SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Wizard edshuck's Avatar
    Join Date
    Jul 2000
    Posts
    1,200
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi

    For a long while I have used .htaccess to lock a directory that has php scripts that update mysql on the server. This is just a service paid for monthly by me. I use ftp, telnet and my isp is yet another service. It works fine.

    The problem:

    I now want to allow individuals and companies to register a userid and pw and gain access for posting into the mysql.

    I need to allow this self posting because I want to serve about 30 schools pta notices etc. Artists doing shows, etc. You know - community activity stuff. Always changing. This way, give them access and every month remind them to post. maybe 400-500 groups of one form or another.

    The company access to allow them to initially post and if the phone changes, they can update. Rather than depend on my doing it. Which they then question why I did not have the current info - like the phone company calls me when a # is changed.

    I have had success with the lost pet page that is a standard non pw form.

    But I want to allow the posters to update their posts and not other peoples posts.

    Any ideas, I find it a bit daunting and know that this is the place for the query.

    I have tried to be clear. Sorry about the length.

    peace


  2. #2
    ********* wombat firepages's Avatar
    Join Date
    Jul 2000
    Location
    Perth Australia
    Posts
    1,717
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    A quick and dirty way (but effective) is HTTP_AUTHENTICATION,

    this below script assumes that you have a 'users' table with 'user' and 'pass' fields somewhere in it, and that your record tables have a corresponding user or pass field (or perhaps a linking id?)

    anyway if you require() this file at the very top of every script that allows user database access...

    <?
    if(!isset($PHP_AUTH_USER)) {
    Header("WWW-authenticate: basic realm=\"THIS DOMAIN\"");
    Header("HTTP/1.0 401 Unauthorized");
    $title="Login Instructions";
    ?>
    <blockquote>
    MESSAGE TO FAILED FAILED USERS
    </blockquote>
    <?
    exit;
    } else {

    mysql_pconnect("localhost","USER","PASSWORD") or die("Unable to connect to
    SQL server");
    mysql_select_db("DATABASE") or die("Unable to select database");
    $USER=strtolower($PHP_AUTH_USER);
    $PASS=$PHP_AUTH_PW;
    $query = mysql_query("select * from users where user='$USER' and
    pass='$PASS'");
    if(!mysql_num_rows($query)) {
    Header("WWW-authenticate: basic realm=\"THIS DOMAIN\"");
    Header("HTTP/1.0 401 Unauthorized");
    $title="Login Instructions";
    ?>
    <blockquote>
    MESSAGE TO FAILED FAILED USERS
    </blockquote>
    <?
    exit;
    }

    mysql_free_result($query);
    }
    ?>

    your queries would then have ... WHERE user='$USER' ... (or pass='$PASS') etc.

    Then only regstered users can get in, and only at the info that relates to thier username/id (whatever).

    The main difference between this and just getting the user and password each time is that the user only has to log in once per session.

    justathought

  3. #3
    SitePoint Wizard edshuck's Avatar
    Join Date
    Jul 2000
    Posts
    1,200
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    hi

    thanks for the information. i will be able to try this later today.

    thanks again

    peace


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •