alf Posted December 21, 2008 Share Posted December 21, 2008 Hey, I'm fairly new to PHP but I'm slowly learning, so any help would be greatly appreciated I'm building a client log in system for my website. I've currently got a system that allows users to log in and be directed to their own area on the server using $location = ($username == 'admin') ? 'admin.php' : "client/$username/index.php"; The admin user can also generate new users with passwords, but I need a few more advanced features... 1) I need to restric access to each client folder from everyone else other than that specified user and 'admin' 2) I'd also like the admin to be able to generate template folders for each new user they create (eg. creating a user named "bob" would also create a the folder & file "client/bob/index.php" and restrict access to that content from all users apart from "bob" & "admin") Thanks Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted December 21, 2008 Share Posted December 21, 2008 So.. Whats the question? Quote Link to comment Share on other sites More sharing options...
alf Posted December 21, 2008 Author Share Posted December 21, 2008 I'm looking for help and advice about coding the advanced features I'm looking to include on my client login system. Primarily, how I go about including code that says "if you're not logged in as X oy Y user, then don't load this page and redirect somewhere else" Secondly, how I can allow the admin user to generate template folders and content for the new users it creates. Quote Link to comment Share on other sites More sharing options...
blueman378 Posted December 21, 2008 Share Posted December 21, 2008 well for the folder and file options look into the f fuctions, eg gopen, fread, fwrite Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted December 21, 2008 Share Posted December 21, 2008 well you can lock pages to the user's ID(which would be unique) and then on the page check their ID against the one stored in the db for that page. to generate new folders and content you will need to look into fwrite() and some similar PHP functions Quote Link to comment Share on other sites More sharing options...
alf Posted December 21, 2008 Author Share Posted December 21, 2008 Awesome, that points me in a great direction. Thanks for the help guys Quote Link to comment Share on other sites More sharing options...
alf Posted December 21, 2008 Author Share Posted December 21, 2008 sorry, just another quick one... I though this may work to lock pages (to anyone other than admin) by checking the user/session but I can't seem to get it working. Any ideas where I'm going wrong? <?php session_start(); $_SESSION['username'] = $username; if(!$username=='admin') { header("location:fail.htm"); } ?> Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted December 21, 2008 Share Posted December 21, 2008 wrong way round $_SESSION['username'] = $username; should be $username = $_SESSION['username']; Quote Link to comment Share on other sites More sharing options...
redarrow Posted December 21, 2008 Share Posted December 21, 2008 so you no incase your confused <?php session_start(); $username="redarrow"; // The username variable. $_SESSION['my_name']=$username; // create a session name for username $x=$_SESSION['my_name']; // turn variable $x into the session name echo $x; // echo variable $x ?> Quote Link to comment Share on other sites More sharing options...
alf Posted December 21, 2008 Author Share Posted December 21, 2008 ok, so now I'm really confused! My initial login script from the login page is this: <?php $host="MYHOST.net"; // Host name $username="MYSQLUSERNAME"; // Mysql username $password="MYPASSWORD"; // Mysql password $db_name="MYDBNAME"; // Database name $tbl_name="MYTABLENAME"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // username and password sent from form $username=$_POST['username']; $password=$_POST['password']; // To protect MySQL injection (more detail about MySQL injection) $username = stripslashes($username); $password = stripslashes($password); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $username and $password, table row must be 1 row if($count==1){ // Register $username, $password and redirect to file admin.php or user directory $location = ($username == 'admin') ? 'admin.php' : "client/$username/index.php"; session_register("username"); session_register("password"); header("location:$location"); } else { header("location:clientfail.htm"); } ?> so if I log in as admin, I get directed to the admin page which contains this php code: <?php session_start(); $username = $_SESSION['username']; if(!$username=='admin') { header("location:clientfail.htm"); } ?> I thought the second block of code would open the session (seeing who logged in from the initial screen) and follow the if statment to say "if you're not admin then load clientfail.htm". For some reason the clientfail.htm loads regardless Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted December 21, 2008 Share Posted December 21, 2008 Their is no session start on your login page and session_register("username"); session_register("password"); should be $_SESSION['username'] = $username; $_SESSION['password'] = $password; Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.