Session id and logging in

[gerkintrigg]

I'm having problems trying to understand exactly what I'm supposed to be doing.

I want to alter my existing a website (www.magic2k.com) by adding a login page, rather than using HTAccess (which is fine for a the moment, but the member list's growing and I'm having problems managing the data - hense the database (to make things easier, which it undoubtably does).

 

I need to know what to do (not necessarily how to do it) in logical steps.

For example:

I've got a page set up at the moment that determines whether the user COULD login. but I heard something about a session and cookies and all that stuff and don't know what to do.

 

I'd like some advice in this sort of format:

 

1 - visitor enters info

2 - info checked

3 - if correct start session & write cookie

4 - blah blah blah... you get the idea.

 

I just need to know where I'm starting really.

Thanks for your time.

[ksp]

Although this won't relate to coding using DW (I've tried and decided the best way to learn is to just hand code the php), I've just been working on a similar project and have found the "Creating a Membership System" by phpfreak (in the tutorials section of this website) and another membership tutorial there, "PHP Membership System 2.0" by Bradley Beard to be helpful in understanding.

 

I set up my database similar to what was shown in the tutorial, and being totally new to pulling data from databases and sessions, etc., experienced some problems but have been working through them with help in the Newbie Forum (Help with login script by ksp: http://www.phpfreaks.com/forums/index.php?...ic=14856&st=0&)

 

On our site, visitors come in and sign up for services (sign up info inserted into database from registration form), then with their user name and password they can log into a special members' only page (their info is checked against the database).

 

Anyway, the tutorial helped me get started... I still have more to do, like lost password recovery, etc., so am heading back to the tutorial now in fact.

 

Hope this helps,

ksp

 

[Pawn]

Hello again.

 

- Visiter enters page

- Script checks existence of session variable determining access

- If not found, displays login form and 'create new acc' button.

- If found, displays "You are logged in as soandso." and gives relevant options

- If login form is submitted, code checks details against the database, and determines whether user has entered correct information. If they have, it sets a minimum of two session variables, one $_SESSION['access'] is used to determine if whether or not the person is logged on. The second $_SESSION['usr'] stores their username for use in code. It should also redirect this user back to this page, where the access variable will now be detected.

- If 'create new account' button is pressed, form appears with pertinent registration details.

 

Each page in your site should check the existence of the $_SESSSION['access'] variable to allow or disallow member features.

 

This is rough, but it's basically the setup I use.

 

I advise reading the tutorials mentioned in the last post. I've read a few, and they helped me in understanding Sessions in particular (very easy once you understand them, like so many things).