Clinton Posted April 22, 2008 Share Posted April 22, 2008 OK. So I am trying to figure out the best way to go about adding a login script to my site. I want a login script that allows me different levels of access. I took the famous sde Login & Session example and kind of changed it around to add such levels of access, as shown below. But I'm now kind of concerned about security. As a result I found this script: http://www.roscripts.com/PHP_login_script-143.html and while it does have a admin vs. member feature from what I gather it doesn't have the flexibility that something like below does. So really, what do I do? What options do I have? This brings me about to my final question. If I'm using an SSL Certificate on my website and use the following script below will that suffice? Any help would be greatly appreciated. Thanks. <? // connect to database include("inc/connect.php"); // include auth and nav include("inc/auth.php"); include("inc/nav.php"); ?> <? $rn=("SELECT Status FROM users WHERE username='" . $_SESSION['username']."'"); $rz=mysql_query($rn); while($row=mysql_fetch_array($rz)) { if($row["Status"]=="0"){ echo ("<br>Have a great day! <a href='logout.php'>Close</a>"); }elseif($row["Status"]=="1"){ ?> <title> Salt Lake City - Explosive Division </title> <head> </head> <body> <center> <p> Welcome to the. Here you will find a list of current personnel, a calendar, current inventory (minus powder at this time), and Direct Billed Hotels. If you have any suggestions please let us know <a href="mailto:">here</a> and when you are ready to navigate click your right mouse button. Oh, always remember to JUST BLAST IT! </center> </body> <? }else{ ?> <title> Salt Lake City </title> <head> </head> <body> <center> <p> Welcome to the Salt Lake City= Here you will find a list of current personnel, a calendar, current inventory (minus powder at this time), and Direct Billed Hotels. If you have any suggestions please let us know <a href="mailto:">here</a> and when you are ready to navigate click your right mouse button. Oh, always remember to JUST BLAST IT!<p> </center> <center><font color=orange><h2>////////////////////////////// WARNING: G14 CLASSIFIED. ADMINISTRATOR ACCESS ONLY! \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\</font></h2></center> Pending Registrations:<p> <? $q1= "SELECT * FROM users WHERE Status='0'"; $q1rz=mysql_query($q1) or die(mysql_error()); while($row1 = mysql_fetch_array($q1rz)){ ?> <form action="updateregistration.php" method="post"> <table border="0"> <tr><td>First Name:</td><td> <input type="text" name="First" maxlength="60" value="<? echo $row1['First']; ?>"> </td></tr> <tr><td>Middle Initial:</td><td> <input type="text" name="MI" maxlength="60" value="<? echo $row1['MI']; ?>"> <tr><td>Last Name:</td><td> <input type="text" name="Last" maxlength="60" value="<? echo $row1['Last']; ?>"> <tr><td>E-mail:</td><td> <input type="text" name="Email" maxlength="60" value="<? echo $row1['Email']; ?>"> <tr><td>Home Phone:</td><td> <input type="text" name="Phone" maxlength="60" value="<? echo $row1['Phone']; ?>"> <tr><td>Cell Phone:</td><td> <input type="text" name="CellPhone" maxlength="60" value="<? echo $row1['CellPhone']; ?>"> </td></tr> <tr><td>Username:</td><td> <input type="text" name="username" maxlength="200" value="<? echo $row1['username']; ?>"> </td></tr> <tr><td>Status:</td><td> <select name="Status" size="1"> <option value="0">Pending/Suspended</option> <option value="1">User</option> <option value="2">Administrator</option> <option value="187">Delete Account!</option> </select> </td></tr> <tr><th colspan=2><input type="submit" name="submit" value="Approve!"><input type="hidden" name="ID" maxlength="10" value="<? echo $row1['ID']; ?>"></th></tr> </table> </form> <p> <? } ?> <p>Current Users:<p> <? $q2= "SELECT * FROM users WHERE Status>'0'"; $q2rz=mysql_query($q2) or die(mysql_error()); while($row2 = mysql_fetch_array($q2rz)){ ?> <form action="updateregistration.php" method="post"> <table border="0"> <tr><td><? echo $row2['First']; ?><input type="hidden" name="First" maxlength="60" value="<? echo $row2['First']; ?>"> <input type="hidden" name="MI" maxlength="60" value="<? echo $row2['MI']; ?>"> <? echo $row2['Last']; ?>'s<input type="hidden" name="Last" maxlength="60" value="<? echo $row2['Last']; ?>"> <input type="hidden" name="Email" maxlength="60" value="<? echo $row2['Email']; ?>"> <input type="hidden" name="Phone" maxlength="60" value="<? echo $row2['Phone']; ?>"> <input type="hidden" name="CellPhone" maxlength="60" value="<? echo $row2['CellPhone']; ?>"> <input type="hidden" name="username" maxlength="200" value="<? echo $row2['username']; ?>"> <td>Status:</td><td> <select name="Status" size="1"> <option value="<? echo $row2['Status']; ?>"><? if($row2['Status']=="0"){ echo ("Pending/Suspended");}elseif($row2['Status']=="1"){ echo ("User");}else{ echo ("Administrator");} ?></option> <option value="0">Pending/Suspended</option> <option value="1">User</option> <option value="2">Administrator</option> <option value="187">Delete Account!</option> </select> <td><th colspan=2><input type="submit" name="submit" value="Update"><input type="hidden" name="ID" maxlength="10" value="<? echo $row2['ID']; ?>"></th></tr> </table> </form> </body> <? }}} ?> Quote Link to comment Share on other sites More sharing options...
ublapach Posted April 22, 2008 Share Posted April 22, 2008 remember to session_start() on every page Quote Link to comment Share on other sites More sharing options...
DarkWater Posted April 22, 2008 Share Posted April 22, 2008 I'd hardly say that a simple login script warrants SSL on a normal site, but whatever floats your boat. Quote Link to comment Share on other sites More sharing options...
intodesi Posted April 22, 2008 Share Posted April 22, 2008 I have been stripping bits and peices from this script here http://www.devarticles.com/c/a/PHP/Creating-a-Membership-System/1/ but it is pretty secure as is, and overs membership levels etc. Quote Link to comment Share on other sites More sharing options...
Clinton Posted April 22, 2008 Author Share Posted April 22, 2008 I'll be storing information about explosives so I'll want the SSL. Thanks for the link. I'll be looking into that more in depth. Quote Link to comment Share on other sites More sharing options...
monkeypaw201 Posted April 22, 2008 Share Posted April 22, 2008 I'll be storing information about explosives so I'll want the SSL. Thanks for the link. I'll be looking into that more in depth. hmm... SSL for access to info on explosives... it doesn't sound very legal Quote Link to comment Share on other sites More sharing options...
intodesi Posted April 22, 2008 Share Posted April 22, 2008 See I read that way differently.. i seen explosives.. and i thought you where talking about explode() Quote Link to comment Share on other sites More sharing options...
Clinton Posted April 22, 2008 Author Share Posted April 22, 2008 LoL. A bunch of die hards. That's good. Couldn't do it without ya'll. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.