There are 3 web projects. The server part is in PHP, the interface is HTML / JS. For data, each project uses a separate MySQL database. And each project uses user authorization. User data is stored as follows:

1st project: - a table in the Users database "user_id", "login", "md5password"

------------------------------ | 1 | admin | alskdjalsdja23das | | 2 | user | asdasdasqweqwreds32 | ------------------------------

2nd project: - Normal Apache BASE authorization - user data is stored in a .htaccess / .htpasswd file

3rd project: - table in the Users database: "user_id", "login", "md5password"

 ----------------------------- | 1 | moderator | aasdf21321a23das | | 2 | writer | asdasda456225fs32 | -----------------------------

rights table for different Rights: "right_id", "description"

 ----------------------------- | 1 | read | | 2 | write | | 3 | delete | -----------------------------

Users_Rights user rights assignment table: "user_id", "right_id"

 ----------------------------- | 1 | 1 | | 1 | 2 | | 1 | 3 | | 2 | 1 | | 2 | 2 | -----------------------------

How to create a single authorization for all three projects, with its own user management interface.

I think in the second project to apply mod_auth_mysql to use MySQL. But then it is not clear how to be with the uniqueness of users. Create prefixes for tables? Generally a dead end.

  • I think you need to make an independent authorization module - Stranger in the Q
  • And how will it settle with the uniqueness of users? - Vyacheslav
  • Well, in general, you answered deployed - Stranger in the Q
  • If you are given an exhaustive answer, mark it as correct (a daw opposite the selected answer). - Nicolas Chabanovsky

2 answers 2

For a single authorization you need a single profile. Therefore, there should be another table available for all projects. Maybe even a few tables. There will be auth_profiles: the user's token and mb some data about it: login, password. Another table in which the connection of this profile is written with the resources on which it will be automated. Approximately the following table: resource_id, user id on this resource. Further authorization takes place by login and password from the base of common profiles auth_profiles. A token is generated (not always, the lifetime is desirable, perhaps even in a separate table, if you need to make the possibility of several authorizations of the same person from different clients). And on the token to do authorization on other sites. At the first entry, if a person is not authorized, if he has a token (in cookies, sessions), then authorize.

In general, I recommend to look about oAuth. Make according to his principles. According to such principles works for example VKontakte authorization.

    To begin with - apparently you have already grown to a separate authorization module. Those. If you try to log in to one of the projects, it will be necessary, for example, to redirect the user to a separate resource that will check and authorize the user.

    Next - the redirection to the resource from where this user came. At the same time, in the same cookies, it is necessary to store the value that the first resource will check and make sure that the user is already authorized.

    And about the uniqueness - I strongly advise you to merge these three user bases into one. At the same time, add a note where this user came from (from which database).

    Further ... The user comes from the resource one and enters the login and password, you see it, the module sees that the user came from resource 1 and entered a password and login that correspond to the user who came from resource 1. Then he must authorize the user and force change his login.

    How to justify it - think yourself already. You can tell the user that his username is now his nickname, and he will be visible, and he now needs to come up with a new name so that other users would not see it.

    Something like that if in simple words :)

    • Thank you all for the direction. We will further deal - Vyacheslav