User Management System

[etrader]

I have created a very simple CMS by storing articles in mysql database. Everything is OK for my need; but I have no idea how to handle user management. I have created a table for users and a page to create new accounts.

 

But how I can restrict the article submission page to logged in users?

How I can show a widget of profile of logged users?

 

I think there are different ways to do so; define(), cookie, ....

What is the best method as CMSes normally use?

 

Thank you in advance 

[gristoi]

look at using sessions http://php.net/manual/en/ref.session.php.

sudo code for your page would look something like this:

 

<?php
session_start();

if(the users has a valid session){
profile block
}
else
{
dont display block
}
?>

[ZulfadlyAshBurn]

I guess they store it the logged users in mySQL and using ajax on the page checking if the user had any interactions else user = offline.

[teynon]

In addition to gristoi's post:

 

You can also use cookies. I used to use sessions a lot for user tracking, but got more into using cookies instead. (Same thing pretty for the most part. Sessions = server side, Cookies = client side)

 

When I use cookies, I usually create a token associated with an IP address in the database. Then I send the token to the browser as sort of its temporary password. When they load the next page, I verify the token and the IP address. (To try and prevent cross-site hacks.)

 

Cookies

http://php.net/manual/en/features.cookies.php

 

XSS

http://www.acunetix.com/websitesecurity/xss.htm