Posted by Carl Pearson on 01/27/07 13:38

Dave wrote:
> Hi all,
> I want to build a site which will allow me to restrict a users access
> based on assigned privileges and render pages with user-specific
> information.
>
> Some other features I would like to have are...
>
> i. to log failed access attempts.
> ii. to make information(text) on certain pages easily editable by a 1
> group of 'non-technical' users.
> iii. a database system for storing data gathered from forms.
>
> I have a basic understanding of html/javascript, and would appreciate
> any advice on where to concentrate my education to achieve the results
> above.
> My first guess would be PHP/MySQL which is why I'm posting here?
> Are there any ready-rolled solutions available that could be adapted?
> I'm going to setup an Apache webserver this weekend and experiment a
> little, but I don't want to have to re-invent the wheel... ;)
>
> Any pointers most appreciated,
>
> Dave.

So far as the access restriction, it's done with session vars that are
set upon a successful database query.

You run the queries based on the user & password entered into the login
page. You don't necessarily have to use the results of the query,
you're just checking to see if the user & PW matched (i.e., the query
returns a row of data), but the actual query could return their email
address, full name, whatever. It doesn't need to return the user or
pass because they've already entered that into the login form; you're
just checking to make sure they match.

If the query is successful they've entered the right info, you set the
appropriate session var and continue loading the desired page. If not,
you do an update query to another table, logging the incorrectly entered
info (plus any other pertinent info you may want to track, such as the
IP, time, etc.), then redirect to a "Sorry, wrong credentials" page.

You can also have the query pull a 'group' field which would grant
access to certain pages for certain users. This would be another
session var.

Each page you want to restrict first checks for the session vars, and if
they're not present, redirects to an "Oops" page, otherwise continues
loading as normal.

• Next in forum: Re: Username regular expression
• Prev in forum: Re: Username regular expression
• Thread view: Re: How to build a site with access privieges?

[Reply to this message]