Folk,
I'm curious if anyone has any advice on setting up multi-level password access?
The site is being developed on Win2K/IIS 5.x, but will be published on a Linux server, which phpinfo() reports as: Linux {domain name} 2.4.20-28.8HEsmp #1 SMP Thu Jun 17 16:21:50 BST 2004 i686.
I would highly recommend that you test on at least one "Linux" server with your code before you publish it. Most of the time in PHP you get exactly what you expect from one OS to the next, but there are a few cases where some features just don't work the same.
What I'm wondering about is what approach would allow reasonable security, but require the least amount of adjustment between the two disparate servers?
The general scenario is as follows. *Five levels of membership, 0-4; *member ID, password (MD5 hash), & access level stored in MySQL v3.23.x; *script validates member password, looks up access level.
Probably the access level - not the password - would be stored in a Session variable and checked by each succeeding script for appropriate authorization.
Agreed... storing the access level is a sane way to do this. Storing the password in plain text *anywhere* is not a good idea.
As an example, for levels 0-x, 0 would disallow chat, 1 would allow joining a public chat, 2 would allow creation of a public chat room, 3 would allow joining a private chat, 4 would allow creation of a private chat room.
Since the access level is determined by the member ID and password, what's the least effort method to set up password access(es)? I.E., what password validation method would allow for the least amount of script modification between the two platforms?
The way you are doing it sounds fine to me.
-- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
