1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

how to require authenticated users

Discussion in 'PHP' started by dm_guru, Feb 5, 2006.

0
  1. #1
    I am new to programming and would like to get some insight from the smart folks here at DP. I am creating a series of pages to share information from a mysql db to users who authenticate from a login screen.

    I have been able to authenticate a user utilizing an md5 translation on password and it works great. Here is my problem, I don't know how to make every page require an authenticated user. I dont want people to be able to navigate my site structure directly to view data. I want all users to be logged in and then only will they be able to follow the links offered from their login validated page. I hope this makes sense.

    I am not looking for DP members to do my work for me, just advice and pointers to what I need to do in order to accomplish the task. My research has been steering me to sessions but I just don't know what to do.

    Please help.
     
    dm_guru, Feb 5, 2006 IP
  2. themole

    themole Peon

    Messages:
    82
    Likes Received:
    7
    Best Answers:
    0
    Trophy Points:
    0
    #2
    Here's a really simple example that leaves some for you to do.

    Once they've authenticated, set a session variable to their username,

    $_SESSION['valid_user'] = $username;

    Then you can have a function that checks to make sure they're still valid for every page, something like:

    
function check_valid_user($username)
{
	//Run a query to see if their username is found in the database

	if($username_found == true)
		return true;
	else
		return false;
}
    Code (markup):
    then in your pages use this

    
if(check_valid_user($_SESSION['valid_user']))
{
	//display content that is only for authenicated users
}

else
{
	//display login form or 'you must log in', etc... 
}
    Code (markup):
    -the mole
     
    themole, Feb 5, 2006 IP
  3. dm_guru

    dm_guru Peon

    Messages:
    10
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Thank you to themole!

    This is a great start for me... thanks a lot.

    Suppose I have a directory of files ( a catch all directory ) and I have a db table that lists all clients id's along with file pointers to their files located in the catch all directory. How would I prevent a user from accessing a file directly once logged in? In other words, how do I keep user A from (if he knew the file name) from seeing user B's files or vice versa?

    I am setting up pages to query db for all client files (from the db) and showing them to user in html <ul></ul> format. But I just want to insure that alterring the url specification does not allow them accesss to other files in catch all other than their db specified files.

    Thanks again.
     
    dm_guru, Feb 5, 2006 IP
  4. drugoon

    drugoon Guest

    Messages:
    702
    Likes Received:
    10
    Best Answers:
    0
    Trophy Points:
    0
    #4
    If you want to protect image files you should use .htacces to secure your directories.
     
    drugoon, Feb 5, 2006 IP