PHP Classes

User Groups

Recommend this page to a friend!

      Access user Class  >  All threads  >  User Groups  >  (Un) Subscribe thread alerts  
Subject:User Groups
Summary:Adding group to user levels
Messages:3
Author:Dennis T Kaplan
Date:2005-12-04 06:42:21
Update:2005-12-04 09:58:15
 

  1. User Groups   Reply   Report abuse  
Picture of Dennis T Kaplan Dennis T Kaplan - 2005-12-04 06:42:21

I would love to exchange my home made authication system with yours but I need a future added if possible.
Yes I could just add it my self but I would love to stay compadable with yours for future updates, plus your progamming looks much better then mine. HaHa

Here is my situation, I have several websites which don't have anything to do with each other on different subdomain's but I maintain one user db.

Each subdomain has his own registration page where I set the group level for the user on a hidden field.

The login is the same script for all pages. It determents the users default group then redirects him/her to the right subdomain in case he/she logs in from the main domain.


Here is the code I use to make sure that the session is good on all domains:
if (!session_id()){
session_start();
setcookie("PHPSESSID", session_id(), 0, "/", ".mydomain.com");
}

Even better would be a solution which would be good over any domain name but i haven't found something like that.

========
The only security update I could suggest is to md5 with JavaScript so that the password doesn't ever get send over the net.

Thank you for the script

Dennis

  2. Re: User Groups   Reply   Report abuse  
Picture of Olaf Lederer Olaf Lederer - 2005-12-04 07:57:24 - In reply to message 1 from Dennis T Kaplan
Hello Dennis,

I think what you're trying is diff. from mine.

While you're working more client side with cookies my system is powered completly with sessions.

About the future of the class.
The current version will only be updated for bugs and very important features. The system will not changed in the stucture anymore.

I'm wrote a total new version based on the old one. This new class will be released with total new features (maybe I will also rewrite the class in php5).

This release will be available in sec. quarter of 2006 (I hope so).

In this new version the password is send in a md5(md5($pw))situation over the net (only the mails). I think its maybe an good idea to encode the password before sending an login request but what about the function suggestion in this thread?
phpclasses.org/discuss/package/1906 ...

I you want to use my class in your situation then you have to use some serialize function together with a redirection. On the new domein have to be build a new session. If you need help writing this function send me an mail.

regards Olaf

  3. Re: User Groups   Reply   Report abuse  
Picture of matthijs matthijs - 2005-12-04 09:58:15 - In reply to message 2 from Olaf Lederer
Hi Olaf,
Your idea for the new version looks promising. Also, the concept of not sending passwords in plain text is very good. However, you say:
"In this new version the password is send in a md5(md5($pw))situation".
From what I know, md5 hashing an md5 hash is less secure then using md5 once.
(see f.e. a thread here: http://forums.devnetwork.net/viewtopic.php?t=37210&postdays=0&postorder=asc&start=15)
On the same site an excellent explanation is written about using a challenge-response class using sha256, the hash which is a lot more secure then md5: http://forums.devnetwork.net/viewtopic.php?t=38810
Maybe you could get some ideas from it, or even use the challenge-response class from the link above or build something yourself around the sha256 class written by Feyd, the site admin of devnetwork (http://forums.devnetwork.net/viewtopic.php?t=32334&highlight=feyd+sha256).
regards,
Matthijs