0

Hi,
I am stuck with a problem being un-solved.
Basically i want a solution in which when a User signup , he to be asked a secret Code which is only known by the CS WING staff.
If the user signup as other then CS WING staff section member (options in Combo Box), the user simply signup without any top secret code. Keeping in view the point that every user will have a password field which he will be using at the time of login.

what i want is a unique identification for a CS WING staff . I have attached figures for clearification.

Attachments 1.gif 4.55 KB 2.jpg 11.21 KB 3.gif 5.73 KB 4.jpg 33.57 KB
3
Contributors
4
Replies
5
Views
5 Years
Discussion Span
Last Post by chrishea
0

So why is this unsolved? There are a number of different ways that this can be done.
The way you are proposing gives all of your admin staff the same code so this makes it less secure than other possible approaches. If you want to take this approach anyway, you could just have a second password field that would only be used by the Admin staff.

A more common and secure approach would be to have a record for each user in a file or a database and each one would have a group identifier. You could have three tiers of groups: a master id, Admin ID's and everyone else. Only the Master ID would be allowed to establish Admin ID's. Admin staff would sign in as normal but their higher level of access would be allowed based on belonging to the group. If an Admin person leaves the job, you just remove them from the group. In your suggested approach, if an Admin person leaves, you would have to change your "secret code" for all of the Admin people.

0

@chrishea:
ya u are rite as said in the 2nd para,
can u give me a link or some tutorial link of it or any sort of fuly briefed example .
it would be easy for me !
thanks ,

0

during registration, generate unique code and ask them to change it during first login.
Then you will need ajax to change form structure on fly depending on combobox choice and. Then in PHP code you have a field like isTopSecret wich you set true if the man logged with sec code or false if he didn't. Then use that and may be other info if applicable to make restrictions of resources. I'm on limited resource so cannot view image.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.