[thelist] Multi level Password Protection Help!

Johnson, Christopher (MTO) Christopher.Johnson at mto.gov.on.ca
Thu Jul 8 15:29:50 CDT 2004


Hello,

Probably the only way that you are going to be able to implement something
like this is using a database and a scripting language that allows you to
track user sessions. As for the login part, you need to set up three
database tables:

1: 1 to track the users and their passwords
2: A table to track groups or access levels available
3: a table that ties a user to the groups that they belong to

User
+--------+----------+----------+
| userID | UserName | Password |
+--------+----------+----------+

Groups
+---------+-------------+
| groupID | description |
+---------+-------------+

User_Group
+--------+---------+
| userID | groupID |
+--------+---------+

When a user logs in, you verify the username and password against the User
table. If they are a user, you then grab the groups that they belong to from
the User_Group table and store them in a session variable.

That is the easy part. The hard part is protecting the content. The easiest
way of doing this may be to section each group of content off to a
particular page. At the top of the page, you need to assign the page to a
particular group as well. Then when a user tries to access that page, you
check to see if the user belongs to the same group as the page. If so, the
user is granted access, if not, they get an error page.

This is a very simplistic explanation of what you are describing. The
important thing is that you have decouple the password from the group that
the user belongs to. This way, you can add the user to a new group without
affecting the user in any way. From their viewpoint, they are just allowed
to access more material than before.

As someone has already stated, the best method for doing this is probably to
find someone who has already done it and has the code mostly created. This
is not a solution you can implement quickly.

Hope the above info helps,

chris


-----Original Message-----
From: Audrey Blumeneau


I have a client who wants a password protected site. However, what he wants 
is far more complex (of course). He has four levels of files - partners, 
committed investors, potential investors and potential buyers. He wants all 
of these to be password protected. He wants it set so that if "Bob and 
Jane" call him up and want to be potential investors, he can give them a 
user ID and password that will give them access to certain files. If they 
like what they see and become committed investors, he wants me to make it 
so that their password now allows them to view files that were previously 
not privy to them. It would be seamless to Bob and Jane.

In addition he wants to be able to have a log out and be able to time-out 
of the session.....AND he wants to track each person on where they go on 
the site and how long they stayed there...this is all part of some 
marketing thing and is limited to selected people (this site will not be 
open to the search engines....).



More information about the thelist mailing list