @nicwaller's issue nicwaller#10, there should/could be an admin page to manage users/roles. Some work has been done on this here 1977912

[clmcavaney]

This would be handy to provide simpler management of user roles without having to edit the user/config.php file for each users role.
I would like to contribute to a solution here, but not 100% sure where to start. From what Nic (@nicwaller) first explored it looks like a form to display the current roles. Just not sure where the roles would be stored. It looks like updates might be ephemeral and not committed to a database.

Is anybody else keen?

[joshp23]

I would start with moving users to the database, hashing passwords with password_hash(), and verifying users with something like

// intercept the login process
yourls_add_filter( 'is_valid_user', 'amp_is_valid_user' );
// returns true/false
function amp_is_valid_user( $value ) {
    $user = $_REQUEST['username'];
    if ( check_DB_for_user( $user ) == true ) {
        $pass = $_REQUEST['password'];
        $hash = get_user_hashed_pass_from_DB( $user );
        $value = password_verify( $pass , $hash );
    }
    return $value;
}

Making sure to extend this to address API calls, etc.

This would of course require the creation of a new user table, where roles are assigned. This would also invite a reconsideration of how the concept of ownership is currently managed in relation to URLs.

Then I would add or expand on Nick's simple admin page to deal with role assignment, etc.

[denics]

related to #44