SitePoint Sponsor |
|
User Tag List
Results 1 to 4 of 4
-
Sep 15, 2003, 07:20 #1
- Join Date
- May 2002
- Location
- MI
- Posts
- 906
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
question on login permission methods
I have a login system that grants users permissions in a second tied table with two fields (userName and permLevel). Of course this leads to multiple records per user for each permission they have...for instance
rharding: has the following
ResearchAdmin, PsychAppReview, PsychEvalUser
Now my question is the "best practice" for managing this. I have two ways I guess. First is to create an array of permission levels the user has when they log in (stored in session var) that I then check on each page using a simple in_array() for whatever I am looking for. The second option is to only store the username in the session and on each page perform a query for the permissions level.
Now I am working in a small enough environment that performing an extra query on each page is not going to be a big deal. I am just more curious from a "best" practice perspective which method is considered the better way to handle this? Would the extra queries generated be worthwhile in any security sense?
Thanks for the input. I appreciate you all taking the time to take a look at this.mitechie.com
"Techies just think a little differently
...at least that is what they keep telling me."
-
Sep 15, 2003, 07:38 #2
- Join Date
- Jan 2003
- Location
- Munich, Germany
- Posts
- 1,391
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
I don't know whether it's the best way, but I've stored it in the session variable and depending on the module where access should be permittet it is checked, whether a login is required and if so whether the permission level is high enough.
We are the Borg. Resistance is futile. Prepare to be assimilated.
I'm Pentium of Borg.Division is futile.Prepare to be approximated.
-
Jan 12, 2005, 17:29 #3
- Join Date
- Jan 2005
- Location
- montreal
- Posts
- 33
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Semi-Dynamic Pages
I have purchased a book Kevin Y. DB Driven Website.
At the begining everything was clear,
but chapter 10 is writen too hurriedly !!!
It is no STEP-BY-STEP way :-(
Jast a litle explanation... :-(
For example when i try generateindex.php I get the message:
Warning: fopen(tempindex.html) [function.fopen]: failed to open stream: Permission denied in c:\Inetpub\wwwroot\Jokes\chapter10\TMP2t9awa88ad.php on line 48
Unable to open temporary file (tempindex.html) for writing. Static page update aborted!
I checked permission for folder chapter10 - everything is permited.
I dont know what to do :-(((
Please help me !
Thanks
-Vadim
-
Jan 13, 2005, 03:04 #4
- Join Date
- Jan 2002
- Location
- Australia
- Posts
- 2,634
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Well it's probably not applicable much in your situation, but if you wanted to revoke someone from having access to a particular item, and you were using sessions they would continue to have access until they left the site and their session died.
If you're getting the permission info from a query on every page (with an included file of course) they will loose access immediately.
Personally I have a script (secure.php) which I include at the top of all my relevant pages that generates all the relevant authentication info.
Bookmarks