Login system with php

Re: Login system with php

I don't excatly know what u mean but why won't u njust have some table
like this:
CREATE TABLE Users(
id int( 100 ) NOT NULL AUTO_INCREMENT ,
name varchar(200) NOT NULL default '',
pass text NOT NULL default '',
user_type varchar( 1 ) NOT NULL default '',
UNIQUE (name),
PRIMARY KEY ( id )
) TYPE=MyISAM;

and then u say somethink like:

$user_type = $sql_info[user_type];
if($user_type == 2)
{
//display admin stuff
} elseif($user_ty pe ==1)
{
//display writer stuff
} elseif($user_ty pe ==0)
//display read stuff
}

i dunno but maybe this helps u

On Sat, 11 Oct 2003 15:00:22 +0200, TheDD <pas.d@email.co m> wrote:
[color=blue]
>Hello every body,
>
>i have to do a news system wich use php/mysql.
>
>i need 3 accounts:
>* a 'reader' who doesn't need to log in to read the news
>* a 'writer' who can write news in a pending news table
>* a 'moderator' which validate a pending news, and make it a regular news,
>viewable from the site (by the 'reader')
>
>This is a small web site, so i can't use SSL; and i use php sessions.
>
>Right now, i deal with account from a mysql users point of view, which
>means, that a 'reader' can access all the admin part of the site, but will
>ger errors when trying to read/write by sql query.
>
>I was wondering if somedody could give me a trick to deny access to the
>admin pages. Rigth now, i though about these:
>* by decoding mydql rights? (how)
>* by doing only-to-test query? (bad i think, especially for write right)
>
>any idea greatly apreciated, thx :)[/color]

Re: Login system with php

On Sat, 11 Oct 2003 15:09:11 +0200, warstar wrote:
[color=blue]
> I don't excatly know what u mean but why won't u njust have some table
> like this:
> CREATE TABLE Users(
> id int( 100 ) NOT NULL AUTO_INCREMENT ,
> name varchar(200) NOT NULL default '',
> pass text NOT NULL default '',
> user_type varchar( 1 ) NOT NULL default '',
> UNIQUE (name),
> PRIMARY KEY ( id )
> ) TYPE=MyISAM;[/color]
[color=blue]
> and then u say somethink like:[/color]
[color=blue]
> $user_type = $sql_info[user_type];
> if($user_type == 2)
> {
> //display admin stuff
> } elseif($user_ty pe ==1)
> {
> //display writer stuff
> } elseif($user_ty pe ==0)
> //display read stuff
> }[/color]
[color=blue]
> i dunno but maybe this helps u[/color]

well, several thing:
1/ the problem is that with that kind of table, the rights are logicals,
and the restrictions are hard coded in php, wich is not really great for
the evolution of the web site :/
2/ it's a detail but i don't need personalized account, one account of each
type is enough

thx anyway for your proposition. If i don't find better i might use it :)

--
TheDD

Re: Login system with php

i think u got to have somthink like rights u can also make some think
like this:
CREATE TABLE Users(
id int (10) NOT NULL AUTO_INCREMENT ,
name varchar(200) NOT NULL default '',
pass text NOT NULL default '',
group varchar( 1 ) NOT NULL default '',
UNIQUE (name),
PRIMARY KEY ( id )
) TYPE=MyISAM;

CREATE TABLE Group(
id int( 10) NOT NULL AUTO_INCREMENT ,
news_read int(1) default '0',
news_write int(1) default '0',
news_admin int(1) default '0',
PRIMARY KEY ( id )
) TYPE=MyISAM;

this is best way i think is possible this way u ncan have multiple
account's later on as your site addvances now u just make 3 account.
u can add more right to the group table so later u can say i have a
user part and i want some right's in htere and u add fields like
userarea_read ect.

On Sat, 11 Oct 2003 15:17:48 +0200, TheDD <pas.d@email.co m> wrote:
[color=blue]
>On Sat, 11 Oct 2003 15:09:11 +0200, warstar wrote:
>[color=green]
>> I don't excatly know what u mean but why won't u njust have some table
>> like this:
>> CREATE TABLE Users(
>> id int( 100 ) NOT NULL AUTO_INCREMENT ,
>> name varchar(200) NOT NULL default '',
>> pass text NOT NULL default '',
>> user_type varchar( 1 ) NOT NULL default '',
>> UNIQUE (name),
>> PRIMARY KEY ( id )
>> ) TYPE=MyISAM;[/color]
>[color=green]
>> and then u say somethink like:[/color]
>[color=green]
>> $user_type = $sql_info[user_type];
>> if($user_type == 2)
>> {
>> //display admin stuff
>> } elseif($user_ty pe ==1)
>> {
>> //display writer stuff
>> } elseif($user_ty pe ==0)
>> //display read stuff
>> }[/color]
>[color=green]
>> i dunno but maybe this helps u[/color]
>
>well, several thing:
>1/ the problem is that with that kind of table, the rights are logicals,
>and the restrictions are hard coded in php, wich is not really great for
>the evolution of the web site :/
>2/ it's a detail but i don't need personalized account, one account of each
>type is enough
>
>thx anyway for your proposition. If i don't find better i might use it :)[/color]

Re: Login system with php

If you are still stuck, let me know


"TheDD" <pas.d@email.co m> wrote in message
news:11p2kz22aw p8u.d0tscrys0ww m.dlg@40tude.ne t...[color=blue]
> Hello every body,
>
> i have to do a news system wich use php/mysql.
>
> i need 3 accounts:
> * a 'reader' who doesn't need to log in to read the news
> * a 'writer' who can write news in a pending news table
> * a 'moderator' which validate a pending news, and make it a regular news,
> viewable from the site (by the 'reader')
>
> This is a small web site, so i can't use SSL; and i use php sessions.
>
> Right now, i deal with account from a mysql users point of view, which
> means, that a 'reader' can access all the admin part of the site, but will
> ger errors when trying to read/write by sql query.
>
> I was wondering if somedody could give me a trick to deny access to the
> admin pages. Rigth now, i though about these:
> * by decoding mydql rights? (how)
> * by doing only-to-test query? (bad i think, especially for write right)
>
> any idea greatly apreciated, thx :)
>
> --
> TheDD[/color]

Re: Login system with php

On Sat, 11 Oct 2003 22:14:54 GMT, Tesla wrote:
[color=blue]
> If you are still stuck, let me know[/color]

well i am, i would like to avoid a table to store the rights like warstar
propose.

--
TheDD

Re: Login system with php

"TheDD" <pas.d@email.co m> wrote in message
news:11p2kz22aw p8u.d0tscrys0ww m.dlg@40tude.ne t...[color=blue]
> Hello every body,
>
> i have to do a news system wich use php/mysql.
>
> i need 3 accounts:
> * a 'reader' who doesn't need to log in to read the news
> * a 'writer' who can write news in a pending news table
> * a 'moderator' which validate a pending news, and make it a regular news,
> viewable from the site (by the 'reader')
>
> This is a small web site, so i can't use SSL; and i use php sessions.
>
> Right now, i deal with account from a mysql users point of view, which
> means, that a 'reader' can access all the admin part of the site, but will
> ger errors when trying to read/write by sql query.
>
> I was wondering if somedody could give me a trick to deny access to the
> admin pages. Rigth now, i though about these:
> * by decoding mydql rights? (how)
> * by doing only-to-test query? (bad i think, especially for write right)
>[/color]

No trick needed, you answer your own question...

1) a 'reader' doesn't login (doesn't have username/password) - gets
standard site pages
2) a 'writer' will need to login to add/upload news - gets
writer access site pages
3) a 'moderator' will need to login to review/post news - gets
admin access site pages

so in code (sortof)

<?PHP
if not logged in then display standard site
else if logged in with writer user/password then display writer pages
else if logged in with admin user/password then display admin pages
?>

The writer and admin pages would probably be similar with the admin having
extra stuff that the writer would not see. Keeping the users in the db is
fine as long as you either separate them into two different tables or have a
field that indicates that the user has writer or admin rights. The reader
will not have any entries in the db - no need to check until login attempt.

Re: Login system with php

u got to store it some where text file or some other think i dunno how
to do it a other way

On Sun, 12 Oct 2003 02:37:38 +0200, TheDD <pas.d@email.co m> wrote:
[color=blue]
>On Sat, 11 Oct 2003 22:14:54 GMT, Tesla wrote:
>[color=green]
>> If you are still stuck, let me know[/color]
>
>well i am, i would like to avoid a table to store the rights like warstar
>propose.[/color]

Re: Login system with php

On Sun, 12 Oct 2003 12:37:42 +0200, warstar wrote:[color=blue]
> On Sun, 12 Oct 2003 02:37:38 +0200, TheDD <pas.d@email.co m> wrote:[color=green]
>> On Sat, 11 Oct 2003 22:14:54 GMT, Tesla wrote:[/color][/color]
[color=blue][color=green][color=darkred]
>>> If you are still stuck, let me know[/color][/color][/color]
[color=blue][color=green]
>> well i am, i would like to avoid a table to store the rights like warstar
>> propose.[/color][/color]
[color=blue]
> u got to store it some where text file or some other think i dunno how
> to do it a other way[/color]

well i was thinking to decode mysql rights (the one shown with 'show grants
for user') and to use that, but it doesn't seem to be possible.

Anyway, another table is really not what i aim, so i think i'm gonna use
hard coded php "if (account) then else"...

Anothe reason for not using a rights table is that it needs another query,
which slow down the page processing...

Thx for your help :)

--
TheDD

Re: Login system with php

it is possible to block the insert stuff yeah but to user the same
rules in the php code don't think that's possible :)

On Sun, 12 Oct 2003 15:59:16 +0200, TheDD <pas.d@email.co m> wrote:
[color=blue]
>On Sun, 12 Oct 2003 12:37:42 +0200, warstar wrote:[color=green]
>> On Sun, 12 Oct 2003 02:37:38 +0200, TheDD <pas.d@email.co m> wrote:[color=darkred]
>>> On Sat, 11 Oct 2003 22:14:54 GMT, Tesla wrote:[/color][/color]
>[color=green][color=darkred]
>>>> If you are still stuck, let me know[/color][/color]
>[color=green][color=darkred]
>>> well i am, i would like to avoid a table to store the rights like warstar
>>> propose.[/color][/color]
>[color=green]
>> u got to store it some where text file or some other think i dunno how
>> to do it a other way[/color]
>
>well i was thinking to decode mysql rights (the one shown with 'show grants
>for user') and to use that, but it doesn't seem to be possible.
>
>Anyway, another table is really not what i aim, so i think i'm gonna use
>hard coded php "if (account) then else"...
>
>Anothe reason for not using a rights table is that it needs another query,
>which slow down the page processing...
>
>Thx for your help :)[/color]

Re: Login system with php

On Sun, 12 Oct 2003 15:59:16 +0200, TheDD <pas.d@email.co m> pixelated:
[color=blue]
>On Sun, 12 Oct 2003 12:37:42 +0200, warstar wrote:[/color]
[color=blue]
>Anothe reason for not using a rights table is that it needs another query,
>which slow down the page processing...
>
>Thx for your help :)[/color]

How about putting admin files in another directory and using
a .htaccess file to password protect it? Only the moderator
with the password gets to use those pages. That's how I put
client data up on my site to show them first drafts, etc.