homepage Welcome to WebmasterWorld Guest from 54.205.247.203
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
User log in form
Theory
Adam5000




msg:4212021
 1:17 am on Oct 6, 2010 (gmt 0)

Continuing on with getting my website online.

I'm starting the user login form now.

This involves using the username and password data in the database to password protect the pages in the member folder.

I'd like an idea on some theory. It seems to me that somehow I'm going to have to mark or tag the user's browser and identify it as being a member when the user logs in. Something like giving the member a backstage pass when the member logs in.

Help!

 

morehawes




msg:4212216
 9:43 am on Oct 6, 2010 (gmt 0)

I'm going to have to mark or tag the user's browser and identify it as being a member when the user logs in


Hi, sounds like sessions are your friend here : [uk.php.net...]

Another approach that fits your backstage pass analogy is setting a cookie on login : [uk.php.net...]

I hope that helps!

rocknbil




msg:4212391
 3:42 pm on Oct 6, 2010 (gmt 0)

An aside, if you're using sessions, you're already using cookies; the connection to the current user is kept alive via the PHPSESSID cookie *or* the query string if cookies are disabled. you will indeed need one or the other to maintain a logged in state.


This involves using the username and password data in the database to password protect the pages in the member folder.


Two things stand out here. First is member folder; to protect a directory you're going to have to have basic authentication [httpd.apache.org] (Apache, different for windows based servers) via an .htaccess/.htpasswd combination, which means as members sign up you are going to have to write the .htpasswd file. Otherwise they can bookmark the page and/or send it to anyone they like, circumnavigating your validation.

The two alternatives are:

- Redirect, via mod_rewrite, any requests to the protected directory to your authentication script, which would open the protected files and print them out to the browser. No authentication, print out a login form and exit. A simple redirect won't do, it can be bookmarked and saved, you need to pass the request through your login script to authenticate the user and actually read in the file, print it out to the browser.

- A more sensible approach, which is the second thing, is that since you already have a database, just store the protected content in the database and use the method above. If authenticated, extract the "pages" dynamically from the database and output them to the browser. This will make life a lot easier in the long run, in backing up, templating, and applying any global changes to your protected pages.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved