For starters, I am a novice at best when it comes to using/implementing PHP.
My question and I will provide you the URL so you can see what I am referring to - http://www.genesiscapitalmarketing.com/index2.html. This is a new web client of mine. They are wanting to implement a username/password system for their site and they want to allow only certain associates of theirs to access certain pages/documents. I think what they are wanting is for when people correctly login for it to take them to what will be a page entitled 'Agent Welcome' and then they can access these things from that page. In the future they want a system that will allow anyone from what I understand to access these things.
I guess what I need some direction and assistance with is in setting up the code for this system to where it will serve both purposes, both presently and in the future. I had thought a issuing their associates one general username and password would be the way to go.
Any help you can provide is greatly appreciated!
username/password/login question
Moderator: General Moderators
-
kettle_drum
- DevNet Resident
- Posts: 1150
- Joined: Sun Jul 20, 2003 9:25 pm
- Location: West Yorkshire, England
Set up a database to hold the username/password and privledges. Then if a user logs in they get the username and privledges of the user that they logged in as. If they dont log in they can be assigned to the guest user in the database of users - and then use those privledges.
So in the present time you can limit some areas of the site to the logged in users, and then you can simple give the guest user more privledges in thre future.
So in the present time you can limit some areas of the site to the logged in users, and then you can simple give the guest user more privledges in thre future.
username/password/login question
Thanks for the good info. I hear all that and in theory makes sense but as far as the nuts and bolts portion or how to code all that is but a mystery. If you could point me to some tutorial that would be helpful.
Thanks a bunch
Thanks a bunch
-
kettle_drum
- DevNet Resident
- Posts: 1150
- Joined: Sun Jul 20, 2003 9:25 pm
- Location: West Yorkshire, England
Well this forum has a fair amount of info on setting up privledges and im sure google has a lot of good tutorials too. But here we go.
First of all you decide on what privledges are. They can either be levels of privledges or individual - the latter giving you more precise control as you give them to small items - such as the privledge to post a news item, as oppose to the level privledge of being able access and use all the news admin features.
So with individual privledges you will need more of them, but get better control. With levels you might just want to use characters to identify a privledge, so a user that can use the news authoring system will have the 'N' char in his/her privledges.
Then when this user opens the page to try and add a news item you check to see if the user has the 'N' flag in their privledges, if they do then show them the page, if they dont...redirect them somewhere.
Individual privledges work in just the same way except there more refined, and because of this there will be more of them, and will likely mean that you will need a seperate table to store them in.
Then on the restricted pages you can do something like:
The check_privs function then grabs the id number of the privledge from the privs table according to the name passed to it, and then checks to see if that number is held in the users privledge field.
First of all you decide on what privledges are. They can either be levels of privledges or individual - the latter giving you more precise control as you give them to small items - such as the privledge to post a news item, as oppose to the level privledge of being able access and use all the news admin features.
So with individual privledges you will need more of them, but get better control. With levels you might just want to use characters to identify a privledge, so a user that can use the news authoring system will have the 'N' char in his/her privledges.
Then when this user opens the page to try and add a news item you check to see if the user has the 'N' flag in their privledges, if they do then show them the page, if they dont...redirect them somewhere.
Individual privledges work in just the same way except there more refined, and because of this there will be more of them, and will likely mean that you will need a seperate table to store them in.
Code: Select all
CREATE TABLE privs (
id int(5),
name varchar(30)
);Code: Select all
if(check_privs('POST_NEWS')){
...
}