Hi All,
I have made a database that will have the following:
username
password
clientpath
expiry
I am going to write a login system in php where once the user is successful in the login process they get taken to their specific directory and page which is 'clientpath' from the database.
The expiry field will be a date which will mean they cannot login after the date specified.
But say their folder was http://www.mydomain.com/clients/smith/, what is stopping them, once their login has expired, just entering the path in their browser and accessing the pages?
I ask this as I only have about 3 months experience with php programming but am learning very quickly and I wish to start making this login script.
Also, what do I really need to learn i.e., sessions, $_POST etc? I know there are some reasonable premade scripts already out there but if I am going to customise my scripts I really want to be able to understand them. If anyone knows of any great learning resources for sessions, authentication or admin resources that'd be a great helpl.
Brad
adding clients in a database
Moderator: General Moderators
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
You can do several things, one of being is check if you have set a $_SESSIOn variable to flag that they are online or not.
Search these forums, as this has been discussed countless times.
[devnet] +user +authenticat* [/devnet]
Code: Select all
<?php
if (!empty($_SESSION['loggedin']))
{
//show folder
}
else
{
echo 'ACCESS DENIED';
} ?>[devnet] +user +authenticat* [/devnet]