PDA

View Full Version : php / mysql question


pethon
09-26-2006, 10:36 PM
Hi guys, im fairly comfotable with php/mysql and wanted your expert advises. I'm going to create a website based on social collectors, where people can upload their collections like stamps/magazines/coins etc etc with other social activities.

my first problem will be how to structure the logins.

basically i'll have admins, regular site members, maybe moderators who accept the images etc which people load

what kind of login structures can i use? sessions? cookies? which is better, any of you got good exampls? and any suggesstions on what kind of system users i should have

Creative Insanity
09-27-2006, 12:45 AM
Open DW and press F1 and do a search for login levels and enjoy. All the answers are there.

domedia
09-27-2006, 01:52 PM
Open DW and press F1 and do a search for login levels and enjoy. All the answers are there. Really? How does the help files answer: which is better, any of you got good exampls? and any suggesstions on what kind of system users i should have

davidj
09-27-2006, 02:29 PM
i would use session to hold the access level. Never use cookies as this has got to be a security issue

i use access level flags in my db...

1 = admin
2 = super user
3 = user

when you do a login assign the level to session and then use the session and IF / SWITCH statements to build the page menus

Creative Insanity
09-27-2006, 07:11 PM
Really? How does the help files answer:
Like this and includes links.

Building a page only authorized users can access
Your web application can contain a protected page that only authorized users can access.

NOTE

Dreamweaver does not have authentication server behaviors for ASP.NET pages.


For example, if a user attempts to bypass the login page by typing the protected pageís URL in a browser, the user is redirected to another page. Similarly, if you set the authorization level for a page to Administrator, then only users with Administrator access privileges can view the page. If a logged-in user attempts to access the protected page without the proper access privileges, the user is redirected to another page.

You can also use authorization levels to review newly registered users before granting them full access to the site. For example, you may want to receive payment before allowing a user access to the member pages of the site. To do so, you can protect the member pages with a Member authorization level and only grant newly registered users Guest privileges. After receiving payment from the user, you can upgrade the userís access privileges to Member (in the database table of registered users).

If you do not plan to use authorization levels, you can protect any page on your site simply by adding a Restrict Access To Page server behavior to the page. The server behavior redirects to another page any user who has not successfully logged in. For more information, see Redirecting unauthorized users to another page.

If you do plan to use authorization levels, you can protect any page on your site with the following building blocks:

A Restrict Access To Page server behavior to redirect unauthorized users to another page (see Redirecting unauthorized users to another page)
An extra column in your users database table to store each userís access privileges (see Storing access privileges in the user database)
Whether you use authorization levels or not, you can add a link to the protected page that lets a user log out and clears any session variables. For more information, see Logging out users.

pethon
09-28-2006, 01:27 PM
Thanks alot guys, appreciate the suggesstions.

i would use session to hold the access level. Never use cookies as this has got to be a security issue

i use access level flags in my db...

1 = admin
2 = super user
3 = user

when you do a login assign the level to session and then use the session and IF / SWITCH statements to build the page menus

Hey david, thanks. im slightly stumped by what you mean. i've done sessions before but it was so long ago lol! need to re-read things.

so basically youve got those 3 access levels assigned to those numbers? 1,2,3? and when an admin logs in, the admin hompage should appear.
if normal user logs in, the normal user page should appear. how does yours tell which login is which user. thanks guys!

davidj
09-28-2006, 02:27 PM
when you perform the login you will query the db and check password and user name. At this stage you can get the access level and assign this to a session which you can carry throughout the application

$_SESSION['access'] = $row['access_level'];

$_SESSION['access'] will now be set with 1,2,3 etc

on every page just check this $_SESSION['access'] and either allow or disallow access depending on rights