Alain Roger wrote:
IN fact, i would like to have 2 profiles.
1 as common user :
everybody should use this profile, to browse website and execute common
queries.
1 as poweruser :
this profile will require a logon in some ssl webpage. it is use to
update/administrate database.
for sure, people with poweruser profile should log-in, so they will type
login and their password.
however, the users profile do not have any reason to type login and
password, they should only browse the website.
their login and password will be only use to execute stored
procedures/queries.
that's why i would like to find a way how to secure it enough but login
and password should come from somewhere.
the application : a simple MySQL-PHP website for cosmetics services. (so
prices, info, appointment reservation,..)
I'd do it like this..
A non-logged-in user should only be doing searching, browsing
categories, possibly adding to a shopping cart (if it exists).
A logged-in user can make appointments.
A super-user can change prices, make new categories and so on (in your
admin area).
Store details in the db & session - or for a shopping cart, in a cookie
so they can come back later and complete a purchase.
On 4/3/06, *Chris* <dmagick@xxxxxxxxx <mailto:dmagick@xxxxxxxxx>> wrote:
Alain Roger wrote:
> Hi,
>
> I would like to use a secure way how my user is authenticated.
> For that i was thinking to use session and register his login and
password
> as session variable. Like that, when he will need to execute a
query he will
> not have to type again everything but application will do it alone.
>
> What do you think about that ?
>
> Moreover, it should exist a default user with which, everybody
will be able
> to execute some basic queries.
>
> i was thinking to store this login and password in hardcoding in
some text
> file that will be used at the first web page (some file that i
will include
> in my PHP code).... after everything will be managed by PHP
sessions and
> variables.
>
> i know that hardcoding is not the best secured solution, but
really default
> user should not enter his login and password. So how can i do that ?
What exactly is your application doing? We can't really give much
advice
if we don't know what it's for.
--
Postgresql & php tutorials
http://www.designmagick.com/
--
Postgresql & php tutorials
http://www.designmagick.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
