how do i authenicate a user

[jeppers]

i have got session control but i want to define it so only a specificate user can acccess a serten area

 

can any one help. i have pasted a copy of my session code so you can have look and see what i can do

 

<?php
session_start();
ob_start();
// if session variable not set, redirect to login page
if (!isset($_SESSION['authenticated'])) {
  header('Location: http://localhost/login.php');
  exit;
  }
?>

[trq]

Is this all the code? where do you actually create $_SESSION['authenticated'] and login?

[jeppers]

sorry hear we go

 

<?php
// process the script only if the form has been submitted
if (array_key_exists('login', $_POST)) {
  // start the session
  session_start();
  // include nukeMagicQuotes and clean the $_POST array
  include('corefuncs.php');
  nukeMagicQuotes();
  $textfile = 'C:/private/filetest03.txt';
    if (file_exists($textfile) && is_readable($textfile)) {
    // read the file into an array called $users
    $users = file($textfile);

    // loop through the array to process each line
    for ($i = 0; $i < count($users); $i++) {
      // separate each element and store in a temporary array
      $tmp = explode(', ', $users[$i]);
      // assign each element of the temp array to a named array key
      $users[$i] = array('name' => $tmp[0], 'password' => rtrim($tmp[1]));
  // check for a matching record
  if ($users[$i]['name'] == $_POST['username'] && $users[$i]['password'] == $_POST['pwd']) {
  // alternative (shorter) code
  //if ($tmp[0] == $_POST['username'] && rtrim($tmp[1]) == $_POST['pwd']) {
    // if there's a match, set a session variable
    $_SESSION['authenticated'] = 'Jethro Tull';
	break;
	}
      }
// if the session variable has been set, redirect
if (isset($_SESSION['authenticated'])) {
  header('Location: http://localhost/menu.php');
  exit;
  }
// if the session variable hasn't been set, refuse entry
else {
  $error = 'Invalid username or password.';
  }
    }
  // error message to display if text file not readable
  else {
    $error = 'Login facility unavailable. Please try later.';
    }
  }
?>

[The Little Guy]

If your saying you want to have areas where certain level users can only enter, then I would make a column in the database called group with a data type of "enum".

An example:

1 = admin

2 = high ranked

3 = member

4 = low member

 

 

Why are you using Exact paths? It makes it harder to work with when you change servers.

[jeppers]

well this is my first atemp at a website and i am finding it hard on what to do...  there is so much advice and different directions i have found it hard to chose the right one

 

have you got any tips on what i can do about it and how to change it

 

another problem is that with my email system it just won't work because of an smtp problem arrrr... been bugging me for days... can you suggest anthing which i can do to bye pass that....

 

sorry to many question but i need a hand

 

thanks

[arianhojat]

another problem is that with my email system it just won't work because of an smtp problem arrrr... been bugging me for days... can you suggest anthing which i can do to bye pass that....

google php.mailer class. i find it better to work with. code is easy...

<?php

require("../phpmailer/class.phpmailer.php");

$mail = new PHPMailer();

$mail->IsSMTP(); // telling the class to use SMTP

$mail->IsHTML(true);

$mail->Host = "192.168.1.101"; // your SMTP server IP

$mail->From = 'test@bleh.com';

$mail->FromName = 'Joe Smie';

$mail->Subject = "testtt";

$mail->Body = "<h1>Hello</h1>';

$mail->AltBody = "hello";//for those without html reading clients

// if need attachment, $mail->AddAttachment( htmlspecialchars($docPath) );

 

$mail->AddAddress('Joe@test.com');

 

if(!$mail->Send())

{

  echo "Message was not sent";

  echo "Mailer Error: " . $mail->ErrorInfo;

}

else

{

//echo 'Sent Email to '.  $to. '<br/>';

//echo 'at '. date('g:i a, n-j-Y');

}

//*/

?>