best way to set up pw-protected area?

Anon

hmm, i've never used this forum before, so we'll see how y'all do. ;-)

our situation is this:
i'm creating an online members directory for a church. naturally, they want it somehow password protected. i'm probably going to use a mySQL database and HTTP authentication. i guess my question is more on the practical side than coding.

how do we even begin to give the church members access? do we announce a universal username and password from which people would create their own? at what point would we disengage this? do we have to assign everyone a username and password? that doesn't seem right.

so i'm just fishing for ideas. got any?

Anon

Generelly you have them create their username and password with a user registration process. No need to have anything established, just let them fill in the blanks.

Anon

Do you want the church members to be able to add themselves to the list, or are you going to manage the member list?

It sounds like you are going to manage the member list in the database anyways. If that is the case, I would probably opt for a database security schema rather than using HTTP auth. If you go with HTTP auth, you will have to manage 2 lists of church members, 1 in the database and 1 in your .htaccess files. This always turns out to be a hassle.

If this is just a name & address type listing, how secure does it need to be? You might want to make a common sign on name/password and distribute it to all your church members. If you are planning more features in the future for this website, I would still go with the database security option.

greg252

I would have to agree with Chris. Just watch the address bar for passing variables that could compromise the security of your site. (just had to deal with this). Got around it by using a count on the database and a conditional with includes to cover the tracks.

Good luck