RE: [PHP] Need login suggestions
From: Ashley M. Kirchner > From: Paul M Foster >> The only reliable way to resolve this is to let the school >> administration to handle it. Each registration would *attempt* to >> register as a student, parent or whatever. Those attempted >> registrations >> would go into a "wait" queue. Meantime, emails would be sent to an >> administrator whose job is would be to "bless" those registrations. >> They >> would check to see if a potential registrant was what they claimed to >> be. You'd give them a page where the queued registration attempts would >> show up. And they would check the proper box for each potential >> registrant. Once done, the registration would be completed, and in the >> proper category. > > Yeah, that would fall on our shoulders. School administration won't do > this. It comes back to the IT Department and we have to "figure it out". > The problem is, while we can "bless" student registrations, we can't always > tell if the next one is a parent or not, or if it's a parent in our > district. > > We do have another system in place, one in which we hand out 2 unique keys > for each student at each school and parents pick those up. Internally those > keys are matched to that student so we know who it is that's registering. > However, that requires a lot of front work to get those keys out. > > For this particular project, we want to make it as painless as possible, but > the more I think about it, the more I'm accepting the impossible nature of > it. It all boils down to a simple risk assessment. Is the administration willing to live with the possibility that students can masquerade as parents and vice versa? And that strangers can masquerade as either? If so, then a simple check box on the registration page will suffice. If not, they will need to establish a manual authentication step as part of the registration process and control that check box themselves. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Need login suggestions
At 8:09 PM -0600 5/2/10, Ashley M. Kirchner wrote: Slightly OT, but I can't think of a better forum to ask this in. I'm sure a lot of us here have at some point or another built a system that requires registration to gain access. What I'm trying to figure is how to set different levels of access. We're building a large site for a school district, to be used by both students and parents. When a student logs in, they gain some access to the site, and when a parent logs in, they gain access to other sections on the site. That's all fine and dandy, it's the actual registration process that I'm having a hard time with. How to determine if a registration is a student or a parent. Do I simply give them a check box (or other method) to pick from (student or parent) and hope they're being honest? Has anyone here have to deal with that in the past, and would you be willing to give me some ideas of what you did? Thanks! Ashley: Excellent question. My advice is to start at the top and work down. Set up an overall top-administrator who determines who is going to be the next level down and so forth. You may have as many levels as you need. The operation is simply one of controlling who has access to what. The top-admin [Level A] should have access to ALL authorizations and can change ALL authorizations. The next level down [Level B] should have access to determine authorizations for Level C access and the top-admin can override such determinations. The next level down [Level C] has access to determine authorizations for level D, but Levels A and B can override. The levels cascade down as demonstrated above. The requirement for the various levels is dependant upon what *you* [Level A] determines beforehand. The *requirements* for any *Level* might be an email address that works (double-opt-in); and/or a teacher ID ; and/or a student ID, and/or a legitimate mailing address; and/or whatever you can verify. The point is to verify all those who have access to any Level in the "protected" scheme. You absolutely do not want to allow anyone access to post anything on your site without first identifying themselves. While all of this can become very confusing, it should be pointed out that this is simply restricting access to certain scripts by personnel authorized by those up the chain of command. The way this can be done is to place an authorization script (i.e., require() ) on those scripts you want access restricted. The authorization script simply checks the database to see if the user/password match for the level of security required before allowing the user to continue with *this* script. The way I do this is in the required auth.php script I use SESSIONs for each level. If the user has provided authorization for Level A anywhere in their current event, then they have access to everything. If the user passes only level C, then the user has access to only those things designated as Level C access. At the start of every script I place the require(auth.php) AND I set a level for *this* script, such as this script is a Level C script (i.e., $level ="C";). That way all users who have a Level A, B, or C clearance can run/access the script. Likewise for higher security scripts, such as Level A -- this script has a $level = "A" requirement and thus Level B and C users can't run the script. Now, some of this organization layout will come out in the wash as you write scripts. Clearly you don't want the general public to have access to Level A scripts and thus you should keep those URL's from them. BUT, you don't need to*hide* the URL's (just in case someone finds out) because even if someone finds the URL, they need clearance to access them. You only need to provide the URL's necessary for whatever clearances the users of the scheme have. I hope this gives you a better idea of how to handle this type of problem. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Need login suggestions
On 05/03/2010 09:56 PM, Ashley Sheridan wrote: On Mon, 2010-05-03 at 00:07 -0600, Ashley M. Kirchner wrote: -Original Message- From: Karl DeSaulniers [mailto:k...@designdrumm.com] Sent: Monday, May 03, 2010 12:03 AM To: PHP Subject: Re: [PHP] Need login suggestions I see, well I have a login that has multiple levels and here is how I have it. Obvious pertinent info has been changed, but you can adopt and add your own. That part I already have and isn't the problem. We're at the 'who is this person registering' stage before I can even determine what level they belong in. :) I just saw an article in a magazine for something that looks to do just what you want. It's a PHP-based access manager called Sumo. I haven't actually used the system myself yet, but the article about it says good things and it looks to be promising. Full URL is http://sumoam.sourceforge.net Thanks, Ash http://www.ashleysheridan.co.uk You could also use Zend_Acl for that if you needed a framework. I personally don't like to use frameworks. -- Nilesh Govindarajan Site & Server Administrator www.itech7.com मेरा भारत महान ! मम भारत: महत्तम भवतु ! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Need login suggestions
On Mon, 2010-05-03 at 00:07 -0600, Ashley M. Kirchner wrote: > > -Original Message- > > From: Karl DeSaulniers [mailto:k...@designdrumm.com] > > Sent: Monday, May 03, 2010 12:03 AM > > To: PHP > > Subject: Re: [PHP] Need login suggestions > > > > I see, well I have a login that has multiple levels and here is how I > > have it. > > Obvious pertinent info has been changed, but you can adopt and add > > your own. > > That part I already have and isn't the problem. We're at the 'who is this > person registering' stage before I can even determine what level they belong > in. :) > > I just saw an article in a magazine for something that looks to do just what you want. It's a PHP-based access manager called Sumo. I haven't actually used the system myself yet, but the article about it says good things and it looks to be promising. Full URL is http://sumoam.sourceforge.net Thanks, Ash http://www.ashleysheridan.co.uk
RE: [PHP] Need login suggestions
> -Original Message- > From: Karl DeSaulniers [mailto:k...@designdrumm.com] > Sent: Monday, May 03, 2010 12:03 AM > To: PHP > Subject: Re: [PHP] Need login suggestions > > I see, well I have a login that has multiple levels and here is how I > have it. > Obvious pertinent info has been changed, but you can adopt and add > your own. That part I already have and isn't the problem. We're at the 'who is this person registering' stage before I can even determine what level they belong in. :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Need login suggestions
I see, well I have a login that has multiple levels and here is how I have it. Obvious pertinent info has been changed, but you can adopt and add your own. a config file with userlevel values EG: $parent = 2; //Parent Level $student = 1; //Student Level $guest = 0;//Guest level A define.php file with things defined EG: include or require the config.php in this file define("PARENT", $parent); define("STUDENT", $student); Then work some functions to check the levels in your sessions php file. That way every page thats pulled up, it checks the login status and the userlevel. EG: include or require the define.php in the session php //Inside the session php function isParent(){ return ($this->userlvl == PARENT); } function isStudent(){ return ($this->userlvl == STUDENT); } $this->userlvl will be the level recorded after registration was completed the first time. You should be checking this and retrieving this at login. Basically setting it as a session variable with it that gets carried through. Eg usage: if($this->isParent()) { //do this } HTH, On May 3, 2010, at 12:43 AM, Karl DeSaulniers wrote: Hi Ashley, I would have your database that is attached to this part of the website, verify with another database that stores all your student and parent info for your school and when they register, you can actually check against a database of students that actually attend the school and the parents of that student on your server not through a login form. I believe there is a way to set up a cron or something like that where the check is made at the server level and no one else can check that way. I am not a professional at php, but I believe I read about this capability somewhere. If someone knows the actual term for this please, interject. Also, I would probably ask how to do that on the PHP-Database list Databases and PHP - choose this one http://www.php.net/mailing-lists.php HTH, On May 2, 2010, at 9:09 PM, Ashley M. Kirchner wrote: Slightly OT, but I can't think of a better forum to ask this in. I'm sure a lot of us here have at some point or another built a system that requires registration to gain access. What I'm trying to figure is how to set different levels of access. We're building a large site for a school district, to be used by both students and parents. When a student logs in, they gain some access to the site, and when a parent logs in, they gain access to other sections on the site. That's all fine and dandy, it's the actual registration process that I'm having a hard time with. How to determine if a registration is a student or a parent. Do I simply give them a check box (or other method) to pick from (student or parent) and hope they're being honest? Has anyone here have to deal with that in the past, and would you be willing to give me some ideas of what you did? Thanks! Karl DeSaulniers Design Drumm http://designdrumm.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Karl DeSaulniers Design Drumm http://designdrumm.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Need login suggestions
> -Original Message- > From: Karl DeSaulniers [mailto:k...@designdrumm.com] > Sent: Sunday, May 02, 2010 11:44 PM > To: PHP > Subject: Re: [PHP] Need login suggestions > > Hi Ashley, > I would have your database that is attached to this part of the > website, > verify with another database that stores all your student and parent > info for your school > and when they register, you can actually check against a database of > students that actually > attend the school and the parents of that student on your server not > through a login form. > I believe there is a way to set up a cron or something like that > where the check is made at > the server level and no one else can check that way. That will only work for a rather small subset of students and parents. Unfortunately not all students in the district are actually in our main database. Those attending charter schools are not, so we can't verify them. And not all parents are actually registered in our main database. Like I mentioned, we don't assume everyone wants "in" on our systems, we let them come to us. So if they don't, we don't have them. (It's amazing how many don't care how their kids are doing in school.) For this project we're working on, we have parents and students who are not in our main DB wanting to be part of it. Manually, we can check who they are and do the verification that way. But, try doing that for several thousands of registrations and it gets old really fast. This is why we've been asked to make it as automated as possible. Can't say I'm happy to work on this but such is life ... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Need login suggestions
Hi Ashley, I would have your database that is attached to this part of the website, verify with another database that stores all your student and parent info for your school and when they register, you can actually check against a database of students that actually attend the school and the parents of that student on your server not through a login form. I believe there is a way to set up a cron or something like that where the check is made at the server level and no one else can check that way. I am not a professional at php, but I believe I read about this capability somewhere. If someone knows the actual term for this please, interject. Also, I would probably ask how to do that on the PHP-Database list Databases and PHP - choose this one http://www.php.net/mailing-lists.php HTH, On May 2, 2010, at 9:09 PM, Ashley M. Kirchner wrote: Slightly OT, but I can't think of a better forum to ask this in. I'm sure a lot of us here have at some point or another built a system that requires registration to gain access. What I'm trying to figure is how to set different levels of access. We're building a large site for a school district, to be used by both students and parents. When a student logs in, they gain some access to the site, and when a parent logs in, they gain access to other sections on the site. That's all fine and dandy, it's the actual registration process that I'm having a hard time with. How to determine if a registration is a student or a parent. Do I simply give them a check box (or other method) to pick from (student or parent) and hope they're being honest? Has anyone here have to deal with that in the past, and would you be willing to give me some ideas of what you did? Thanks! Karl DeSaulniers Design Drumm http://designdrumm.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Need login suggestions
On 05/03/2010 10:33 AM, Ashley M. Kirchner wrote: -Original Message- From: Paul M Foster [mailto:pa...@quillandmouse.com] Sent: Sunday, May 02, 2010 10:53 PM To: php-general@lists.php.net Subject: Re: [PHP] Need login suggestions The only reliable way to resolve this is to let the school administration to handle it. Each registration would *attempt* to register as a student, parent or whatever. Those attempted registrations would go into a "wait" queue. Meantime, emails would be sent to an administrator whose job is would be to "bless" those registrations. They would check to see if a potential registrant was what they claimed to be. You'd give them a page where the queued registration attempts would show up. And they would check the proper box for each potential registrant. Once done, the registration would be completed, and in the proper category. Yeah, that would fall on our shoulders. School administration won't do this. It comes back to the IT Department and we have to "figure it out". The problem is, while we can "bless" student registrations, we can't always tell if the next one is a parent or not, or if it's a parent in our district. We do have another system in place, one in which we hand out 2 unique keys for each student at each school and parents pick those up. Internally those keys are matched to that student so we know who it is that's registering. However, that requires a lot of front work to get those keys out. For this particular project, we want to make it as painless as possible, but the more I think about it, the more I'm accepting the impossible nature of it. Ugh that's what I had suggested, but you turned it into a big fight LOL. -- Nilesh Govindarajan Site & Server Administrator www.itech7.com मेरा भारत महान ! मम भारत: महत्तम भवतु ! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Need login suggestions
> -Original Message- > From: Adam Richardson [mailto:simples...@gmail.com] > Sent: Sunday, May 02, 2010 10:59 PM > To: php-general@lists.php.net > Subject: Re: [PHP] Need login suggestions > > Just be cautious with FERPA guidelines (which can actually get quite > confusing) if you're doing this in the US. For instance, normally a > child's > name is considered "Directory information", or that is, information > that a > school can disseminate without consent. However, this requires that > the > school provided the parents an opportunity to opt-out of such > disclosures. > As a developer of some educational games AND the husband of an > elementary > teacher, I realize FERPA can be quite challenging at times. > > I point this out just in case the process you considered included > presenting > a drop-down of student names or anything like that in the publicly > accessible interface. > > Here's the links just in case you haven't already read-up (that is, if > this > even applies to you): > http://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html Nothing is getting displayed anywhere, especially student information. In fact, this particular interface is detached from our main database for that exact reason. It's being done on an opt-in system too. We don't make the assumption that everyone wants to be included by default. We let them come to us. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Need login suggestions
> -Original Message- > From: Paul M Foster [mailto:pa...@quillandmouse.com] > Sent: Sunday, May 02, 2010 10:53 PM > To: php-general@lists.php.net > Subject: Re: [PHP] Need login suggestions > > The only reliable way to resolve this is to let the school > administration to handle it. Each registration would *attempt* to > register as a student, parent or whatever. Those attempted > registrations > would go into a "wait" queue. Meantime, emails would be sent to an > administrator whose job is would be to "bless" those registrations. > They > would check to see if a potential registrant was what they claimed to > be. You'd give them a page where the queued registration attempts would > show up. And they would check the proper box for each potential > registrant. Once done, the registration would be completed, and in the > proper category. Yeah, that would fall on our shoulders. School administration won't do this. It comes back to the IT Department and we have to "figure it out". The problem is, while we can "bless" student registrations, we can't always tell if the next one is a parent or not, or if it's a parent in our district. We do have another system in place, one in which we hand out 2 unique keys for each student at each school and parents pick those up. Internally those keys are matched to that student so we know who it is that's registering. However, that requires a lot of front work to get those keys out. For this particular project, we want to make it as painless as possible, but the more I think about it, the more I'm accepting the impossible nature of it. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Need login suggestions
On Mon, May 3, 2010 at 12:42 AM, Angus Mann wrote: > We're building a large site for a school district, to be used by both >> students and parents. When a student logs in, they gain some access to >> the >> site, and when a parent logs in, they gain access to other sections on the >> site. That's all fine and dandy, it's the actual registration process >> that >> I'm having a hard time with. >> >> How to determine if a registration is a student or a parent. Do I simply >> give them a check box (or other method) to pick from (student or parent) >> and >> hope they're being honest? Has anyone here have to deal with that in the >> past, and would you be willing to give me some ideas of what you did? >> Thanks! >> >> It sounds like it really doesn't matter how you do it. Nothing bad > happens if a student registers as a parent or vice-versa and the only person > inconvenienced is the end-user. I would just take some simple steps to ask > the person if they want to view as a student or as a parent. Have you > considered the option of just letting people register, and then allowing > them to select a radio-button labelled "Show me information important to > parents" or "Show me information relevant to students" or "Show me > information relevant to both". > > Some users might quite legitimately want to see both sets of content. > > That will be 2 cents, please. > > > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > Just be cautious with FERPA guidelines (which can actually get quite confusing) if you're doing this in the US. For instance, normally a child's name is considered "Directory information", or that is, information that a school can disseminate without consent. However, this requires that the school provided the parents an opportunity to opt-out of such disclosures. As a developer of some educational games AND the husband of an elementary teacher, I realize FERPA can be quite challenging at times. I point this out just in case the process you considered included presenting a drop-down of student names or anything like that in the publicly accessible interface. Here's the links just in case you haven't already read-up (that is, if this even applies to you): http://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html If you've already researched this or you're not in the US, I apologize for the irrelevant info. Happy coding, Adam -- Nephtali: PHP web framework that functions beautifully http://nephtaliproject.com
Re: [PHP] Need login suggestions
On Sun, May 02, 2010 at 08:09:07PM -0600, Ashley M. Kirchner wrote: > Slightly OT, but I can't think of a better forum to ask this in. I'm sure a > lot of us here have at some point or another built a system that requires > registration to gain access. What I'm trying to figure is how to set > different levels of access. > > > > We're building a large site for a school district, to be used by both > students and parents. When a student logs in, they gain some access to the > site, and when a parent logs in, they gain access to other sections on the > site. That's all fine and dandy, it's the actual registration process that > I'm having a hard time with. > > > > How to determine if a registration is a student or a parent. Do I simply > give them a check box (or other method) to pick from (student or parent) and > hope they're being honest? Has anyone here have to deal with that in the > past, and would you be willing to give me some ideas of what you did? > Thanks! > The only reliable way to resolve this is to let the school administration to handle it. Each registration would *attempt* to register as a student, parent or whatever. Those attempted registrations would go into a "wait" queue. Meantime, emails would be sent to an administrator whose job is would be to "bless" those registrations. They would check to see if a potential registrant was what they claimed to be. You'd give them a page where the queued registration attempts would show up. And they would check the proper box for each potential registrant. Once done, the registration would be completed, and in the proper category. Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Need login suggestions
> -Original Message- > From: Angus Mann [mailto:angusm...@pobox.com] > Sent: Sunday, May 02, 2010 10:43 PM > To: Ashley M. Kirchner; php-general@lists.php.net > Subject: Re: [PHP] Need login suggestions > > It sounds like it really doesn't matter how you do it. Nothing bad > happens > if a student registers as a parent or vice-versa and the only person > inconvenienced is the end-user. I would just take some simple steps to > ask > the person if they want to view as a student or as a parent. Have you > considered the option of just letting people register, and then > allowing > them to select a radio-button labelled "Show me information important > to > parents" or "Show me information relevant to students" or "Show me > information relevant to both". > > Some users might quite legitimately want to see both sets of content. Hmm, didn't think of that. I suppose it's possible a parent might want to see both sides, though a student ... can't think of a reason why but in the end, I don't know if it really matters. Thanks for the suggestion! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Need login suggestions
Hi. On Monday 03 May 2010 at 03:49 Ashley M. Kirchner wrote: [snip] >So what if a student registers on the wrong side of the wall? Nothing > happens [snip] > Kids would be registering for a > photo contest, parents will be registering for something completely > different. You might try changing the interface to reflect the above - instead of dividing the users into students and parents, give them two nice big buttons to click "Register for Photo Contest" and "Register for This Other Thing". As far as managing the differences in code, when they log in stick $userType (from the database I guess) in the session and check it in every secured page to control who sees what. I've done several variations on this particular theme; it's simple to manage, especially if you have a page initialisation function/method you can put the $userType check into. HTH, Mark -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Need login suggestions
We're building a large site for a school district, to be used by both students and parents. When a student logs in, they gain some access to the site, and when a parent logs in, they gain access to other sections on the site. That's all fine and dandy, it's the actual registration process that I'm having a hard time with. How to determine if a registration is a student or a parent. Do I simply give them a check box (or other method) to pick from (student or parent) and hope they're being honest? Has anyone here have to deal with that in the past, and would you be willing to give me some ideas of what you did? Thanks! It sounds like it really doesn't matter how you do it. Nothing bad happens if a student registers as a parent or vice-versa and the only person inconvenienced is the end-user. I would just take some simple steps to ask the person if they want to view as a student or as a parent. Have you considered the option of just letting people register, and then allowing them to select a radio-button labelled "Show me information important to parents" or "Show me information relevant to students" or "Show me information relevant to both". Some users might quite legitimately want to see both sets of content. That will be 2 cents, please. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Need login suggestions
> -Original Message- > From: Nathan Rixham [mailto:nrix...@gmail.com] > Sent: Sunday, May 02, 2010 8:39 PM > To: Ashley M. Kirchner > Cc: php-general@lists.php.net; Nilesh Govindarajan > Subject: Re: [PHP] Need login suggestions > > Ashley, > > I think Nilesh, (and later both Bobby & I), were just looking out for > our fellow developer, with good, if not the best intentions. > > Consider the scenario where you are making a school district site for > students and parents, and you slipped up and gave access to kids > details > to anybody who claimed to be a parent - I think in that scenario you'd > really appreciate the gentle nudge - and we, many of us parents, > wouldn't want the possibility of a hurt (or worse) child due to not > speaking up ;) While I can appreciate that, this isn't the case here. This isn't sensitive information being broadcasted here. It's simply a matter of figuring out who's registering for what. Kids would be registering for a photo contest, parents will be registering for something completely different. So what if a student registers on the wrong side of the wall? Nothing happens there other than not having the ability to participate in the photo contest because it won't be available to them. And they can't *see* anything that the parents have done either, those are all contained within each specific account. I did take offense in Nilesh response because to me all he did was jump right down my throat and tell me not to do something (or that it's a "very bad idea") without even knowing WHAT it is that's being done. Whether this was a school district, or a gaming website between friends, it makes absolutely no difference. I'm asking about the specifics for a registration mechanism, NOT whether I should share information, nor what kind of information is being shared. This is a public school district, and we DO allow public registrations on our campus, because not all schools fall under our central system, and because parents want information. I'm simply inquiring from others if anyone has thought this through and come up with some way of determining who's who when they register, and I hate to say it, but so far the only person that actually answered my question with ideas was you, Nathan. So far everyone else has done nothing but say 'don't do it'. That's not helping any. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Need login suggestions
Ashley M. Kirchner wrote: >> -Original Message- >> From: Nilesh Govindarajan [mailto:li...@itech7.com] >> Sent: Sunday, May 02, 2010 8:20 PM >> To: php-general@lists.php.net >> Subject: Re: [PHP] Need login suggestions >> >> Its a very bad idea to allow public registration for parents, instead >> the school IT department should give accounts to students and parents. > > Now, how does that answer the question? What does it matter to you how or > where this is being done? That's not what I was asking. The simple fact > that I mentioned a school district in my e-mail, you took that approach. I > could've just as well mentioned a completely different scenario. The point > is, the question is about different levels of access based on a registration > process. > Ashley, I think Nilesh, (and later both Bobby & I), were just looking out for our fellow developer, with good, if not the best intentions. Consider the scenario where you are making a school district site for students and parents, and you slipped up and gave access to kids details to anybody who claimed to be a parent - I think in that scenario you'd really appreciate the gentle nudge - and we, many of us parents, wouldn't want the possibility of a hurt (or worse) child due to not speaking up ;) Regards, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Need login suggestions
> -Original Message- > From: Nilesh Govindarajan [mailto:li...@itech7.com] > Sent: Sunday, May 02, 2010 8:20 PM > To: php-general@lists.php.net > Subject: Re: [PHP] Need login suggestions > > Its a very bad idea to allow public registration for parents, instead > the school IT department should give accounts to students and parents. Now, how does that answer the question? What does it matter to you how or where this is being done? That's not what I was asking. The simple fact that I mentioned a school district in my e-mail, you took that approach. I could've just as well mentioned a completely different scenario. The point is, the question is about different levels of access based on a registration process. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Need login suggestions
On 05/03/2010 07:39 AM, Ashley M. Kirchner wrote: Slightly OT, but I can't think of a better forum to ask this in. I'm sure a lot of us here have at some point or another built a system that requires registration to gain access. What I'm trying to figure is how to set different levels of access. We're building a large site for a school district, to be used by both students and parents. When a student logs in, they gain some access to the site, and when a parent logs in, they gain access to other sections on the site. That's all fine and dandy, it's the actual registration process that I'm having a hard time with. How to determine if a registration is a student or a parent. Do I simply give them a check box (or other method) to pick from (student or parent) and hope they're being honest? Has anyone here have to deal with that in the past, and would you be willing to give me some ideas of what you did? Thanks! Its a very bad idea to allow public registration for parents, instead the school IT department should give accounts to students and parents. -- Nilesh Govindarajan Site & Server Administrator www.itech7.com मेरा भारत महान ! मम भारत: महत्तम भवतु ! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php