|
|
Posted by Peter Chant on 03/13/06 20:10
Peter Fox wrote:
>
> I've just read the 10 or so messages in this thread and here is my
> different suggestion.
Cheers
>
> * You might find it extremely useful to identify (with reasonable
> confidence short of definite) who is accessing the site either for
> statistics or general policing. eg What do you do if somebody leaves
> the club? So one ID per person sounds a good idea.
Yes
>
> * You already have some sort of ID system in your membership list. Ie.
> some unique tag that you control and doesn't change at the whim of the
> member (eg email address can change but club membership number is
> fixed.)
Yes, it is a database ran by myself. This will not be linked to the
internet. _I_ use an id number system that does not change. Don't get me
started on the membership number system someone else uses that changes on a
yearly basis as they renew and / or mid year when they realised they
recorded a payment out of sync...
>
> * If you email people their access 'code' then that's a reasonably
> private thing. The problem you are majoring on is getting people to
> type in 'their membership number' [For purposes of discussion I'll
> ignore spoofing considerations of using a membership number - you
> wouldn't use that.] All you do is email them an address such as
> <http://myclub.co.uk/members.php?MbrNo=12345> which is different for
> each member.
>
Good plan. Looking at the above a random number per user with a reasonable
length should do the trick. It would be difficult to guess the access
numbers on that basis. Easy on my separate membership database to
generate, via a cron job an access list:
tom,genovhvowvbuor
dick,riovnioniovnio
harry,hgioevneioerr
etc
> Your 'index.htm' page is for non-members with a bit linking to how to
> access members area (including what if you are a member but unexpectedly
> here.)
>
> members.php redirects duff $_GET['MbrNo'] values to the front page.
>
I'm thinking maybe about having just one page, index.php and using
variables, a switch statement and 'include' to produce each page.
<http://myclub.co.uk/members.php?MbrNo=12345&page=calender>
I only want half a dozen pages at best so this keeps authentication nice and
simple.
> Your joining instructions go as follows:
> 1. Go to myclub.co.uk and click on 'I am a member'
> 2. Enter your name, number, email address and street name
> The system then sends you an email informing you how to access the
> member's area.
> (You log the information for the benefit of the membership sec who can
> check street names. The access code is some hash or random number.)
> 3. Go to the web page indicated in the email AND BOOKMARK IT.
> (You might also attempt to set a cookie, that can be fallen back on if
> the user goes direct to the main page.)
>
> Can you see what's happened? The access key is in the bookmark and
> doesn't rely on cookies or memorising passwords or any typing in.
Yes, that is simple and aviods cookies. I'm not going to register anyone
via the website at the moment. Just keep it simple, they can email me.
>
> When a page is accessed with ?MbrNo=12345 you should start it with
> "Hello Charlie Smith" just so _everyone knows_ the system has identified
> them.
Useful & friendly.
> If Bots get to index.htm then that's great 'cos you presumably
> want to let non-members know of your Good Works. But make sure there is
> no link between index.htm and members.php (even if members.php is botted
> all that happens is a redirect to index.htm 'cos no bot will know the
> ?MbrNo bits required.
>
Only really intending this as a limited thing to give members the chance to
pull information from a website rather than wait until I send it out on a
mailing list, at least for the moment.
Thanks to all who have responded in this thread, it was useful and probally
has saved me time by avoiding making things overcomplicated.
Pete
--
http://www.petezilla.co.uk
Navigation:
[Reply to this message]
|