Solved

Secure Login System

Posted on 2006-11-03
5
194 Views
Last Modified: 2006-12-05
Hi,

I wish to create a login system.

I have no requirement for membership system, as the people able to access this will be small in number and I will input their names straight into the database.

I need to have access levels associate with each person, these levels will dictate which webpage the user is directed to (I need a mechanism that will stop a user from just typing out the URL in order to access these).

I need someway of storing who is logged on.

So if person01 added something to a database I could somehow add ‘person01’ to the database so I maintain traceability as to who is doing what.

Lastly it has to be very, very secure.

Any advise, guidance or tutorials much appreciated.
0
Comment
Question by:andyw27
5 Comments
 
LVL 14

Accepted Solution

by:
Aamir Saeed earned 168 total points
ID: 17867276
1; You will create a table in DB like tbl_users and you will store information about all the users who will use the site.
id          name                 username              password             levels          status
1          abc                       abc                          123                   1                 1
2          xyz                        xyz                          123                   2                 0

and so on. Then you will check on each page that who is authorised for which page to visit. I mean if the user is not logged in or he is trying to directly enter the URL, he will be redirected to somewhere else like home page or so.

2; You have stored information about all users. so if a user comes and gets logged in, set his flag in DB 1 and if he gets logged out set his status 0, so this way you will be able to know who is online.

3; you can create a table like tbl_actions, if a user makes any change then you can store the information about that in this table

id               user_id               action                                           date
1                  2                      updation somewher                     11/03/2006

hope this helps,
0
 
LVL 17

Assisted Solution

by:HuyBD
HuyBD earned 166 total points
ID: 17872998
In the log_action table, you should add IP access

id               user_id               action                date                IPAccess
1                  2                      1                     11/03/2006       10.0.0.1

the action value should be an enum that was defined before
0
 
LVL 16

Assisted Solution

by:ellandrd
ellandrd earned 166 total points
ID: 17875994
lol - i have create a login system just like a few years ago.

you can download it here:

http://www.myjavaserver.com/~seandelaney/loginSystemByEllandrd.zip

just change the values in the "constants.php" under includes folder to your mysql server details.  if you dont have mysql, i can recode the complete system to use either ODBC (MS Access) or MSSQL (Microsoft SQL Server)

Ellandrd
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Generating table dynamically is the most common issue faced by php developers.... So it seems there is a need of an article that explains the basic concept of generating tables dynamically. It just requires a basic knowledge of html and little maths…
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question