Jump to content


Photo

PHP and MySQL Members Section


  • Please log in to reply
5 replies to this topic

#1 DeltaIotaKappa

DeltaIotaKappa
  • New Members
  • Pip
  • Newbie
  • 3 posts

Posted 01 March 2006 - 02:05 AM

Ok here is my problem. I am looking to create a members section to my Web site and require the user to log in, I only want the membership section to be viewable by those that have successfully logged in with a username and password. I want to use a MySQL database to hold the usernames and passwords.

So far I have everything done up to the point where the user can go to the login page and enter their info, if the info is correct it will use JavaScript to send them to the members section page, if it is incorrect for any number of reasons it will return the reason to the user. Basically what I want to happen is when they enter correct info additional options are available to them on the left navigation column. I want the server to know that they logged in correctly and let the user be able to browse the members section freely. I've never done this before so I don't know how to make it happen, right now what I was trying to mess with was the hope that after they logged in, either the variables or the superglobals would be remembered on the server and I could do something like:

if("some variable showing the user logged in before")
{
//display the members section
}
else
{
//send the user back to home page
}

I have tried a few things and it's apparent that either the variables aren't in memory or I am trying to access them wrong.

How do I make it so that once the user logs in they can view the members info but no one else can view it unless they have logged in? If you want I can give you a link to the page I am working on and/or my php code.

Thank You!

#2 XenoPhage

XenoPhage
  • Members
  • PipPipPip
  • Advanced Member
  • 99 posts

Posted 01 March 2006 - 02:50 AM

<shameless plug>

If you take a look at the security code I wrote for [a href=\"http://sf.net/projects/phptodo\" target=\"_blank\"]phpTodo[/a], you can see how I handled this. Basically, you use php sessions. If the user has a session, and the parameters match what you have in the database, you let them in. Using the sec_check.php file from phpTodo, you can check authentication on each page using the following code :


   // If the user is not authenticated, jump them to the login page
   if (! $user_obj = authenticate()) {
      login_redirect();
      exit;
   }


$user_obj is an object that can contain anything you need to know about a user.
--
[a href=\"http://blog.godshell.com\" target=\"_blank\"]XenoPhage[/a]
[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]Something mysterious is formed, born in the silent void. Waiting alone and unmoving, it is at once still and yet in constant motion. It is the source of all programs. I do not know its name, so I will call it the Tao of Programming.[/quote]

#3 Caesar

Caesar
  • Members
  • PipPipPip
  • Advanced Member
  • 1,025 posts

Posted 01 March 2006 - 02:59 AM

You want to use sessions. Do your login validation via another file/script. Then, include that file in the header of all the member's area...so that no matter where in the member's area they go..it will check authorization.

Example-1 (header.php):

include'auth.php';

Example-2 (auth.php):
session_start();

if(isset($username))

{///----Member's Area Content Here---///}

else

{

header("Location: $_SERVER['SERVER_NAME']index.php?error=nologin");

}

Edit: Be sure not only to check if the login variables are set, but that they match username/password from the database.
PHP Ninja

#4 DeltaIotaKappa

DeltaIotaKappa
  • New Members
  • Pip
  • Newbie
  • 3 posts

Posted 01 March 2006 - 03:14 AM

[!--quoteo(post=350482:date=Feb 28 2006, 09:50 PM:name=XenoPhage)--][div class=\'quotetop\']QUOTE(XenoPhage @ Feb 28 2006, 09:50 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
<shameless plug>

If you take a look at the security code I wrote for [a href=\"http://sf.net/projects/phptodo\" target=\"_blank\"]phpTodo[/a], you can see how I handled this. Basically, you use php sessions. If the user has a session, and the parameters match what you have in the database, you let them in. Using the sec_check.php file from phpTodo, you can check authentication on each page using the following code :


   // If the user is not authenticated, jump them to the login page
   if (! $user_obj = authenticate()) {
      login_redirect();
      exit;
   }


$user_obj is an object that can contain anything you need to know about a user.
[/quote]



Xeno - What is the link to your security code? I couldn't find it on that site.


#5 XenoPhage

XenoPhage
  • Members
  • PipPipPip
  • Advanced Member
  • 99 posts

Posted 01 March 2006 - 12:46 PM

[!--quoteo(post=350489:date=Feb 28 2006, 10:14 PM:name=DeltaIotaKappa)--][div class=\'quotetop\']QUOTE(DeltaIotaKappa @ Feb 28 2006, 10:14 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
Xeno - What is the link to your security code? I couldn't find it on that site.
[/quote]

You need to download the phpTodo distro.. Unpack the archive and it's in there. I'll see if I can find a place to put just the 2 files you would be interested in ...

Here's a link to the code : [a href=\"http://www.godshell.com/oss/secure-login.tar.gz\" target=\"_blank\"]http://www.godshell.com/oss/secure-login.tar.gz[/a]
--
[a href=\"http://blog.godshell.com\" target=\"_blank\"]XenoPhage[/a]
[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]Something mysterious is formed, born in the silent void. Waiting alone and unmoving, it is at once still and yet in constant motion. It is the source of all programs. I do not know its name, so I will call it the Tao of Programming.[/quote]

#6 DeltaIotaKappa

DeltaIotaKappa
  • New Members
  • Pip
  • Newbie
  • 3 posts

Posted 01 March 2006 - 03:40 PM

[!--quoteo(post=350580:date=Mar 1 2006, 07:46 AM:name=XenoPhage)--][div class=\'quotetop\']QUOTE(XenoPhage @ Mar 1 2006, 07:46 AM) View Post[/div][div class=\'quotemain\'][!--quotec--]
Here's a link to the code : [a href=\"http://www.godshell.com/oss/secure-login.tar.gz\" target=\"_blank\"]http://www.godshell.com/oss/secure-login.tar.gz[/a]
[/quote]

Got the code and unpacked it, thank you. I am gonna play around with it some and report back on if I run into anymore problems.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users