I am going to develop a system, which has two types of users, VISITORs and ADMINs.
First of all, which one is better, having two separate tables, one for VISITORs and another one for ADMINs, or it's better to have just one table, and separate users by a flag?
Second, which one is more better and secure, register a number (an auto number - I mean an auto increment number for primary key) when a user login, or it's better to register their username (a word)? Or maybe you know a wiser solution?
Thanks in advance.

    should check google for authenication systems built in php. will help you a lot.

    but anyways, it's according to what all the user is going to be able to do. if you just want them to be logged in, and not have anything to do, then yeah one table would be cool. if you have more than one action the user can do (view messages, check email, change layouts, etc etc), a better method would have multiple tables. An example multiple table layout would look like this :

    user_table

    user_table_id
    user_id
    is_admin - 1 or 0

    user

    user_id
    firstname
    lastname
    username
    password(password)
    email

    best method to do is use something like md5 to store passwords
    next is to validate all username/password attempts to ensure proper escaping and encoding
    next is to link the tables together to generate a worthy page

    there are other things you can do to make your CMS (which is what i'm assuming you are building) work, and that just takes proper planning to accomplish.

      Write a Reply...