How to build a client area with dual level login?

Forum Moderators: phranque

Message Too Old, No Replies

How to build a client area with dual level login?

IP address for privileged clients and username/password for others

wintercornuk

10:43 am on Sep 2, 2009 (gmt 0)

I'm trying to put together a client area which will allow access to certain IP ranges without further authentication but require a username and password from everyone else.

I've tried allowing the IP ranges in .htaccess together with a .htpassword but they seem to conflict.

Has anyone here had any success with something similar?

Thanks

rocknbil

3:51 pm on Sep 2, 2009 (gmt 0)

How can you be sure that the user's IP address will not change? Most ISP's assign IP addresses dynamically. I come to your site, my IP address is recorded; some time later I have to restart my modem, and the ISP assigns a new IP to my modem.

I would do this something like this, in a database table:


rec_id¦user_id¦access_level¦email...........¦pass 
1.....¦123....¦0...........¦this@example.com¦testme 
2.....¦124....¦1...........¦that@example.com¦

On registration, whatever mechanisms you have that assign access levels will set it at 1 or 0. You'd then set a non-expiring cookie for access level 1 users. For access level 0 users, you set an expiring cookie (say, 2 hours) to keep them logged in for the current session.

On return, all users are passed through a validation function. The level 1 users will be validated via the cookie and automatically let in (as you can see, no password is required in the database.) Level 0 users would be directed to a login form, unless their cookie hasn't expired.

wintercornuk

3:58 pm on Sep 2, 2009 (gmt 0)

The IP addresses are all known ranges for libraries, government offices etc. I'll try your suggestion and see what happens. Thanks.