Clinton Posted April 22, 2008 Share Posted April 22, 2008 OK. So I am trying to figure out the best way to go about adding a login script to my site. I want a login script that allows me different levels of access. I took the famous sde Login & Session example and kind of changed it around to add such levels of access, as shown below. But I'm now kind of concerned about security. As a result I found this script: http://www.roscripts.com/PHP_login_script-143.html and while it does have a admin vs. member feature from what I gather it doesn't have the flexibility that something like below does. So really, what do I do? What options do I have? This brings me about to my final question. If I'm using an SSL Certificate on my website and use the following script below will that suffice? Any help would be greatly appreciated. Thanks. <? // connect to database include("inc/connect.php"); // include auth and nav include("inc/auth.php"); include("inc/nav.php"); ?> <? $rn=("SELECT Status FROM users WHERE username='" . $_SESSION['username']."'"); $rz=mysql_query($rn); while($row=mysql_fetch_array($rz)) { if($row["Status"]=="0"){ echo ("<br>Have a great day! <a href='logout.php'>Close</a>"); }elseif($row["Status"]=="1"){ ?> <title> Salt Lake City - Explosive Division </title> <head> </head> <body> <center> <p> Welcome to the. Here you will find a list of current personnel, a calendar, current inventory (minus powder at this time), and Direct Billed Hotels. If you have any suggestions please let us know <a href="mailto:">here</a> and when you are ready to navigate click your right mouse button. Oh, always remember to JUST BLAST IT! </center> </body> <? }else{ ?> <title> Salt Lake City </title> <head> </head> <body> <center> <p> Welcome to the Salt Lake City= Here you will find a list of current personnel, a calendar, current inventory (minus powder at this time), and Direct Billed Hotels. If you have any suggestions please let us know <a href="mailto:">here</a> and when you are ready to navigate click your right mouse button. Oh, always remember to JUST BLAST IT!<p> </center> <center><font color=orange><h2>////////////////////////////// WARNING: G14 CLASSIFIED. ADMINISTRATOR ACCESS ONLY! \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\</font></h2></center> Pending Registrations:<p> <? $q1= "SELECT * FROM users WHERE Status='0'"; $q1rz=mysql_query($q1) or die(mysql_error()); while($row1 = mysql_fetch_array($q1rz)){ ?> <form action="updateregistration.php" method="post"> <table border="0"> <tr><td>First Name:</td><td> <input type="text" name="First" maxlength="60" value="<? echo $row1['First']; ?>"> </td></tr> <tr><td>Middle Initial:</td><td> <input type="text" name="MI" maxlength="60" value="<? echo $row1['MI']; ?>"> <tr><td>Last Name:</td><td> <input type="text" name="Last" maxlength="60" value="<? echo $row1['Last']; ?>"> <tr><td>E-mail:</td><td> <input type="text" name="Email" maxlength="60" value="<? echo $row1['Email']; ?>"> <tr><td>Home Phone:</td><td> <input type="text" name="Phone" maxlength="60" value="<? echo $row1['Phone']; ?>"> <tr><td>Cell Phone:</td><td> <input type="text" name="CellPhone" maxlength="60" value="<? echo $row1['CellPhone']; ?>"> </td></tr> <tr><td>Username:</td><td> <input type="text" name="username" maxlength="200" value="<? echo $row1['username']; ?>"> </td></tr> <tr><td>Status:</td><td> <select name="Status" size="1"> <option value="0">Pending/Suspended</option> <option value="1">User</option> <option value="2">Administrator</option> <option value="187">Delete Account!</option> </select> </td></tr> <tr><th colspan=2><input type="submit" name="submit" value="Approve!"><input type="hidden" name="ID" maxlength="10" value="<? echo $row1['ID']; ?>"></th></tr> </table> </form> <p> <? } ?> <p>Current Users:<p> <? $q2= "SELECT * FROM users WHERE Status>'0'"; $q2rz=mysql_query($q2) or die(mysql_error()); while($row2 = mysql_fetch_array($q2rz)){ ?> <form action="updateregistration.php" method="post"> <table border="0"> <tr><td><? echo $row2['First']; ?><input type="hidden" name="First" maxlength="60" value="<? echo $row2['First']; ?>"> <input type="hidden" name="MI" maxlength="60" value="<? echo $row2['MI']; ?>"> <? echo $row2['Last']; ?>'s<input type="hidden" name="Last" maxlength="60" value="<? echo $row2['Last']; ?>"> <input type="hidden" name="Email" maxlength="60" value="<? echo $row2['Email']; ?>"> <input type="hidden" name="Phone" maxlength="60" value="<? echo $row2['Phone']; ?>"> <input type="hidden" name="CellPhone" maxlength="60" value="<? echo $row2['CellPhone']; ?>"> <input type="hidden" name="username" maxlength="200" value="<? echo $row2['username']; ?>"> <td>Status:</td><td> <select name="Status" size="1"> <option value="<? echo $row2['Status']; ?>"><? if($row2['Status']=="0"){ echo ("Pending/Suspended");}elseif($row2['Status']=="1"){ echo ("User");}else{ echo ("Administrator");} ?></option> <option value="0">Pending/Suspended</option> <option value="1">User</option> <option value="2">Administrator</option> <option value="187">Delete Account!</option> </select> <td><th colspan=2><input type="submit" name="submit" value="Update"><input type="hidden" name="ID" maxlength="10" value="<? echo $row2['ID']; ?>"></th></tr> </table> </form> </body> <? }}} ?> Link to comment https://forums.phpfreaks.com/topic/102249-login-script/ Share on other sites More sharing options...
ublapach Posted April 22, 2008 Share Posted April 22, 2008 remember to session_start() on every page Link to comment https://forums.phpfreaks.com/topic/102249-login-script/#findComment-523557 Share on other sites More sharing options...
DarkWater Posted April 22, 2008 Share Posted April 22, 2008 I'd hardly say that a simple login script warrants SSL on a normal site, but whatever floats your boat. Link to comment https://forums.phpfreaks.com/topic/102249-login-script/#findComment-523558 Share on other sites More sharing options...
intodesi Posted April 22, 2008 Share Posted April 22, 2008 I have been stripping bits and peices from this script here http://www.devarticles.com/c/a/PHP/Creating-a-Membership-System/1/ but it is pretty secure as is, and overs membership levels etc. Link to comment https://forums.phpfreaks.com/topic/102249-login-script/#findComment-523561 Share on other sites More sharing options...
Clinton Posted April 22, 2008 Author Share Posted April 22, 2008 I'll be storing information about explosives so I'll want the SSL. Thanks for the link. I'll be looking into that more in depth. Link to comment https://forums.phpfreaks.com/topic/102249-login-script/#findComment-523570 Share on other sites More sharing options...
monkeypaw201 Posted April 22, 2008 Share Posted April 22, 2008 I'll be storing information about explosives so I'll want the SSL. Thanks for the link. I'll be looking into that more in depth. hmm... SSL for access to info on explosives... it doesn't sound very legal Link to comment https://forums.phpfreaks.com/topic/102249-login-script/#findComment-523574 Share on other sites More sharing options...
intodesi Posted April 22, 2008 Share Posted April 22, 2008 See I read that way differently.. i seen explosives.. and i thought you where talking about explode() Link to comment https://forums.phpfreaks.com/topic/102249-login-script/#findComment-523576 Share on other sites More sharing options...
Clinton Posted April 22, 2008 Author Share Posted April 22, 2008 LoL. A bunch of die hards. That's good. Couldn't do it without ya'll. Link to comment https://forums.phpfreaks.com/topic/102249-login-script/#findComment-523634 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.