User authentication woes...

satch

I have a problem that goes like this... I need to create an interface that allows an admin user to add/remove users, and give each user certain viewing rights.. (ie: user can only access the pages I say they can).. all pages must be hidden from non users (.htaccess).. I have looked for something similar to what I need in all of the script sites and was not able find it.. before I jump into it.. I thought I would ask if any of you have any advice on how to tackle this.. I have completed other php applications, but nothing of this sort... any pointers?

cordex

I've found that managing a database driven permissions file is FAR simpler then playing around with .htaccess in any dynamic sense. Much safer too.

You'd have to include the permission check in every script, though - that would be the only downside.

-Ben

Anon

Hi All,

I like to add a field in the user authentication table id'ing some level of access (i.e. admin, guest) I place this in a session variable and check for both a sessionID and the level of access in the pages similiar to Ben's method. To make this even more secure you could encrypt the level in the Dd by concatenting it with a secret string.

One other option is separate out the admin files from the main files by placing them in a separate folder and limit the access to the folder.

hth
Bastien

Anon

Have a look at ezpublish at http://en.ez.no