473,558 Members | 2,831 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Login system with php

Hello every body,

i have to do a news system wich use php/mysql.

i need 3 accounts:
* a 'reader' who doesn't need to log in to read the news
* a 'writer' who can write news in a pending news table
* a 'moderator' which validate a pending news, and make it a regular news,
viewable from the site (by the 'reader')

This is a small web site, so i can't use SSL; and i use php sessions.

Right now, i deal with account from a mysql users point of view, which
means, that a 'reader' can access all the admin part of the site, but will
ger errors when trying to read/write by sql query.

I was wondering if somedody could give me a trick to deny access to the
admin pages. Rigth now, i though about these:
* by decoding mydql rights? (how)
* by doing only-to-test query? (bad i think, especially for write right)

any idea greatly apreciated, thx :)

--
TheDD
Jul 17 '05 #1
10 2840
I don't excatly know what u mean but why won't u njust have some table
like this:
CREATE TABLE Users(
id int( 100 ) NOT NULL AUTO_INCREMENT ,
name varchar(200) NOT NULL default '',
pass text NOT NULL default '',
user_type varchar( 1 ) NOT NULL default '',
UNIQUE (name),
PRIMARY KEY ( id )
) TYPE=MyISAM;

and then u say somethink like:

$user_type = $sql_info[user_type];
if($user_type == 2)
{
//display admin stuff
} elseif($user_ty pe ==1)
{
//display writer stuff
} elseif($user_ty pe ==0)
//display read stuff
}

i dunno but maybe this helps u

On Sat, 11 Oct 2003 15:00:22 +0200, TheDD <pa***@email.co m> wrote:
Hello every body,

i have to do a news system wich use php/mysql.

i need 3 accounts:
* a 'reader' who doesn't need to log in to read the news
* a 'writer' who can write news in a pending news table
* a 'moderator' which validate a pending news, and make it a regular news,
viewable from the site (by the 'reader')

This is a small web site, so i can't use SSL; and i use php sessions.

Right now, i deal with account from a mysql users point of view, which
means, that a 'reader' can access all the admin part of the site, but will
ger errors when trying to read/write by sql query.

I was wondering if somedody could give me a trick to deny access to the
admin pages. Rigth now, i though about these:
* by decoding mydql rights? (how)
* by doing only-to-test query? (bad i think, especially for write right)

any idea greatly apreciated, thx :)


Jul 17 '05 #2
On Sat, 11 Oct 2003 15:09:11 +0200, warstar wrote:
I don't excatly know what u mean but why won't u njust have some table
like this:
CREATE TABLE Users(
id int( 100 ) NOT NULL AUTO_INCREMENT ,
name varchar(200) NOT NULL default '',
pass text NOT NULL default '',
user_type varchar( 1 ) NOT NULL default '',
UNIQUE (name),
PRIMARY KEY ( id )
) TYPE=MyISAM; and then u say somethink like: $user_type = $sql_info[user_type];
if($user_type == 2)
{
//display admin stuff
} elseif($user_ty pe ==1)
{
//display writer stuff
} elseif($user_ty pe ==0)
//display read stuff
} i dunno but maybe this helps u


well, several thing:
1/ the problem is that with that kind of table, the rights are logicals,
and the restrictions are hard coded in php, wich is not really great for
the evolution of the web site :/
2/ it's a detail but i don't need personalized account, one account of each
type is enough

thx anyway for your proposition. If i don't find better i might use it :)

--
TheDD
Jul 17 '05 #3
i think u got to have somthink like rights u can also make some think
like this:
CREATE TABLE Users(
id int (10) NOT NULL AUTO_INCREMENT ,
name varchar(200) NOT NULL default '',
pass text NOT NULL default '',
group varchar( 1 ) NOT NULL default '',
UNIQUE (name),
PRIMARY KEY ( id )
) TYPE=MyISAM;

CREATE TABLE Group(
id int( 10) NOT NULL AUTO_INCREMENT ,
news_read int(1) default '0',
news_write int(1) default '0',
news_admin int(1) default '0',
PRIMARY KEY ( id )
) TYPE=MyISAM;

this is best way i think is possible this way u ncan have multiple
account's later on as your site addvances now u just make 3 account.
u can add more right to the group table so later u can say i have a
user part and i want some right's in htere and u add fields like
userarea_read ect.

On Sat, 11 Oct 2003 15:17:48 +0200, TheDD <pa***@email.co m> wrote:
On Sat, 11 Oct 2003 15:09:11 +0200, warstar wrote:
I don't excatly know what u mean but why won't u njust have some table
like this:
CREATE TABLE Users(
id int( 100 ) NOT NULL AUTO_INCREMENT ,
name varchar(200) NOT NULL default '',
pass text NOT NULL default '',
user_type varchar( 1 ) NOT NULL default '',
UNIQUE (name),
PRIMARY KEY ( id )
) TYPE=MyISAM;

and then u say somethink like:

$user_type = $sql_info[user_type];
if($user_type == 2)
{
//display admin stuff
} elseif($user_ty pe ==1)
{
//display writer stuff
} elseif($user_ty pe ==0)
//display read stuff
}

i dunno but maybe this helps u


well, several thing:
1/ the problem is that with that kind of table, the rights are logicals,
and the restrictions are hard coded in php, wich is not really great for
the evolution of the web site :/
2/ it's a detail but i don't need personalized account, one account of each
type is enough

thx anyway for your proposition. If i don't find better i might use it :)


Jul 17 '05 #4
If you are still stuck, let me know
"TheDD" <pa***@email.co m> wrote in message
news:11******** *************** *****@40tude.ne t...
Hello every body,

i have to do a news system wich use php/mysql.

i need 3 accounts:
* a 'reader' who doesn't need to log in to read the news
* a 'writer' who can write news in a pending news table
* a 'moderator' which validate a pending news, and make it a regular news,
viewable from the site (by the 'reader')

This is a small web site, so i can't use SSL; and i use php sessions.

Right now, i deal with account from a mysql users point of view, which
means, that a 'reader' can access all the admin part of the site, but will
ger errors when trying to read/write by sql query.

I was wondering if somedody could give me a trick to deny access to the
admin pages. Rigth now, i though about these:
* by decoding mydql rights? (how)
* by doing only-to-test query? (bad i think, especially for write right)

any idea greatly apreciated, thx :)

--
TheDD

Jul 17 '05 #5
On Sat, 11 Oct 2003 22:14:54 GMT, Tesla wrote:
If you are still stuck, let me know


well i am, i would like to avoid a table to store the rights like warstar
propose.

--
TheDD
Jul 17 '05 #6
"TheDD" <pa***@email.co m> wrote in message
news:11******** *************** *****@40tude.ne t...
Hello every body,

i have to do a news system wich use php/mysql.

i need 3 accounts:
* a 'reader' who doesn't need to log in to read the news
* a 'writer' who can write news in a pending news table
* a 'moderator' which validate a pending news, and make it a regular news,
viewable from the site (by the 'reader')

This is a small web site, so i can't use SSL; and i use php sessions.

Right now, i deal with account from a mysql users point of view, which
means, that a 'reader' can access all the admin part of the site, but will
ger errors when trying to read/write by sql query.

I was wondering if somedody could give me a trick to deny access to the
admin pages. Rigth now, i though about these:
* by decoding mydql rights? (how)
* by doing only-to-test query? (bad i think, especially for write right)


No trick needed, you answer your own question...

1) a 'reader' doesn't login (doesn't have username/password) - gets
standard site pages
2) a 'writer' will need to login to add/upload news - gets
writer access site pages
3) a 'moderator' will need to login to review/post news - gets
admin access site pages

so in code (sortof)

<?PHP
if not logged in then display standard site
else if logged in with writer user/password then display writer pages
else if logged in with admin user/password then display admin pages
?>

The writer and admin pages would probably be similar with the admin having
extra stuff that the writer would not see. Keeping the users in the db is
fine as long as you either separate them into two different tables or have a
field that indicates that the user has writer or admin rights. The reader
will not have any entries in the db - no need to check until login attempt.

Jul 17 '05 #7
u got to store it some where text file or some other think i dunno how
to do it a other way

On Sun, 12 Oct 2003 02:37:38 +0200, TheDD <pa***@email.co m> wrote:
On Sat, 11 Oct 2003 22:14:54 GMT, Tesla wrote:
If you are still stuck, let me know


well i am, i would like to avoid a table to store the rights like warstar
propose.


Jul 17 '05 #8
On Sun, 12 Oct 2003 12:37:42 +0200, warstar wrote:
On Sun, 12 Oct 2003 02:37:38 +0200, TheDD <pa***@email.co m> wrote:
On Sat, 11 Oct 2003 22:14:54 GMT, Tesla wrote:
If you are still stuck, let me know
well i am, i would like to avoid a table to store the rights like warstar
propose.
u got to store it some where text file or some other think i dunno how
to do it a other way


well i was thinking to decode mysql rights (the one shown with 'show grants
for user') and to use that, but it doesn't seem to be possible.

Anyway, another table is really not what i aim, so i think i'm gonna use
hard coded php "if (account) then else"...

Anothe reason for not using a rights table is that it needs another query,
which slow down the page processing...

Thx for your help :)

--
TheDD
Jul 17 '05 #9
it is possible to block the insert stuff yeah but to user the same
rules in the php code don't think that's possible :)

On Sun, 12 Oct 2003 15:59:16 +0200, TheDD <pa***@email.co m> wrote:
On Sun, 12 Oct 2003 12:37:42 +0200, warstar wrote:
On Sun, 12 Oct 2003 02:37:38 +0200, TheDD <pa***@email.co m> wrote:
On Sat, 11 Oct 2003 22:14:54 GMT, Tesla wrote: If you are still stuck, let me know well i am, i would like to avoid a table to store the rights like warstar
propose.

u got to store it some where text file or some other think i dunno how
to do it a other way


well i was thinking to decode mysql rights (the one shown with 'show grants
for user') and to use that, but it doesn't seem to be possible.

Anyway, another table is really not what i aim, so i think i'm gonna use
hard coded php "if (account) then else"...

Anothe reason for not using a rights table is that it needs another query,
which slow down the page processing...

Thx for your help :)


Jul 17 '05 #10

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
3426
by: XP | last post by:
I am having problems with the blow page. I have a login page where I enter the userid and password. This then connects to this page. If I enter the userid and password correctly, it prints successfully logged into system. If I enter the wrong information all I get is an erro page HTTP status 502 etc. Can anyone help? <?php
4
2810
by: nicholas | last post by:
Hi, Got an asp.net application and I use the "forms" authentication mode defined in the web.config file. Everything works fine. But now I would like to add a second, different login page for the users that go in a specific folder. How can I do this?
2
2888
by: pv | last post by:
Hi everyone, I need help with following scenario, please: Users are accessing same web server from intranet (users previously authenticated in Active Dir) and from extranet (common public users). If user is from intranet, web server should recognize it and application should create additional options in controls regarding groups the user...
6
14546
by: Tim Cartwright | last post by:
I have a page that has the login control on it, nothing else. This page inherits from a master page, neither page has any code in it. This page works perfectly when running on the WebDev debug web server. I am able to log in. However after publishing the page to my local IIS, it results in the below error. This error is occurring on the Visual...
3
2114
by: Bruce | last post by:
I just started the design of an ASP.NET application which accesses one of our custom web services to provide user authentication, among other purposes. I created a log-in page (code below), using the WebControls.Login control. I put a simple label on the page, to display text showing whether the log-in was successful. I populate the...
1
4981
by: Jakob Lithner | last post by:
When I started a new ASP project I was eager to use the login facilities offered in Framework 2.0/VS 2005. I wanted: - A custom principal that could hold my integer UserID from the database - An easy way to classify different pages as either Admin, Member or Public, where login is necessary for Admin and Member but not for Public. My idea...
2
2450
by: Sasquatch | last post by:
I'm still having trouble creating a simple login page using the asp:login control. I followed some instructions in a WROX book, "Beginning ASP.NET 2.0," and the instructions are very straight forward, but it won't work for me. I've got a little better troubleshooting information for everyone now. First, here's how I set this stuff up... ...
0
5250
by: muder | last post by:
I have a standard Login ASP.NET 2.0 control on a login Page, a LoginName and LoginStatus controls on the member's page. once the user login successfully I am redirecting the user to Member.aspx page. The following is my machine configuration Windows XP Pro Service Pack2 IIS 5.1 SQL Server 2000 visual Studio 2005 DISABLE ANONMYOUS...
6
3333
by: AppleBag | last post by:
I'm having the worst time trying to login to myspace through code. Can someone tell me how to do this? Please try it yourself before replying, only because I have asked this a couple of times in the past in other places, and while the help was much appreciated, it seemed everyone just wanted to 'theoretically' explain how to do it, but when I...
0
1450
by: sandari | last post by:
The following code (web.config in Visual Studio 2005) is supposed to redirect a user to the appropriate Form depending on their role. However, regardless of the user's role, the only page displayed is the login page with the URL of the page the user was supposed to go to being displayed in the address bar. A valid user is: ...
0
7629
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
0
7835
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. ...
0
8061
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
0
7914
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
0
6183
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
1
5455
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes...
0
3602
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in...
0
3578
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
1164
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.