Solved

Secure Login System

Posted on 2006-11-03
5
191 Views
Last Modified: 2006-12-05
Hi,

I wish to create a login system.

I have no requirement for membership system, as the people able to access this will be small in number and I will input their names straight into the database.

I need to have access levels associate with each person, these levels will dictate which webpage the user is directed to (I need a mechanism that will stop a user from just typing out the URL in order to access these).

I need someway of storing who is logged on.

So if person01 added something to a database I could somehow add ‘person01’ to the database so I maintain traceability as to who is doing what.

Lastly it has to be very, very secure.

Any advise, guidance or tutorials much appreciated.
0
Comment
Question by:andyw27
5 Comments
 
LVL 14

Accepted Solution

by:
Aamir Saeed earned 168 total points
ID: 17867276
1; You will create a table in DB like tbl_users and you will store information about all the users who will use the site.
id          name                 username              password             levels          status
1          abc                       abc                          123                   1                 1
2          xyz                        xyz                          123                   2                 0

and so on. Then you will check on each page that who is authorised for which page to visit. I mean if the user is not logged in or he is trying to directly enter the URL, he will be redirected to somewhere else like home page or so.

2; You have stored information about all users. so if a user comes and gets logged in, set his flag in DB 1 and if he gets logged out set his status 0, so this way you will be able to know who is online.

3; you can create a table like tbl_actions, if a user makes any change then you can store the information about that in this table

id               user_id               action                                           date
1                  2                      updation somewher                     11/03/2006

hope this helps,
0
 
LVL 17

Assisted Solution

by:HuyBD
HuyBD earned 166 total points
ID: 17872998
In the log_action table, you should add IP access

id               user_id               action                date                IPAccess
1                  2                      1                     11/03/2006       10.0.0.1

the action value should be an enum that was defined before
0
 
LVL 16

Assisted Solution

by:ellandrd
ellandrd earned 166 total points
ID: 17875994
lol - i have create a login system just like a few years ago.

you can download it here:

http://www.myjavaserver.com/~seandelaney/loginSystemByEllandrd.zip

just change the values in the "constants.php" under includes folder to your mysql server details.  if you dont have mysql, i can recode the complete system to use either ODBC (MS Access) or MSSQL (Microsoft SQL Server)

Ellandrd
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
PHP_POST() error message 9 44
Form not operating correctly. 1 23
is this a cms? 8 35
Testing a string condition in PHP 6 7
Introduction HTML checkboxes provide the perfect way for a web developer to receive client input when the client's options might be none, one or many.  But the PHP code for processing the checkboxes can be confusing at first.  What if a checkbox is…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now