Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Secure Login System

Posted on 2006-11-03
5
Medium Priority
?
200 Views
Last Modified: 2006-12-05
Hi,

I wish to create a login system.

I have no requirement for membership system, as the people able to access this will be small in number and I will input their names straight into the database.

I need to have access levels associate with each person, these levels will dictate which webpage the user is directed to (I need a mechanism that will stop a user from just typing out the URL in order to access these).

I need someway of storing who is logged on.

So if person01 added something to a database I could somehow add ‘person01’ to the database so I maintain traceability as to who is doing what.

Lastly it has to be very, very secure.

Any advise, guidance or tutorials much appreciated.
0
Comment
Question by:andyw27
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 14

Accepted Solution

by:
Aamir Saeed earned 672 total points
ID: 17867276
1; You will create a table in DB like tbl_users and you will store information about all the users who will use the site.
id          name                 username              password             levels          status
1          abc                       abc                          123                   1                 1
2          xyz                        xyz                          123                   2                 0

and so on. Then you will check on each page that who is authorised for which page to visit. I mean if the user is not logged in or he is trying to directly enter the URL, he will be redirected to somewhere else like home page or so.

2; You have stored information about all users. so if a user comes and gets logged in, set his flag in DB 1 and if he gets logged out set his status 0, so this way you will be able to know who is online.

3; you can create a table like tbl_actions, if a user makes any change then you can store the information about that in this table

id               user_id               action                                           date
1                  2                      updation somewher                     11/03/2006

hope this helps,
0
 
LVL 17

Assisted Solution

by:HuyBD
HuyBD earned 664 total points
ID: 17872998
In the log_action table, you should add IP access

id               user_id               action                date                IPAccess
1                  2                      1                     11/03/2006       10.0.0.1

the action value should be an enum that was defined before
0
 
LVL 16

Assisted Solution

by:ellandrd
ellandrd earned 664 total points
ID: 17875994
lol - i have create a login system just like a few years ago.

you can download it here:

http://www.myjavaserver.com/~seandelaney/loginSystemByEllandrd.zip

just change the values in the "constants.php" under includes folder to your mysql server details.  if you dont have mysql, i can recode the complete system to use either ODBC (MS Access) or MSSQL (Microsoft SQL Server)

Ellandrd
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
This article discusses how to create an extensible mechanism for linked drop downs.
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

661 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question