[From Intranet Journal
Welcome to the penultimate installment of the series. So far we've looked at the basics of database interaction using PHP, as well as some vital techniques such as validation and error handling. We've allowed anyone to be able to add or remove content at the touch of a button without programming knowledge. However, we've been rather to liberal in allowing just anyone to make changes. We need to keep certain areas of the site, such as the admin system, private. Sadly, few people will respect a "keep out" sign, and this month we'll be creating a class that'll act as a guard for the more private areas of your intranet or Web site.
I should emphasize that this is a very basic type of security, and techniques such as secure servers, secure data transmission, and encryption are not covered by this article. These should be investigated if you're planning on storing any sensitive information.
Let us now consider what we want our system to do:
- Store users' details in the database
- Group users into categories, for instance administrators, editors, and staff, in order of security access
- Only allow groups of users access to specific areas of the site
The article continues at