Looking to have a user login framework developed in the development environment for later installation into a hosted web service.
Current development environment
Eclipse PHP v3.0.2, MySQL Server v5.5, MySQL Workbench [url removed, login to view], Connector ODBC v5.2, Apache v2.2, Git, Windows XP.
There are 4 main types of user.
-> Unregistered - only has access to public pages, so login not required
-> Type 1 User - needs email address as username, and password. Email address must be unique in system repository/database. Access given to Type 1 User area pages. At login/logout user's details logged in database.
-> Type 2 User - needs email address as username, and password. Email address must be unique in system repository/database. Access given to Type 2 User area pages. At login/logout user's details logged in database.
-> Sales Admin User - needs username and password. Username allocated by Manager User upon employment. Access given to Sales Admin User area pages. All page changes and function activations are logged in the database to identify different Sales users.
-> Manager User - needs username and password. Username will be set directly in database prior to upload to server. Access to all areas of the system.
Passwords must be salted with a prefix and suffix set by the Manager User in the database. Changes to the salting text will be recording with an effective-from date. When users log in their account creation date determines which historical salting text was used.
When User Type 1 or User Type 2 login for the first time, they must enter a verification code with their first password (the one selected at registration). The user name must match that defined during registration. Registration emails will be checked against other registration email addresses before acceptance.
login gets them to their type homepage, and functions will be activated by links to PHP functions called from the homepage. (E.G. if a user clicks "Contact" then a PHP function showing the Contact form will be invoked whilst remaining on the homepage).
Usual "Cookies" query to be shown, and response captured in database if agreement selected.
Current Data Structures
The user login details are kept separate from user account details. The user account records refer to the user login record. The user login record fields currently defined (and others may be suggested, with explanation/justification):
#password_status [active ¦ reset ¦ locked]
#temp_password (for when a user forgets) - single use