SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Enthusiast
    Join Date
    Oct 2000
    Location
    Location:
    Posts
    94
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi all!

    Let me just start by thanking everybody here who has welcomed an helped us beginners (and soon to be masters) of MySQL/PHP, your time and patience really is appreciated.

    The following question is a very basic one regarding the best way to structure my database.
    (I must admit, I'm slightly anxious about how to go about it, I want to get it correct from the get-go!)

    Basically I need to create a database which will contain the names of different amateur music groups in various categories, many of which are located in different regions of the United Kingdom.
    Also I need to allow users to insert/submit their groups into the database at any time, this needs to be done using a simple submition form which the user fills in and simply submits.

    However I need to implememnt a (simple!) user-authenticication system which would require each user to enter a 'user-name' and 'password' before they could submit their group into the database.
    The user also must have the privaliage of acessing their own particular group details (by entering thier user-name and password) where they can edit/update the details of the group they have entered when ever they wish.

    I know this must be a relitively simple operation, but I just wanted to get some advice on how best to go about doing this.

    I know that I will need a two tables to do this:

    > One to hold the details of the music groups.

    > One to hold the names of authorised users who submit thier music groups into the database.

    What I don't understand is how these two tables should interact with each other and reference each other when a new user wishes to enter their music group into the database.


    I would appreciate any help!!!

    Thank you


    Koncise.

  2. #2
    SitePoint Wizard TWTCommish's Avatar
    Join Date
    Aug 1999
    Location
    Pittsburgh, PA, USA
    Posts
    3,910
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It's really quite simple: you create a field in your Music Groups table (we'll call it "groups") called "uid" - or something like that. When the user submits it (let's call their table "users"), you simply take that user's unique identification ("userid", perhaps?), and submit it into that field along with the other fields for the music group.

    So, if you then want to see all groups submitted by, say, the user with the ID number of "4", you would use something like this:

    Code:
    SELECT * FROM groups WHERE uid='4'
    Oh, and as for a user management system, checkout Kevin Yank's most recent tutorial:
    http://www.webmasterbase.com/article.php?aid=319

    Good luck!

  3. #3
    Serial Publisher silver trophy aspen's Avatar
    Join Date
    Aug 1999
    Location
    East Lansing, MI USA
    Posts
    12,937
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    There is a security problem with what Chris suggested.

    I could just do bandedit.php3?uid=4 and the script would think I'm authenticated when I wouldn't be.

    You must authenticate the user first when they are editing- you can do so via a series of steps.

    1. Select the UID from the row you wish to edit and use a join to also select the password from the users table

    2. Compare that UID password with the given UID and Password (either submitted with the rest of the form - or retrieved from a session variable/cookie/whatever)

    3. If verification succeeds only then process the update.
    Chris Beasley - I publish content and ecommerce sites.
    Featured Article: Free Comprehensive SEO Guide
    My Guide to Building a Successful Website
    My Blog|My Webmaster Forums

  4. #4
    SitePoint Wizard TWTCommish's Avatar
    Join Date
    Aug 1999
    Location
    Pittsburgh, PA, USA
    Posts
    3,910
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes Chris, I realize that my method did not include any kind of user verification - wasn't meant to include that...that's why I linked to Kevin's article, which can probably help him out more than I can here.

    My post was only meant as a way to show him how he can associate a group's record with the user who submitted them. My apologies if my code was implied to be a total solution.

  5. #5
    SitePoint Wizard TWTCommish's Avatar
    Join Date
    Aug 1999
    Location
    Pittsburgh, PA, USA
    Posts
    3,910
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What the? I think Yoda just winked at me...


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •