Okay, i want to set it up so that people (7, to be exact) will be able to log into a website and access private content. The thing that i'm having some difficulty doing is that i want to make it so that each person gets a page (all formatted the same) with things specific to them (to do list, etc). I know that php/mysql is probably the best route to take, and I've looked on hotscripts, but i can't find anything like what i want to do. Can anybody help?
How to create a website login system?
- Thread starter kmac1914
- Start date
You could probably do it with PHP/arrays/cookies . It would take about 3-4 hours to do if you had no experience.
What kind of advice is "you can use arrays"? And how the hell do you expect him to learn a programming language in 3-4 hours?
I do this stuff for a lving, and even I would probably take longer than 4 hours to come up with anything halfway-decent looking. I don't know where some people come up with thier advice...
What do you suggest notfred? I'm also looking into this, and I'm thinking PHP4 + sessions and mySQL to keep user info..
I mean, the part about havin them login isn't really a problem. the only problem i'm having is how to have the page come up for each person....kinda like 'my forums', or Blackboard for those of you in school, only not as complicated.
Actually explaining how to do the code is a bit complicated, that's why you're not getting much help. If you've never done this before, I suggest you dig around the web for some documentation, or buy some PHP/MySQL books to help so that you can be sure to develop a secure solution as opposed to something simple that happens to work.
Basically, the way it works is you have the page check if the user has a session cookie set that shows they logged in. If no cookie, then ask for login info. When form is submitted, check the dbase for user/password. If good, set the session cookie. If bad, ask users to re-submit, but don't tell them if it was username or password, otherwise it makes it easier for crackers to break into your system. Also be sure to have a log-out button on your pages so they can change accounts without having to close their browser completely to get a new session.
Basically, the way it works is you have the page check if the user has a session cookie set that shows they logged in. If no cookie, then ask for login info. When form is submitted, check the dbase for user/password. If good, set the session cookie. If bad, ask users to re-submit, but don't tell them if it was username or password, otherwise it makes it easier for crackers to break into your system. Also be sure to have a log-out button on your pages so they can change accounts without having to close their browser completely to get a new session.
What are you doing the login system with ? This would not be that hard if it is only for seven people. Getting this to scale at all would be a problem. You would need a login page that had three arrays, one for passwords, one for usernames, and one for the links. The login form and the script would be the same page BTW. The form would check to see if the username was in the user array and then check to see if the password matched the corresponding position in the password array. If it did, it would set a cookie with this info and send you to the correct page in the link array based on the corresponding position of the user & password array. This page would then check that you had the correct username/password in your cookie or it would send you back to the login page. Its not the cleanest way but it should work. Most of the work would be the same code but different user/password.
Well, fortunately, i seem to have an idea of how to actually do that...what you said actually makes sense. Like i said, it's not so much the login part that's got me, it was how to pull up the corresponding individual's page after they've logged in. However, i think i'll try to do what amdfanboy said and implement it using arrays.
In a nutshell...
Using PHP, when you call session_start at the beginning of a page, it automagically remembers anything you stored in the $_SESSION array.
So basically, when the user successfully logs in, add their userID or role or whatever you want to use to identify them and add that value to the session array (e.g. $_SESSION['UserID'] = $UID
Then on the next page, call session_start() and then serve different content based on the value you stored in $_SESSION.
Do some reading on how to securely kill a session, too. session_destroy() leaves some garbage laying around.
How I do it...
- User submits credentials (username & password) on a login page.
- Action script from the submit form checks the credential against the user DB.
- If they check out, create a session record in the DB (user ID, start time, expire time, session ID, closed flag) and set a cookie with the user ID, session ID and an MD5 hash to make sure nobody is mucking with the cookie client-side.
- At the top of each protected page, I call a function to retrieve the cookie and check it against the session record. If it checks out, it returns the user ID which can then be used to generate custom content. If it doesn't check out they get redirected to the login page.
- To logout, I delete the cookie, and mark the session record as closed. Deleting the cookie client side is not enough.
3 or 4 hours ... if you know the language, web development, etc. probably. For a newb, definitely not. I think when I did this the first time as I was learning PHP it was more like a day or so.
- User submits credentials (username & password) on a login page.
- Action script from the submit form checks the credential against the user DB.
- If they check out, create a session record in the DB (user ID, start time, expire time, session ID, closed flag) and set a cookie with the user ID, session ID and an MD5 hash to make sure nobody is mucking with the cookie client-side.
- At the top of each protected page, I call a function to retrieve the cookie and check it against the session record. If it checks out, it returns the user ID which can then be used to generate custom content. If it doesn't check out they get redirected to the login page.
- To logout, I delete the cookie, and mark the session record as closed. Deleting the cookie client side is not enough.
3 or 4 hours ... if you know the language, web development, etc. probably. For a newb, definitely not. I think when I did this the first time as I was learning PHP it was more like a day or so.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 24K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 24K
-
-
Facebook
Twitter