User accessing with only one email

Asked

Viewed 27 times

0

I wanted to have a direction, be it javascript, php or Mysql.. So I can develop and have more ideas.

Well, I have a normal login and password system, with database etc.

My idea was this: With only one e-mail can have multiple accesses. What differentiates is the password (in which case it would be a pk).

Example: [email protected] Password 01 - This account directs to a ADM account

[email protected] Password 02 - This account directs to a normal user.

I’ve been doing some research and I found something related to it, but I didn’t understand it very well.

  • Well, I don’t believe I can fit an "answer" here. First of all, in my opinion, your idea violates a basic security issue that is to make known the user’s password (to be able to compare to which level of access it refers); this suggests that the password will not have the least encryption and that it will be stored in plain text (whether or not converted to Base64 or equivalent). I believe the most common is to give the user participation in access levels or system areas (or even modules). Maybe you can also create a third field as "name" to make this split, q n is good

  • You can set the following: the user registers once, when logging in he can have a page to add accounts, he inserts the new name and password of the account and when doing data processing, you create a column as real_id, referring to the main account. Do not use the password as PK, but the ID as PK. So, when logging in, the user can select which account to use.

1 answer

0


Look, you can do this by storing the encryption passwords in the BD, and at the time of consulting you query by the user and test the password entered for each row returned from the bank. There is this PHP function: https://www.php.net/manual/en/function.crypt.php which I think is very good, is unidirectional, IE, has no method to decrypt. See in the documentation how it works.

But this can generate SEVERAL problems for you, as: what if you put the same password for both users or 3 or 4 with the same email? Just to generate permission rules in the system? Lots of work/code for little benefit. I don’t think it’s worth investing in this approach.

So I suggest:

If you want to do a level of permission I suggest you create two tables:

User(id, email, senha)
Permissoes(id_user, admin, recepcao, id_user references User(id))

Where admin and recepcao would be of the Boolean type to determine if the user has admin permission, reception, and so on. How many permissions are required.

Or you can just create a table with both:

User(id, email, senha, admin, recepcao)

That way if a user has more than one permission, you can give them multiple choices of pages to access. Simple and easy to maintain.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.