Restrcting and UPDATE page

[PHPilliterate]

Howdy!

I have a page that shows the schedule for a baseball league. All the info is drawn from my DB. For each line of the schedule, I have a link to update that item so users can enter their score after each game.

What I want to do is password protect the UPDATE page so that only someone from the visitor or home team can enter the score.

How can this be done? ???

 

I am not very php skilled. ANy and all help is greatly appreciated.

[DeanWhitehouse]

create a username and password for each user who can edit it , and make a login form on the page, then check the data they enter against the database then set them a session and check for that session on the protected pafge

[dptr1988]

Here is a tutorial on user logins: http://www.phpcodinghelp.com/article.php?article=user-login

 

It will describe how to use permissions too.

 

 

[PHPilliterate]

create a username and password for each user who can edit it , and make a login form on the page, then check the data they enter against the database then set them a session and check for that session on the protected pafge

 

I already have the login page set-up and the DB of names/passwords. My problem (so far) is that my login page does not direct a succesfull login properly. Say the item they are updating is line 25 from my DB, they should have an URL that is something like schedule/alfl/ALFL_Score.php?ID=25....but after a successfull login they are directed to schedule/alfl/ALFL_Score.php which shows no information.

[DeanWhitehouse]

u will have to use sessions to make the ?id=

[PHPilliterate]

So do I make that session in the header of the update page before the script that checks for access rights?

[DeanWhitehouse]

er, what you do in the login code set the session if they login successfully, then in the header of all the pages you need session start. then on protected pages check for the session.

[PHPilliterate]

ok...now i'm confused...

:'(

 

I created a login page, then set the restriction on the UPDATE page. So once a user clicks on my ENTER SCORE link, it gives them an URL like schedule/alfl/ALFL_Score.php?ID=25 (or whichever ID=XX for that line item)...and redirects to the LOGIN page... But once they login, the URL is schedule/alfl/ALFL_Score.php...so it does not show any info from ID=25. How do I have a successful login go to the proper page?

 

Sorry if I'm not making much sense. I'm very new to php.

 

I should also mention that I am using DW8 and it's "easy to use" features.

[DeanWhitehouse]

If you give me a email, i can send you a script i have, but adjust it to your needs.

my email: deanwhitehouse6@hotmail.com

[PHPilliterate]

Would it be easier if I posted my code for my pages? Then you can see what I have and be able to better direct me as to how I can make it work...

 

From my login page...

<?php
mysql_select_db($database_alflregister, $alflregister);
$query_Login = "SELECT username, userpass FROM login";
$Login = mysql_query($query_Login, $alflregister) or die(mysql_error());
$row_Login = mysql_fetch_assoc($Login);
$totalRows_Login = mysql_num_rows($Login);
?><?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['select'])) {
  $loginUsername=$_POST['select'];
  $password=$_POST['textfield'];
  $MM_fldUserAuthorization = "";
  $MM_redirectLoginSuccess = "ALFL_Score.php";
  $MM_redirectLoginFailed = "../../About us.html";
  $MM_redirecttoReferrer = true;
  mysql_select_db($database_alflregister, $alflregister);
  
  $LoginRS__query=sprintf("SELECT username, userpass FROM login WHERE username='%s' AND userpass='%s'",
    get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password)); 
   
  $LoginRS = mysql_query($LoginRS__query, $alflregister) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
     $loginStrGroup = "";
    
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;	      

    if (isset($_SESSION['PrevUrl']) && true) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];	
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>

 

From the page that they enter their score...

 

<?php
if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 

  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) { 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 
    } 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) { 
      $isValid = true; 
    } 
    if (($strUsers == "") && true) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}

$MM_restrictGoTo = "ALFL_Schedule.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) 
  $MM_referrer .= "?" . $QUERY_STRING;
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}
?>