Solved

Secure Login System

Posted on 2006-11-03
5
188 Views
Last Modified: 2006-12-05
Hi,

I wish to create a login system.

I have no requirement for membership system, as the people able to access this will be small in number and I will input their names straight into the database.

I need to have access levels associate with each person, these levels will dictate which webpage the user is directed to (I need a mechanism that will stop a user from just typing out the URL in order to access these).

I need someway of storing who is logged on.

So if person01 added something to a database I could somehow add ‘person01’ to the database so I maintain traceability as to who is doing what.

Lastly it has to be very, very secure.

Any advise, guidance or tutorials much appreciated.
0
Comment
Question by:andyw27
5 Comments
 
LVL 14

Accepted Solution

by:
Aamir Saeed earned 168 total points
Comment Utility
1; You will create a table in DB like tbl_users and you will store information about all the users who will use the site.
id          name                 username              password             levels          status
1          abc                       abc                          123                   1                 1
2          xyz                        xyz                          123                   2                 0

and so on. Then you will check on each page that who is authorised for which page to visit. I mean if the user is not logged in or he is trying to directly enter the URL, he will be redirected to somewhere else like home page or so.

2; You have stored information about all users. so if a user comes and gets logged in, set his flag in DB 1 and if he gets logged out set his status 0, so this way you will be able to know who is online.

3; you can create a table like tbl_actions, if a user makes any change then you can store the information about that in this table

id               user_id               action                                           date
1                  2                      updation somewher                     11/03/2006

hope this helps,
0
 
LVL 17

Assisted Solution

by:HuyBD
HuyBD earned 166 total points
Comment Utility
In the log_action table, you should add IP access

id               user_id               action                date                IPAccess
1                  2                      1                     11/03/2006       10.0.0.1

the action value should be an enum that was defined before
0
 
LVL 16

Assisted Solution

by:ellandrd
ellandrd earned 166 total points
Comment Utility
lol - i have create a login system just like a few years ago.

you can download it here:

http://www.myjavaserver.com/~seandelaney/loginSystemByEllandrd.zip

just change the values in the "constants.php" under includes folder to your mysql server details.  if you dont have mysql, i can recode the complete system to use either ODBC (MS Access) or MSSQL (Microsoft SQL Server)

Ellandrd
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now