homepage Welcome to WebmasterWorld Guest from 54.146.190.193
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / WebmasterWorld / New To Web Development
Forum Library, Charter, Moderators: brotherhood of lan & mack

New To Web Development Forum

    
Theory
Log in form
Adam5000

5+ Year Member



 
Msg#: 4205644 posted 7:14 am on Sep 23, 2010 (gmt 0)

Greetings all

I'm glad there are people here to help and thanks to everyone who has helped so far.

I've got a website that has both a guest (free) area and a members area. And I'm trying to restrict access to the members area to those who have paid their fee.

I'm about done with the first part which is creating the registration form (Choose a user name, choose a password, reenter password) and then store the chosen username and password in a database.

And now for the next part. The log in form. That's the one where the user clicks on a button and a form is presented that says something like "Enter username and password." Then the computer checks the database for the username the user has keyed in. If it's there, then then the computer continues on and compares the password associated with the username to the password that has been keyed in. If the passwords match then the user is granted access. If not then access is denied. (Or at least I think that's the way it works.)

If this were in the real world I'd stamp their hand and then inspect their hand at the gate as they went in and out. But since this is cyberspace I'll need something different.

In theory, how do I let users into the members area (or not) based on the usernames and passwords in the database?

Or in other words, in theory, how do I password protect the members area after I have the chosen usernames and passwords in the database.

Stated another way, how do I grant access (or not) based on the usernames and passwords in the database.

(Pardon me. It's 2:00 a.m. here and I'm starting to babble. Smile)

Right now I'm thinking something involving the user's IP address. But that may be off base.

When I'm done with this I'm going to take a full pseudo vacation. That means putting a rope barrier around the couch and television and watching the Travel Channel for at least five days and four nights.

Help!

 

rocknbil

WebmasterWorld Senior Member rocknbil us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 4205644 posted 4:28 pm on Sep 23, 2010 (gmt 0)

Or in other words, in theory, how do I password protect the members area after I have the chosen usernames and passwords in the database.


Two ways.

If your members area is static content, it will need to be protected by basic authentication [httpd.apache.org]. (Not sure how you'd do it on windows servers.) So this would mean as new members are added/removed, you update the .htpasswd file.

An easier way, is make all your content dynamic from your scripting (presuming PHP) and extracted from the database. No authentication, no access.

$authUser = authenticate();

if ($authUser > ) {
// give them the content from the database.
// Note this method can allow multiple levels
// of access: 1= basic user, 2=paid, 3= admin....
}
else {
// Back to the login or register page
}

rocknbil

WebmasterWorld Senior Member rocknbil us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 4205644 posted 5:43 pm on Sep 26, 2010 (gmt 0)

LOL . . . . hindsight and all that . . . .

if ($authUser > 0) {

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / New To Web Development
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved