jaymc Posted June 17, 2009 Share Posted June 17, 2009 I am creating a system which requires our customers to have there own database which contains 40+ tables One of those tables is a users table so they can add their own users with group priveleges etc All our customers users will login through the same interface (front end login page) My question is, whats the best way to authenticate the user without requiring: 1: company ID/username 2: users login email 3: password I have thought of two solutions but both I do not want to use Solution 1: carbon copy all our customers user details into a master table which is used to login. that way only login email and password required however Solution 2: User an authentication url to set a cookie containing the customer ID so all logins will use the customers database users table Solution 3: loop through all customers DB's querying their users table for the correct login email and password Any other ideas? If not, which of the above do you think is the best? Quote Link to comment Share on other sites More sharing options...
fenway Posted June 22, 2009 Share Posted June 22, 2009 Long time no see.... I usually use a "one-time passcode", like a random hex-string of 40 characters (say, an MD5 hash of something), and e-mail it to them, and have it expire after 24 hours or when it's been used once. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.