 |
 |
 |
 |
|
|
php-general | 2001032
Date: 03/16/01
- Next message: Boget, Chris: "RE: [PHP] include php3 -vs- 4"
- Previous message: Jack Sasportas: "[PHP] include php3 -vs- 4"
- In reply to: Rick Emery: "[PHP] RE: [PHP-DB] Login System with access levels"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Just a note...you can hash the password in the database.....
Rick Emery wrote:
> First, I would NOT store passwords in a database. Rather, I'd store a hash
> based upon the password and username. Storing a password is dangerous as
> regards security.
>
> Second, if you're asking for syntax on how to add the security level column:
> ALTER TABLE mytable ADD access tinyint unsigned not null default "0";
>
> This will allow you to assigned security levels from 0 to 255. You would
> set 0 as the lowest level and 255 (admin) as the highest.
>
> While you're at it, add the has security hash entry (discussed above):
> ALTER TABLE mytable ADD md5hash char(32) not null default "";
>
> Hashes are always 32 characters.
>
> Finally, as far as a query:
> SELECT * FROM mytable WHERE access <= $level;
>
> This will permit the searcher to locate anything whereby the level is at
> $level or lower.
> -----Original Message-----
> From: Jordan Elver [mailto:jord.elver <email protected>]
> Sent: Friday, March 16, 2001 1:28 PM
> To: PHP General Mailing List; PHP DB Mailing List
> Subject: [PHP-DB] Login System with access levels
>
> Hi,
> I've got a db with a username and password in it. I can let people log in,
> like SELECT * FROM table WHERE username = username AND password = password.
>
> But how can I add an access level column so that I can have different levels
>
> of security. So admin's can read everything, but users can only read certain
>
> sections.
>
> How could I add to my db and structure a query?
>
> Any ideas would be good,
>
> Cheers,
>
> Jord
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: php-db-unsubscribe <email protected>
> For additional commands, e-mail: php-db-help <email protected>
> To contact the list administrators, e-mail: php-list-admin <email protected>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: php-general-unsubscribe <email protected>
> For additional commands, e-mail: php-general-help <email protected>
> To contact the list administrators, e-mail: php-list-admin <email protected>
-- ___________________________________________________________ Jack Sasportas Innovative Internet Solutions Phone 305.665.2500 Fax 305.665.2551 www.innovativeinternet.com www.web56.net-- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: php-general-unsubscribe <email protected> For additional commands, e-mail: php-general-help <email protected> To contact the list administrators, e-mail: php-list-admin <email protected>
- Next message: Boget, Chris: "RE: [PHP] include php3 -vs- 4"
- Previous message: Jack Sasportas: "[PHP] include php3 -vs- 4"
- In reply to: Rick Emery: "[PHP] RE: [PHP-DB] Login System with access levels"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
