tags:

views:

130

answers:

4
+1  Q: 

Admin Log-In Development

I am developing the ability for administrators to log in and I'm to the point of creating the admin log-in page, but I'm somewhat torn as to where the best place to put it.

For details, this is part of an MVC framework, and the administration portion is in it's own folder - /admin; so administration is completely separate from the public portion of the site.

I would like to place the actual log-in page in its own php file for security by separating it from the rest of the site. That way if they bust one, they don't bust all. However, then you get to the point of processing the log-in request - should it be in the same PHP file as the log-in, or should it reside in another file, or should all of this just be part of the framework?

Any suggestions would be much appreciated.

EDIT: just for some clarification, this is my first time creating any sort of user system, so please bear with me :) (Any good tutorial/example links are greatly appreciated too).
The admin portion of the site is in it's own folder but uses the same base files, classes, etc as the front end - the files are only overwritten in the admin portion as needed. Also, an 'admin' is just a certain user type - roles and permissions have already been figured out.

I'm just having a hard time starting - particularly where to implement/put the login form. I thought it would be best for security to have a physically separate file for login, but I see that might not be the case.

A: 

IMHO, Admin should login through the same form as regular user, but permissions should allow him to view additional content. You can place admin forms in any folder, and then allow admin to access it.

Sorantis  2009-08-25 21:37:35
A: 

Using the same login system for both admin and users will enable you to simplify your application. First off, you'll only need to create one login form. Secondly, if the admin section is part of the same codebase, you'll gain a huge benefit from being able to access all of the classes used throughout the site. If you used an MVC architecture, you'll probably want to use the same models in the admin as you do on the site. Even if you didn't, there is probably still a lot of code you can reuse for the admin section (base classes, database abstraction layer, shared settings/configuration, etc).

pix0r  2009-08-25 21:42:14
Yes, even though the admin section of the site is in it's own folder, it uses all the same classes as the rest of the site. It only uses files in the admin folder if they are present - if not, it defaults to the framework classes
Robert DeBoer  2009-08-26 12:41:10
A: 

I think the admin user should just be another class of user (or be an option for a normal user). Take note that there's slightly more chance of granting access to a normal user by mistake with this approach.

James C  2009-08-25 22:24:40
An admin will be just another type of user. I'm going to be implementing a role/permissions user structure, so a user can be an admin, a custom admin with access to only x component, etc.
Robert DeBoer  2009-08-26 14:15:13
+1  A: 

I agree with the rest of the posts, Admin should be in the same work-flow. Here is a good example to reference.

Phill Pafford  2009-08-26 13:22:59
Thank you very much, I'm going to try it out; seams very informative.
Robert DeBoer  2009-08-26 14:06:51

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases