1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 8:14 pm May 1, 2026

Forum Moderators: coopster

Message Too Old, No Replies

sessions, user tracking, security

please advise

         

avenue

11:44 pm on Jul 25, 2005 (gmt 0)

10+ Year Member



I am attempting to build a secure login system. Upon successful login each user (4 user levels) will be directed to the specific area of the site. I have built most of the forms/features these users will be working with. The information on this site is sensitive, so I have been researching MD5 encryption, sessions, and cookies. I will need to track user actions throughout the site. Basically when user add/modify/update information in the database, I want to know who did it and when they did it. I am hoping this can be accomplished using sessions with php and mysql. The system should also keep record of every time a person logs in. I have downloaded scripts, searched the web, php.net and can’t seem to understand the correct and most secure way to make this happen. Please advise me on the proper way to accomplish this, or direct me to a solid tutorial.

more info for thought..

there will be 2 users at admin level. 10 users at employee level. 300 users at group manager level. and thousands of users at group members level.

I have created 3 tables. One for the admin and employee users (most cruical for security). Not sure if this is the best way....1 table for the group managers and 1 for the group members.

Thanks in advance for all your help..

ergophobe

5:34 pm on Jul 27, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



There's a lot there in your question.

1. Tracking who makes changes. In one database, I use four fields for each record

- created by
- created date
- last modified by
- last modified date

This is fine for my needs b/c I don't need actual verisoning. If you want to know the revision history, then you would need to use a related table that would track all revisions and possible connect it up with some sort of diff or versioning system. So what are your needs there?

2. Access levels. How granular? Do you want to assign access to individual pages, or more broadly. If you want real control, look for something called GACL or "Generic Access Control Lists" (if you use those terms as a google search, you'll get links to a sourceforge project, a wikipedia article and some other useful resources).

If you don't want anything that complicated, assign privileges based on a set of constants that correlate to integer user-levels in your "User" table.

define('SUPERADMIN', 1);

There's no limit to the aliases you can use.

define ('EDIT_PRIVS', SUPERADMIN);

That way, you can change edit privs just be reassigning the constant. This only works if the privileges are strictly hierarchical. If you want to get a bit more complex, but not so complicated as GACL, you could use arrays.

$edit_privs = array(SUPERADMIN, ADMIN, EDITOR, AUTHOR);

Something like that.

Are we getting anywhere?

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 8:14 pm May 1, 2026