Re: [PHP] RE: [PHP-DB] Login System with access levels

Fri, 16 Mar 2001 12:12:03 -0800 

Just a note...you can hash the password in the database.....

Rick Emery wrote:

> First, I would NOT store passwords in a database.  Rather, I'd store a hash
> based upon the password and username.  Storing a password is dangerous as
> regards security.
>
> Second, if you're asking for syntax on how to add the security level column:
>   ALTER TABLE mytable ADD access tinyint unsigned not null default "0";
>
> This will allow you to assigned security levels from 0 to 255.  You would
> set 0 as the lowest level and 255 (admin) as the highest.
>
> While you're at it, add the has security hash entry (discussed above):
>   ALTER TABLE mytable ADD md5hash char(32) not null default "";
>
> Hashes are always 32 characters.
>
> Finally, as far as a query:
>   SELECT * FROM mytable WHERE access <= $level;
>
> This will permit the searcher to locate anything whereby the level is at
> $level or lower.
> -----Original Message-----
> From: Jordan Elver [mailto:[EMAIL PROTECTED]]
> Sent: Friday, March 16, 2001 1:28 PM
> To: PHP General Mailing List; PHP DB Mailing List
> Subject: [PHP-DB] Login System with access levels
>
> Hi,
> I've got a db with a username and password in it. I can let people log in,
> like SELECT * FROM table WHERE username = username AND password = password.
>
> But how can I add an access level column so that I can have different levels
>
> of security. So admin's can read everything, but users can only read certain
>
> sections.
>
> How could I add to my db and structure a query?
>
> Any ideas would be good,
>
> Cheers,
>
> Jord
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]

--
___________________________________________________________
Jack Sasportas
Innovative Internet Solutions
Phone 305.665.2500
Fax 305.665.2551
www.innovativeinternet.com
www.web56.net



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to