Highly secure login system

ReSpawN · 12-11-2007, 07:30 PM

Hey guys,

I've been on a login system for the last couple of days. Well, perhaps 'a' is not correct. If I sum them up, I've made about 5 login systems. The second better than the first. Later on using commands like mysql_real_escape_string(), setcookie, get_magic_quotes(), sprintf/printf and others.

Now, my question lies kinda with the whole idea; what is a good order to initiate a login.

We've got a couple of things;

1. We want to login using a form which is enabled on a page with a bunch of other information. Like a CMS. Similar to this page, the Account Information block pops out.
2. We want to make sure that groups and users have access to these pages. Groups and users can have different rights on each page. A NEW member perhaps can't post reactions, although a user which is registered over 5 days can. Also, only for families (or relatives), it's allowed to view some personal information. Similar to a blog of some kind. I can imagine that it's nobodies business to know how long you've been married or what ever.
3. We want to check for every page (if restricted to members (by user or group)) if the person has access or not. Else, displaying a kind error and then redirecting them with meta tags (since header isn't possible after an output, also not with an delay) to a login form.
4. I want to make the user able to receive administrator rights. So this means, 1 user to rule them all. A main account, linked (perhaps) to an admin designated account.

So, we have a few standards that we're going to be following.
The only problem for me is, what order? Which pages? How many pages? Setting cookies on which page? Checking them? If valid AND linked to a user, create a session non the less. ('remember me (for # days/months/years)')

What is the BEST way to do this? :) I can't figure it out on your own so you PHP Guru's gimme some advice please! Even classes could come in handy but remember, not everyone has PHP 5.2.5 + yet. :) I've got 5.2.5 on my PC and 4.4.7 on my server. :) So no difficult and incompatible classes & functions. :)

Thanks guys!