Admin screens...

Anon

I am building a website which uses a MySQL forum and a user login/out system.
Now I am about to code the admin section of the site and would like to know how to go about setting up the login part of the admin screens.
I am currently thinking of adding a column to the user db which contains info about the users priviliges i.e. 'admin' or 'user'. When an admin member logs in an extra link is added to the sites nav menu which will take the admin member to the admin screens.
Is this a good way of doing this? Are there any standard ways of setting up an admin login? I would be interested to hear of any other ideas.

Cheers!

Steve.

bismarck

See your going to have more than Admins on your board. Your also going to need moderators. So you need to set several privalages.

Anon

Hi ... I am working on a fairly complex admin section ... Your on the right track ... assign all your admins/moderators/etc a username/password ..

I set it up so each admin page I have will run a function (I called it validateuser) that will simply make sure the user logged in correctly before loading the page (I use the built in session functions to maintain state) --- if they are logged in correctly, then based on their access rights (I have standard access rights with the user table and section specific ones located in an access table) -- I will create the admin page ....

Probably the most important thing to keep in mind is to make sure your validating the user's access rights on any page in the admin section .. else you may run the risk of someone trying to access a internal admin page (maybe a page to delete user acccounts) and trying to pass values via the URL to gain unauthorized access.