Jump to content

Secure User View

flipper828

By flipper828
in PHP Coding Help

Recommended Posts

flipper828 Member

flipper828

Posted
Posted

Where to start? First, I am very much a novice to coding in general. I've had beginner and intermediate php classes and I love working with php.

 

I've had a site with a login/password security in place for some time. However, I would like to add a page in which the user can go to see all downloads meant for them and not all available downloads.

 

The problem is, I don't know where to start. I've done some "googling" but apparently I don't even possess the correct terminology to do a helpful search. All I am coming up with is help to create a login/pasword site.

 

Would one of you offer some advice on where I need to start.

 

Thank you in advance for your help.

Link to comment
https://forums.phpfreaks.com/topic/273587-secure-user-view/
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

If you have a login script, you have a session variable that contains the user_id of the logged in member. You would use that user_id to filter the content/data that the page produces so that only the items that belong to that user are displayed.

Link to comment
https://forums.phpfreaks.com/topic/273587-secure-user-view/#findComment-1407953
Share on other sites
Psycho Prolific Member

Psycho

Posted
Posted

If you have already created a login process you are 80% there. As part of the login you should be storing some information to identify the user within session data - typically this could be the user ID. Also, if you have specific downloads for each user you *must* have that information stored somewhere such as a database. And that information should be tied to the user in some way (e.g. the user ID). So, on the page to display the downloads you would just use the user ID stored in the login session data to query the available downloads for that user.

 

If you have some downloads that are available to more than 1 person, then you should at least have two tables: 1 to describe the downloads and another to specify which DLs belong to which users. So, the code could look something like this:

 

if(!isset($_SESSION['user_id'])
{
   //redirect to login page
   exit();
}

$userID = intval($_SESSION['user_id']);
$query = "SELECT name, path
         FROM downloads
         JOIN user_downloads USING(download_id)
         WHERE user_downloads.user_id = $userID";

//Execute query and output the results

Link to comment
https://forums.phpfreaks.com/topic/273587-secure-user-view/#findComment-1407958
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.