Join 136,909 PHP Programmers for FREE! Get instant access to thousands of PHP experts, tutorials, code snippets, and more! There are 1,739 people online right now. Registration is fast and FREE... Join Now!
this store system went from a simple display of name, and info
to a multi-section map displayin, interactive, whatever beast i really didn't need to add to my plate right now.
anyways, the system isn't very complex. its three db tables, simple admin pages that add/edit/delete all of the relevant content.
but one of the tables is stores, with all of their info in it. each row is a different store obviously.
soo....
what he wants to do is allow each store to have the ability to edit their own pages. so i need to give them access to only their administration page. i'm not really sure how to do that.
never done a user system before, so how would i set something like that up, or if you have a quick dirty way to get this done i would be happy to hear that.
I don't know how quick & dirty it is, but I'd have a login page for the clients, once they validate send them to an admin page (you only need 1) passing their store ID. Once they hit the admin page with their ID, load the admin page with their specific store information.
A simple login form, when they click "Login" check the username/password combination, make sure it matches what's in the database. I would do a simple encryption of the password, especially if the login isn't at https (which is a bad thing in or itself).
If the login succeeds, then pass them off to the admin page, carrying their store ID with them. When they hit the admin page, hit your database with the store ID you passed to retrieve the stores information. Once they make their changes, just update your table with the new information for that store id.
And yes, I would just have a simple 3 column table with username, password and store id.
psycho... pratically this is just a forwarder based on their user and pass, but really offers no protection correct?
if they just change the id in their url they would be able to access the other admin pages.
i don't foresee that being a problem, its local companies and not a big deal, plus i will just disguise the id in there... but to complete the project theoretically i would have to deal with sessions or some such thing i have never used before right?
I used vAuthenticate to protect the CMS area for the last project I did. It uses session, supports multiple users and groups and is really easy to set up.
I think it was actually recommended to someone on DIC before, and my google search brought me to this site for the first time.
This post has been edited by thehat: 17 Mar, 2008 - 09:10 AM
Have a memberid column in your store table. When a store is created place the members id in there. Then when they log in the memberid from the user table is used to pull the relevant store from the store table. No user input to decide which store is loaded.
Have a look at this snippet I wrote on using sessions with PHP. It validates the users name & password, then implements sessions to only allow those that are authenticated for that page to access it
| 