PHP login system help needed
Question
I am new to PHP and I don't have much experience in PHP.I am trying to develop a login system based on a layered structure.I thought about various methods to implement that system but I think it's better to get some ideas from experienced programmers like you.I have explained my requirement idea below.
I need to make 3 different login layers with different powers.Eg.Member, Staff, Admin.Here the admin should have almost all the privileges over the system and the member should have some, and staff need to have some more.Could you please give me some ideas to implement my system.mmm it's alright it to be complex, I need it to be secured.
Should I have to use different function files for different users or can use a same file set with different privileges.
Thank you.
3 answers
solution1
2 ACCPTED 2011-06-15 05:42:47
In general terms, what you need to do is first determine the role of the user when they log in. Generally this is done by looking the user up in a database.
Then, stash their role in a session: php sessions
Afterward, when you're going to display some option that only Admins should have (for example) check in the session to make sure that they have the required role. You should check the role again when actually performing the action, to prevent an attacker from executing commands they shouldn't be able to by forging a request.
Also, this should all be done over SSL connections (HTTPS) to help prevent an attacker from hijacking another user's session by inspecting an Admin's request headers and building their own request using that session ID.
(I'm also a bit of a PHP beginner, but that should cover most of the general stuff for implementing a secure role-based auth system. Hope it helps.)
solution2
1 2011-06-15 05:30:29
It is not necessary to have different function files for different users. Have a table which has details about who is a staff, member and admin. And when displaying a page, just have a check on the privilege for each item before displaying it and during execution of each function also check if the user has necessary privileges to execute the function.
solution3
1 2011-06-15 05:43:26
class level
{
const UNCLASSIFIED = 1;
const CONTROLLED = 2;
const RESTRICTED = 4;
const SENSITIVE = 8;
const CONFIDENTIAL = 16;
const SECRET = 32;
const TOPSECRET = 64;
const CODEWORD = 128;
const MEMBER = 63; // Everything up to SECRET.
const STAFF = 127; // Everything up to TOPSECRET.
const ADMIN = 255; // Everything.
private $level = NULL;
public function __get($property) { return $this->$property; }
public function __set($property, $value) { return $this->$property = $value; }
}
Using bit wise operations, you can set the predefined levels for some people where their access situation is common. Whereas when you have someone who needs access to one type of information, but not another, you can setup their account with just the access level they need.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.