PHPilliterate Posted April 25, 2008 Share Posted April 25, 2008 Howdy! I have a page that shows the schedule for a baseball league. All the info is drawn from my DB. For each line of the schedule, I have a link to update that item so users can enter their score after each game. What I want to do is password protect the UPDATE page so that only someone from the visitor or home team can enter the score. How can this be done? ??? I am not very php skilled. ANy and all help is greatly appreciated. Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted April 25, 2008 Share Posted April 25, 2008 create a username and password for each user who can edit it , and make a login form on the page, then check the data they enter against the database then set them a session and check for that session on the protected pafge Quote Link to comment Share on other sites More sharing options...
dptr1988 Posted April 25, 2008 Share Posted April 25, 2008 Here is a tutorial on user logins: http://www.phpcodinghelp.com/article.php?article=user-login It will describe how to use permissions too. Quote Link to comment Share on other sites More sharing options...
PHPilliterate Posted April 25, 2008 Author Share Posted April 25, 2008 create a username and password for each user who can edit it , and make a login form on the page, then check the data they enter against the database then set them a session and check for that session on the protected pafge I already have the login page set-up and the DB of names/passwords. My problem (so far) is that my login page does not direct a succesfull login properly. Say the item they are updating is line 25 from my DB, they should have an URL that is something like schedule/alfl/ALFL_Score.php?ID=25....but after a successfull login they are directed to schedule/alfl/ALFL_Score.php which shows no information. Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted April 25, 2008 Share Posted April 25, 2008 u will have to use sessions to make the ?id= Quote Link to comment Share on other sites More sharing options...
PHPilliterate Posted April 25, 2008 Author Share Posted April 25, 2008 So do I make that session in the header of the update page before the script that checks for access rights? Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted April 25, 2008 Share Posted April 25, 2008 er, what you do in the login code set the session if they login successfully, then in the header of all the pages you need session start. then on protected pages check for the session. Quote Link to comment Share on other sites More sharing options...
PHPilliterate Posted April 25, 2008 Author Share Posted April 25, 2008 ok...now i'm confused... :'( I created a login page, then set the restriction on the UPDATE page. So once a user clicks on my ENTER SCORE link, it gives them an URL like schedule/alfl/ALFL_Score.php?ID=25 (or whichever ID=XX for that line item)...and redirects to the LOGIN page... But once they login, the URL is schedule/alfl/ALFL_Score.php...so it does not show any info from ID=25. How do I have a successful login go to the proper page? Sorry if I'm not making much sense. I'm very new to php. I should also mention that I am using DW8 and it's "easy to use" features. Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted April 25, 2008 Share Posted April 25, 2008 If you give me a email, i can send you a script i have, but adjust it to your needs. my email: deanwhitehouse6@hotmail.com Quote Link to comment Share on other sites More sharing options...
PHPilliterate Posted April 25, 2008 Author Share Posted April 25, 2008 Would it be easier if I posted my code for my pages? Then you can see what I have and be able to better direct me as to how I can make it work... From my login page... <?php mysql_select_db($database_alflregister, $alflregister); $query_Login = "SELECT username, userpass FROM login"; $Login = mysql_query($query_Login, $alflregister) or die(mysql_error()); $row_Login = mysql_fetch_assoc($Login); $totalRows_Login = mysql_num_rows($Login); ?><?php // *** Validate request to login to this site. if (!isset($_SESSION)) { session_start(); } $loginFormAction = $_SERVER['PHP_SELF']; if (isset($_GET['accesscheck'])) { $_SESSION['PrevUrl'] = $_GET['accesscheck']; } if (isset($_POST['select'])) { $loginUsername=$_POST['select']; $password=$_POST['textfield']; $MM_fldUserAuthorization = ""; $MM_redirectLoginSuccess = "ALFL_Score.php"; $MM_redirectLoginFailed = "../../About us.html"; $MM_redirecttoReferrer = true; mysql_select_db($database_alflregister, $alflregister); $LoginRS__query=sprintf("SELECT username, userpass FROM login WHERE username='%s' AND userpass='%s'", get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password)); $LoginRS = mysql_query($LoginRS__query, $alflregister) or die(mysql_error()); $loginFoundUser = mysql_num_rows($LoginRS); if ($loginFoundUser) { $loginStrGroup = ""; //declare two session variables and assign them $_SESSION['MM_Username'] = $loginUsername; $_SESSION['MM_UserGroup'] = $loginStrGroup; if (isset($_SESSION['PrevUrl']) && true) { $MM_redirectLoginSuccess = $_SESSION['PrevUrl']; } header("Location: " . $MM_redirectLoginSuccess ); } else { header("Location: ". $MM_redirectLoginFailed ); } } ?> From the page that they enter their score... <?php if (!isset($_SESSION)) { session_start(); } $MM_authorizedUsers = ""; $MM_donotCheckaccess = "true"; // *** Restrict Access To Page: Grant or deny access to this page function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { // For security, start by assuming the visitor is NOT authorized. $isValid = False; // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. // Therefore, we know that a user is NOT logged in if that Session variable is blank. if (!empty($UserName)) { // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. // Parse the strings into arrays. $arrUsers = Explode(",", $strUsers); $arrGroups = Explode(",", $strGroups); if (in_array($UserName, $arrUsers)) { $isValid = true; } // Or, you may restrict access to only certain users based on their username. if (in_array($UserGroup, $arrGroups)) { $isValid = true; } if (($strUsers == "") && true) { $isValid = true; } } return $isValid; } $MM_restrictGoTo = "ALFL_Schedule.php"; if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) { $MM_qsChar = "?"; $MM_referrer = $_SERVER['PHP_SELF']; if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&"; if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) $MM_referrer .= "?" . $QUERY_STRING; $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer); header("Location: ". $MM_restrictGoTo); exit; } ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.