Jump to content

Need some directions creating a multi-user site


Idefix99

Recommended Posts

Hi all,

 

I'm working on a hobby project to improve my skills and learn PHP and MySQL. Don't know if this is the right place to ask this question, so please let me know if it isn't.

 

I already created a single user site. It has a simple PHP login and after login information (like personal information and messages) is pulled from the database and shown. The personal information is stored in a table called settings and the messages are stored in a table called messages.

 

I like to go to the next level and create a multi-user login, but I have no idea were to start. I think I have to switch to another login type were both PHP and MySQL are used. How has the database be designed? Can I use the same structure as in the single user site I created? How can the right (belonging to the user) information be retrieved from the database?

 

Thanks in advance !

 

 

Link to comment
Share on other sites

After your users register and the information is stored in the database, when a user attempts to log-in, your code will try to match the username and password with the log-in information they provided. If they match, the user gets access. If they don't then they will get a message stating that the "Username and/or Password are not valid". Never clue them in as to which was incorrect. You will also need to store a "salt" in the database. This will be some hash that you will add to the users password. Read up on "Salting passwords". You will have to get familiar with sessions and cookies so you can keep track of your guests as they move around in your site while they are logged in. Maybe someone can chime in here with some additional advice and point you to a good tutorial to get you started. You will learn a lot while creating a robust and secure log-in system.  

Edited by hansford
Link to comment
Share on other sites

Thank you for all the ideas. I started with the tutorials and I think this will enable to make some progress. I think I have to get familiar with a secure login system first and tackle the other problems later. Most likely those problems will disappear when I'm familiar with how a login system works. 

Link to comment
Share on other sites

I'd be very careful with random “tutorials” you found somewhere on the Internet. A lot of those people have absolutely no idea what they're doing and will teach you dangerous nonsense.which can actually compromise your entire server.

 

To be honest, I think the whole concept of programming-by-numbers is a bad idea. You don't learn a lot, and there's a huge risk of adopting all those bad practices that have been around for years.

 

My personal strategy for learning is this:

  • I learn the basics (like accessing an SQL database with PHP).
  • I use the manual a lot, because that's where you get first-hand information.
  • I read up on best practices (like properly hashing a password).
  • think about what I've learned: Do I agree or disagree? Is there maybe a better way?
  • I write my own code.
  • I check what other people have to say.

In my experience, this works very well. It leads to a high code quality at an early stage and an actual understanding of the concepts behind PHP. 

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.