user auth schema

dkode

I am currently in the process of writing a user authentication scheme for my new website at www.full-fx.com.

I have a few simple questions:

What is the best way to do a user auth system?
I was thinking of using sessions to keep the person logged in across multiple pages but I am sure there is certian security issues here.
if not with sessions what is the next best way? make some sort of unique session ID using their e-mail address perhaps as described on phpbuilder.com?

If someone could point me in the right direction to write a good user auth scheme. my scheme will also have 3 different levels of users. each level of users will have different privledges so that is something else as well since i do not want a common user hijacking an admin session. Thanks ahead of time.

phlow

sessions are very good. sure, if someone wants to hack your site, he will finally succeed (if he's really good), but sessions are rather safe. make sure you check out the new features of php 4.1.0 there are some nice updates concerning sessions!

an other safe way is to use http authentification as it is described in the php manual (from www.php.net). but this way is not so commen and far less often used.