subject:"RE\: \[PHP\] RE\:tutorials for login system..."

RE: [PHP] RE:tutorials for login system...

2004-03-24 Thread Chris W. Parker

Andy B mailto:[EMAIL PROTECTED]
on Wednesday, March 24, 2004 2:20 PM said:

 [snip]
 also, were you looking for code or general guidelines?
 [/snip]
 
 more importantly is the code so i can see how it is physically
 written but both code and guidelines wouldnt hurt at all...

in either case, are there any specific questions you have? it's possible
that there aren't any login system tutorials that meet your requirements
and that's why there haven't been many responses yet. but what do i
know?



chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] RE:tutorials for login system...

2004-03-24 Thread Chris W. Parker

Andy B mailto:[EMAIL PROTECTED]
on Wednesday, March 24, 2004 3:27 PM said:

 questions...hmmm... cant think of any questions at the minute but i
 do have some physical standards of a login system that im looking for:

alright let's see...

 1. as normal it needs to carry the session from private section to
 public section and back again if user is already logged in

done automatically if the site uses the same domain (iirc). in other
words, going from http to https (i assume this is what you mean by
public and private) does not present any problems under normal
circumstances.

 2. it needs various access levels i.e. system admin/full
 access/module admin and so on

after the user authenticates store the users access level in a session
variable. at each point where the users access level comes into play
perform a test on this value.

?php

$_SESSION['al'] = AL_PLUS_USER;

?

i suggest you use constants to define your access levels.

?php

// AL stands for Access Level
define(AL_USER,  1);
define(AL_PLUS_USER, 2);
define(AL_ADMIN, 3);
...
?

then you can do the following in your secure pages:

?php
include al_constants.php;

if($_SESSION['al'] = AL_PLUS_USER)
{
// let them in
}
else
{
// keep them out
}

?

 3. it needs to be modular in the sense that it needs to be able to
 accept modules to it i.e. a guestbook admin section/news admin
 section/events admin section and so on

hmm.. as long as you use the same scheme/naming convention throughout
each module you should be fine.

 4. system admins (basic system admins) have the lowest login access
 possible i.e. they have admin access to the admin sections of the
 modules and say site admin/owners have access to user database/change
 user id's/pwd/add user/delete user and stuff

this is up to you and will be defined with the al_constants.php file.
you can of course call it whatever you want.

 5. all users have a way to change their password or user info...

in this case don't put a restriction on the password changing
page/function.

 if you want i can setup a spec outline for it and post it...

feel free.



hth,
chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] RE:tutorials for login system...

RE: [PHP] RE:tutorials for login system...

2 matches

Site Navigation

Mail list logo

Footer information