Hello all, I am creating a web based interface to a large database that includes personal information.
In the past I have used php session control to authenticate members but now due to the personal information, I am wondering if I should make things more secure. Members will come and go and an administrator will have to approve new members and delete members from time to time. I am considering getting php to manages a .htaccess file so that the security of Apache basic auth is added as a layer around php. The problem is that different users will have access to a different range of information which will overlap in places. I am not really concerned that one member may attempt to hack privileges, it is more about the general public. Is there a way to find out the current users basic auth user name? If there is then I can simply use php to determine access privileges by the basic auth user name and have the best of both worlds so to speak. I know there are POSIX commands that relate to file access but what is there in php that will tell me a users basic auth username? Thanks,
