Jump to content

Ristricting db use.

Voodoo Jai

By Voodoo Jai
in MySQL Help

 Share

Recommended Posts

Voodoo Jai Regular Member

Voodoo Jai

Posted
Posted

I am wanting to be able to allow people to register, login and add their details to my db, but how do I only allow acces to their particular details within the db. I can find info on registration and login forms but not anything relevant after that stage. Is PHP used to ristrict access or is it done with mysql. I know I have to create another table that has users details in it, but how do I connect this to their details in the main db so they can only edit a specific row and no other.

 

-------------

user table

-------------

email

username

pwd

 

--------

 

--------------

details table

--------------

name

address

business type

........

........

etc

 

 

Any help would be good.

Link to comment
Share on other sites
asmith Advanced Member

asmith

Posted
Posted

i assume you want to have a page in your site for example with a name : Options . where a user can edit his options , and records in mysql .

 

when a user signin by your login page, store his username in a session.  like : 

$_SESSION = 'theuser';

from now on, every where the user goes you have his username in that session variable. 

so when he is on the option page and want to edit the recordings on the mysql , your php-sql line would be like this :

 

UPDATE user_table set email="NewEmail" WHERE username="$_SESSION[username]";

 

hope its helpful

 

 

Link to comment
Share on other sites
Malevolence Member

Malevolence

Posted
Posted

I am not so clear as to what you meant, nor what you need help with, but I'll try helping you with what I could understand  ;)

 

OK well first of all, nobody can touch your database except through a PHP file right? And YOU control what you want to be submitted into the database OK?

 

With that in mind, You'll want the following:

 

One table is all you will need on the MySQL side of things.

 

uid (this needs to be the primary key, set to 'autoincrement' and be an integer)

email

username

pwd

forename

surname

address1

address2

city

county

country

postcode

businessType

etc.

 

All in one table.

 

Next step: Create a submission form

 

[

<?php

// connect to your database
$host = 'localhost';
$user = 'yourusername';
$pwd = 'yourpassword';
$db = 'yourdatabasename';
$tbl = 'yourtablename';
mysql_connect($host, $user, $pwd);
mysql_select_db($db);

// Check if the form has not been submitted. if so, show the form.
if (!isset($_POST["submit"])) {
?>

<form action="" method="post">

<p>First Name: <br>
<input name="forename" type="text"></p>

<p>Surname: <br>
<input name="surname" type="text"></p>

<p>E-Mail: <br>
<input name="email" type="text"></p>

<p>Desired Username: <br>
<input name="username" type="text"></p>

<p>Password: <br>
<input name="pwd" type="password"></p>

<p>Password Again: <br>
<input name="pwdchk" type="password"></p>

<p>Address 1: <br>
<input name="address1" type="text"></p>

<p>Address 2: <br>
<input name="address2" type="text"></p>

<p>City/Town: <br>
<input name="city" type="text"></p>

<p>State/County: <br>
<input name="county" type="text"></p>

<p>Country: <br>
<input name="country" type="text"></p>

<p>Postcode/Zip code: <br>
<input name="postcode" type="text"></p>

<p>Business Type: <br>
<input name="businessType" type="text"></p>

<p><input type="submit" name="submit" value="Sign up!"><input type="reset" value="Start Again"></p>

</form>

<?php 
}
else {

// If the form has been submitted already, put the database into variables and insert them into the database.
$username = $_POST["username"];
$forename = $_POST["forename"];
$surname = $_POST["surname"];
$email = $_POST["email"];
$address1 = $_POST["address1"];
$address2 = $_POST["address2"];
$city = $_POST["city"];
$county = $_POST["county"];
$country = $_POST["country"];
$postcode = $_POST["postcode"];
$businessType = $_POST["businessType"];
// Check if the password was correct in both password textboxes.
if ($_POST["pwd"] == $_POST["pwdchk"]) {
$pwd = $_POST["pwd"];
}

mysql_query("INSERT INTO `$tbl` (email, username, pwd, forename, surname, address1, address2, city, county, country, postcode, businessType) VALUES ('$email', '$username', '$pwd', '$forename', '$surname', '$address1', '$address2', '$city', '$county', '$country', '$postcode', '$businessType')");
echo "<font size='6' color='red'>You have successfully registered!</font>";
}
?>

 

The edit page will be the same except that instead of:

 

mysql_query("INSERT INTO `$tbl` (address1) VALUES ('$address1')");

 

It will be:

 

mysql_query("UPDATE `$tbl` SET address1="$address1" WHERE uid="$_SESSION['uid']);

 

Of course, this is based on the fact that the user is logged in like this:

 

session_start();
if (!$_SESSION["access"]) {
header("Location: http://www.yoursite.com/failed.php"); }
else {

// Page contents here

}

 

And you would store the username after the user login like this:

 

session_start();
$_SESSION["username"] = $_POST["username"];

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.