I was talking about the admin himself, I wouldn’t hope you wouldn’t suggest something like rguy84 is my user name and my admin name is rguy84_admin…
I would expect Admin accounts for any website are set up differently enough that you could never confuse them.
That and the fact that you won’t have 500 Admin accounts.
More so, I would expect that if you have an Admin account, you are only using it on the back-end and have an entirely different entry point into the site.
No Admin would go to www.amazon.com, log in as a super user, and then start changing the website from the public-facing website?!
They would presumably log in to a Development/Staging/Production Back-End Environment.
In fact, good security would prohibit a super user from logging in as a regular user from the outside web…
TomTees
I slept on it, and you are correct, and others were leading me astray.
One User, One Role. (If an “Admin” also wants to be a “Customer”, then he/she will have two accounts!!)
If that is the case you could have just 1 user table. One of the columns in that user table could be called fldAccessLevel where access level 1 = admin, 2 = registered customer.
Then every time a request is made for a web page from a client browser, you check if the user is logged an the time, and if so what the current session access level is set to. If is 1, the user can see any web page. If it is 2, then the user can see all the web pages except those that require a fldAccessLevel = 1 (admin web pages). If no session access level is currently set, then the user is not logged in and so can view only the public web pages.
I have a question about this, but it relates to PHP and OOP…
Can I ask it here or should I start a new thread?
TomTees