Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.
I need to create a secure login to my system.I have done it using a time slot & now i want to do that using a date range.
let me explain more..
Assume i have two users.
manager & technician.
Manager can access the system in any week day & technician can log in to the system only a in sunday.
I have an idea to save login dates in the database table.But i have no idea to do that.
can anyone please give me an idea to fulfill that?
hope everyone can understand the question...
I have three tables user, group and group_policy to do what i want to do. i define my restrictions in group_policy and then assign it to a group. i then assign the group to the user. so when a user log in, i immediately identify what group the user belongs and then load the group_policy in a session variable. off-course you need to take precautions for session hijacking that's another matter.
any ways, this may not be the solution for you as i do not know your database structure. if you can give more info on your database schema, the community may be able to help you.
User name,user password,logintime,logouttime,user level....these are the fields of my user table.now I'm checking the login & logout time when a particular user is logging.now i need to check the date.if it is Monday,manager can login.But technician cant log in.technician can log to the system only in Sunday.
can u help me with that.....
i use mvc pattern and when i created my restriction policy i did not deal with time, my restriction was modules.
creating restriction with time can get messy because there can be so many variations of it.
to solve your problem in the most basic way, i would create a look up table, let say user_has_time_restriction and have the following column id(int), user_level and time_restiction(varchar). you would put monday, tuesday.... in time_restriction column. look up the user_level in user_has_time_restriction and store the time_restriction in session and then do what ever you want with it
you can be very clever by storing patterns just like you have with php date function...or better example cal(endar) command on linux.
for the day of the week fields, input 0 for not-allowed, and 1 for allowed. Query the table with that user to find out if today's day matches what is allowed in the table for that day. Then proceed with the login or return failed.