admin authentication best practice

bloomoon

hello

i am designing a simple website where members can log in to view information. i also want to develop a system whereby when a user logs in, if they are an admin they can perform extra functions such as editing and deletion of data.

what is the best way to do this. is it to create an extra page just for admins and do a test at beginning of page e.g.
if $user == admin then ok else redirect page

this is a small very simple site. any advice very appreciated please

mmilano

you probably want to make a table with a username / password in it. then another field called 'is_admin' or something.

you can make the value of is_admin 0 or 1.

then, when a user logs in, .. just test if they are admin before you print the extra controls.

<?
if($is_admin)
{
  echo "<a href=#>secret link</a>";
}
?>

now if you are asking how to make a login, that is a different subject entirely.

you may want to use sessions to hold everyone's login information.

i actually wrote a tutorial on this here: http://codenewbie.com/tutorials/1131.html

good luck

bloomoon

thanks. i do want to make a login authentication system as well and that is just what i am trying. i will read your tutorial many thanks

laserlight

One way of doing it would be to have 2 tables:

Table: users
user_id INT NOT NULL AUTO_INCREMENT PRIMARY KEY
level_id INT NOT NULL
username VARCHAR(40)
password VARCHAR(40)

Table: userlevels
level_id INT NOT NULL AUTO_INCREMENT PRIMARY KEY
levelname VARCHAR(40)
root TINYINT NOT NULL
permission1 TINYINT NOT NULL
permission2 TINYINT NOT NULL
permission3 TINYINT NOT NULL

The idea is that you would lookup the user's level, and check for the permissions.
For example, 0 could mean no access for that page, 1 could mean read access, 2 read and write access.
If the user's userlevel has root, then he/she can access everything.