Plan a Great Client Login System

Freelance Website designers, small Web design businesses, and large development enterprises should consider using a client login page for their customers.

A client login lets your clients access all their available features in one handy place, with the minimum fuss for the client and yourself. It allows you to keep confidential information confidential, while permitting collaboration between your business and the client online. It can substantially increase your credibility in the client's eyes, as well as reducing the chance for mis-communication, making the client management process occur more smoothly.

Let's look at the features you should consider for inclusion in your client login system. We'll also address some of the key problems you may encounter, and explore how you can overcome them.

Before you Start

Your client login page doesn't always need to be a complicated system, however there are some factors that need to be carefully thought out before you start. Attention to these details now can save you a lot of time in the long run.

Storage

You need to store certain client information in order to access it -- so the user can change settings easily, and not have to enter their name or email address each time they want to do something on the site. Before you begin development, pick the storage method of your choice, and stick to it! Don't store half the information in MySQL, and use flat text files for the rest. Choose one, and use one. Here are some ideas for storage methods:

• MySQL
• Microsoft Access
• Flat Text files

MySQL is excellent in that it's secure and can be easily accessed. It is also the PHP programmer's method of choice. Microsoft Access works extremely well with ASP, and is brilliant for more organised storage. Flat text files are in no way secure, and not a good idea for information you don't want hackers to be able to see.

The method you select from the suggestions above is an easy decision -- all you need to do is choose the option that your server best supports. However, you must be careful in deciding what to store. You may wish to store all the details you have of your clients, but if a hacker gets in, they will have access to some potentially sensitive and confidential information. For this reason, limit the amount of information you store to a bare minimum, for example:

• Customer's site name -- the full name of their Website
• Customer's site address -- the URL to their Website
• Customer's full name -- so you can greet them personally on each page
• Customer ID Number (if applicable) -- for support requests and correspondence
• All services the customer has bought -- and which ones they have paid for

Never store plain text passwords anywhere on your Web space, database, or wherever else a potential hacker could find them. If you have to store them, encrypt them. Take a look at the MySQL password function, and the PHP functions MD5 and crypt for help with protecting passwords.

Security

Making your client information pages secure is an important part to remember. Not only does it protect hackers, it lets the page know who's using the page. As I said before, you can give a personal touch to each page the user visits (e.g. "Welcome, Mr. Mickiewicz"), and when a user wants to change their settings or information, they can do so without having to enter their username and password each time.

There are many ways to authenticate your users -- I won't go into much detail, but here are a couple of suggestions:

• .htaccess You know those login boxes that pop up in your browser sometimes? This can be done with minimal fuss using .htaccess authentication. For more information on this, see Kevin Yank's Apache HTTP Authentication in PHP. However, there are certain security risks involved -- usernames and passwords are both sent to the server in plain text and it is easy to "hijack" along the way.
• PHP/MySQL Authentication This is the method I recommend you use for your client login page. It is extremely flexible and customisable, unlike those ugly .htaccess popup boxes. See Kevin Yank' s article, Managing Users with PHP Sessions and MySQL for more details on this.

Get to the Drawing Board!

Now, draw out a plan on paper. Outline the links, colours, and text you want, to help when it comes to programming your pages. Your plans don't need to be concise -- you don't need to write out the full text you're going to include, and sketch each image out in general terms; just an overview of what will be in each place is fine.

The last step before you start is to decide upon the features you'll include in your client login page. I've put together a few suggestions here for you to chew the end of your pen over.