We require a login / user management system to control access to our website.
The system should consist of a login page requiring user name and password which is checked against a MYSql database including encrypted passwords. The login page should handle requests to reset passwords, requests to retrieve lost passwords or username, and requests to register for access to the website.
A successful login should redirect the user to a main menu that we will set up and maintain.
A request to retrieve a lost password or username (based on email address) should generate an email to the registered address of the username.
A request for access to the site should redirect to a registration page and gather the users information - first name, last name, company name, address, city, state, zip, phone, fax, email address and requested username. The database should have a 'status' so that the administrator can disable a users access without deleting the user. Requested username should be checked against database to ensure it is available.
After completing the user information form, the request is to be emailed to the site admin for approval. Upon approval, the user is sent an email with a temporary (autogenerated) password. The user must change the password on the first log in.
A successful login should generate a session cookie for use in user authentication throughout the website.