I would like to know how to make a PHP log in system that can restrict access to certain pages within the members-only portion of the site to particular members. There are 5 different sections in the members-only section, however only particular members can view certain pages. For example, John, out of the 5 categories can access 3, while Mary, on the other hand, has access to only 1 category. I'm assuming some sort of database would be required to see who can access which categories. A user name text field for log-in (no password field - it's not needed) is displayed on the left hand navigation bar. The user types in their full name, i.e. John Smith, Mary Brooks in the user name text field. Once that user is logged in, 5 new links (categories) appear on the left hand menu bar. Depending on which name was typed into the user name text field, certain links (out of the 5 links) can be accessed by that user. I know this isn't very secure, however security isn't an issue. With this project, it's more to do with instilling a false sense of security than anything. If someone could help me out I'd really appreciate it!
How about this one: $username = htmlspecialchars($_POST['username']; $password = htmlspecialchars($_POST['password'}; $query_login = mysql_query("select * from yourmembertable where username='$username' and password='$password'",$connection) or die (mysql_error()); $numRow=mysql_num_rows($query_login); $row = mysql_fetch_array ($query_login); if ($numRow != "0") { $levelStatus = $row["memberLevel"]; $_SESSION["username"] = $username; $_SESSION["password"] = $password; $_SESSION["memberLevel"] = $memberLevel; } PHP: add 1 field to your member table, give it a name with memberLevel int(1), and then in your login processor file. add $_session[memberLevel]. so in every page you can use this, to check the level of each member: if (isset($_SESSION["memberLevel"] == 1 )) { //echo the menu for this privilege } if (isset($_SESSION["memberLevel"] == 2 )) { //echo the menu for this privilege } if (isset($_SESSION["memberLevel"] == 3 )) { //echo the menu for this privilege } if (isset($_SESSION["memberLevel"] == 4 )) { //echo the menu for this privilege } if (isset($_SESSION["memberLevel"] == 5 )) { //echo the menu for this privilege } PHP: i'm not a master, so CMIIW....
Thanks a lot. That's exactly what I was looking for. So how would I integrate this into my HTML code?
And you may also can adopt group-based privilege management, like most forum system did, there are normal users, admins, banned users, etc..
You can't unless the file has a php extension and not an htm/html extension. If you have a php extension, I would place the session information at the top of the page.
Yes that's what I meant... But you answered my question, so that's great! What about the first block of code that junandya provided? Is that a separate page, which is called by some type of script?
the first block is...what should we do......in your member login processor file. and then the2nd one....you can state it in every page that need to identify visitor previlleges..... and then that's right the extention of your file should .php Hope it help........ Sakitu ti abdi, jalma dusun...................
For more complicated user permission scripts, where each user could have access to more than one user group, i use a string for permissions in a field in my db, where each character would correspond to a permission level for a certain group. like, field userpermission could have a value of 1011100 where each individual character defines whether they have access to materials/pages for a certain group, like admins, editors, forum moderators, products catalog, etc. That way you could have one user who has access to your content section and can edit forum posts, but can't access other admin features.
You could just have a extra field within the database with "user_level" where you set the minimum level that a user should have in order to view the page. And then just check if the user has a that level or above.