2. PHPRunner General questions
  3. two level log-in web site
This topic is locked

two level log-in web site

 		9/19/2013 3:20:14 PM
PHPRunner General questions
D
 desipan author

I am trying to have two level log-in web site instead of IP restrictive method.

The site needs to ask for SITE log-in username/password and after successful log-in it needs to ask for actual user's username/password. This way only the managerial level employee can authorize the particular computer by entering the SITE username/password and this computer is allowed to access this site for indefinite time unless the cookies are deleted. After that an authorized end user can access the site using his username/password.

Any help will be appreciated.

Thanks
C
 		cgphp 9/20/2013

You have to code a new login system from scratch asking for managerial credentials before an employee can access the computer.
To make sure an employee can't access the computer before a manager authorization has been granted, in the Before Process event of the login

page, you have to check if a session variable (this session is created after a successful manager login) is set or fetch from db if that user

can access this site for indefinite time. Otherwise you redirect the user to your custom manager login page.
Sergey Kornilov admin 9/20/2013

Just in case here is another approach you can try.

  1. Implement IP address based restriction system. Allowed IP addresses should be stored in one of database tables.
  2. When regular user is trying to logon to the system from new machine access is restricted. When manager is trying to logon from the new machine IP address is added to the table (AfterSuccessfulLogin event) and once this is done regular users can login as well.
D
 		desipan author 10/4/2013



Just in case here is another approach you can try.

  1. Implement IP address based restriction system. Allowed IP addresses should be stored in one of database tables.
  2. When regular user is trying to logon to the system from new machine access is restricted. When manager is trying to logon from the new machine IP address is added to the table (AfterSuccessfulLogin event) and once this is done regular users can login as well.



Sergey,

How to implement Allowed IP Address stored in the Database table?

Also, how to implement the second item in your reply?

I appreciate your help.
Sergey Kornilov admin 10/5/2013

Desipan,
unfortunately we do not have that sort of sample code. The closest we have is restriction by the list of hardcoded IP addresses:

http://www.asprunner.com/forums/topic/21207-restricting-access-to-phprunner-application-by-ip-address/
You will have to create a new table in the database to store allowed IP addresses and modify sample code to perform a database lookup instead of scanning the static list of IP addresses.