SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    Can we go to a 48 hour day?
    Join Date
    May 2002
    Location
    MI
    Posts
    906
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    question on login permission methods

    I have a login system that grants users permissions in a second tied table with two fields (userName and permLevel). Of course this leads to multiple records per user for each permission they have...for instance

    rharding: has the following
    ResearchAdmin, PsychAppReview, PsychEvalUser

    Now my question is the "best practice" for managing this. I have two ways I guess. First is to create an array of permission levels the user has when they log in (stored in session var) that I then check on each page using a simple in_array() for whatever I am looking for. The second option is to only store the username in the session and on each page perform a query for the permissions level.

    Now I am working in a small enough environment that performing an extra query on each page is not going to be a big deal. I am just more curious from a "best" practice perspective which method is considered the better way to handle this? Would the extra queries generated be worthwhile in any security sense?

    Thanks for the input. I appreciate you all taking the time to take a look at this.
    mitechie.com
    "Techies just think a little differently
    ...at least that is what they keep telling me."

  2. #2
    does not play well with others frezno's Avatar
    Join Date
    Jan 2003
    Location
    Munich, Germany
    Posts
    1,391
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I don't know whether it's the best way, but I've stored it in the session variable and depending on the module where access should be permittet it is checked, whether a login is required and if so whether the permission level is high enough.
    We are the Borg. Resistance is futile. Prepare to be assimilated.
    I'm Pentium of Borg.Division is futile.Prepare to be approximated.

  3. #3
    SitePoint Enthusiast
    Join Date
    Jan 2005
    Location
    montreal
    Posts
    33
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Semi-Dynamic Pages

    I have purchased a book Kevin Y. DB Driven Website.
    At the begining everything was clear,
    but chapter 10 is writen too hurriedly !!!
    It is no STEP-BY-STEP way :-(
    Jast a litle explanation... :-(

    For example when i try generateindex.php I get the message:
    Warning: fopen(tempindex.html) [function.fopen]: failed to open stream: Permission denied in c:\Inetpub\wwwroot\Jokes\chapter10\TMP2t9awa88ad.php on line 48

    Unable to open temporary file (tempindex.html) for writing. Static page update aborted!

    I checked permission for folder chapter10 - everything is permited.

    I dont know what to do :-(((

    Please help me !
    Thanks
    -Vadim

  4. #4
    SitePoint Wizard cranial-bore's Avatar
    Join Date
    Jan 2002
    Location
    Australia
    Posts
    2,634
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well it's probably not applicable much in your situation, but if you wanted to revoke someone from having access to a particular item, and you were using sessions they would continue to have access until they left the site and their session died.

    If you're getting the permission info from a query on every page (with an included file of course) they will loose access immediately.

    Personally I have a script (secure.php) which I include at the top of all my relevant pages that generates all the relevant authentication info.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •