Andy B mailto:[EMAIL PROTECTED]
on Wednesday, March 24, 2004 3:27 PM said:
questions...hmmm... cant think of any questions at the minute but i
do have some physical standards of a login system that im looking for:
alright let's see...
1. as normal it needs to carry the session from private section to
public section and back again if user is already logged in
done automatically if the site uses the same domain (iirc). in other
words, going from http to https (i assume this is what you mean by
public and private) does not present any problems under normal
circumstances.
2. it needs various access levels i.e. system admin/full
access/module admin and so on
after the user authenticates store the users access level in a session
variable. at each point where the users access level comes into play
perform a test on this value.
?php
$_SESSION['al'] = AL_PLUS_USER;
?
i suggest you use constants to define your access levels.
?php
// AL stands for Access Level
define(AL_USER, 1);
define(AL_PLUS_USER, 2);
define(AL_ADMIN, 3);
...
?
then you can do the following in your secure pages:
?php
include al_constants.php;
if($_SESSION['al'] = AL_PLUS_USER)
{
// let them in
}
else
{
// keep them out
}
?
3. it needs to be modular in the sense that it needs to be able to
accept modules to it i.e. a guestbook admin section/news admin
section/events admin section and so on
hmm.. as long as you use the same scheme/naming convention throughout
each module you should be fine.
4. system admins (basic system admins) have the lowest login access
possible i.e. they have admin access to the admin sections of the
modules and say site admin/owners have access to user database/change
user id's/pwd/add user/delete user and stuff
this is up to you and will be defined with the al_constants.php file.
you can of course call it whatever you want.
5. all users have a way to change their password or user info...
in this case don't put a restriction on the password changing
page/function.
if you want i can setup a spec outline for it and post it...
feel free.
hth,
chris.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php