Hello so I’m trying to make a password protected page. I don’t want to just have 1 password for all of the pages, but I want the author to be able to use their custom password. I already have a password algorithm set up. It’s just how do I make dynamic sessions?
Like each session cookie has it’s own ID number or name that it grabs from the URL. I don’t want to use a static session because then if let’s say there’s at least 3 different pages that are protected and a user enters successfully in one page, then basically all 3 pages are unlocked for them which is not the intent that I was going for.
I want each page to have it’s own unique session so that the same user won’t be able to get into all pages. I know that static passwords such as default passwords are always a bad idea.
I know this might not be possible, but I keep thinking something like
$_SESSION['$F'] = $_GET['id'];
But then when I think about it, $F becomes static since it’s inside the single quote. I know that what ever is inside the single quotes are always indeed static because I can go look at the session cookies and expect to see a $F variable instead of seeing something like 1 or 34684 as the session name.
What I’m trying to go for is something like this.
I have the passwords saved into my database with them being hashed and salted.
Since each page has it’s own unique password, I want PHP to grab the ID from the URL so it knows the precise password that’s needed for that page.
If the password is typed in correctly, it sets a session that is the ID from the URL in it along with the user’s ID number. This is so that it can tell which user has correctly typed in the password along with which page that they were on.
Let’s say I have the number 1 as the URL. The number 1 gets echoed since the session exists, but then if I go to let’s say number 35464, the session number becomes 35464, but ignores the fact that 1 was typed in correctly since this is a static session.
I don’t want to use cookies because cookies can be manipulated on the client’s side so they can just attempt to get into the page as many times as they want without fail.
Well, each user has a user level already. What I’m trying to do is allow the user to create a page where if they deem that it should be a private page, then they can always put a password on the page so that only the people they share the password to can have access. By default, admins and moderators already can see these password protected pages.
You’re approaching this all wrong. You should be using some type of permission based system to grant authorization to certain pages. The way you’re approaching it right now is a cluster f**k, quite frankly. Especially when this is the exact problem that authorization based design patterns are meant to solve. Don’t solve problems by making more problems that will result in unnecessary complexity.
@oddz How is it different from any other authorized page? And why do you have to swear to get your point across? Do you have anger management in real life?
Any who, you’re the one that’s approaching this topic wrong. Swearing where it is not needed.
Also, I am doing it right, you’re just ignoring the fact that I have a user level system. User level system is not needed for this type of application. Yes, all I have to do is make sure the person is logged on. Is that your whole point that you had to swear to get across? Wow, I pity who ever you are. Any who, the user is already logged on and has authority for this particular application.
So I’m going to move on and listen to someone else who has a valid point other than someone swearing to get their point across.
@RyanReeseSo I can swear in this forum board and not get banned? Wow, I think I’ll abuse this power than. If I get banned, I’ll direct the moderators to this particular post so that they know who’s been teaching the new people what to say.
Defensive? lol, I’m laughing so bad right now.
Any who, like I said. I’ll just move a long until someone that has a valid point to come and I’ll listen rather than trying to argue with me. I mean if that’s all people want to do then why not make an arguing forum board?
I’m here trying to find an answer and if you can’t answer it with a valid point, then I’ll have to label this as trolling.
No, neither you nor any other member can swear here without risk.
“cluster f**k” is NOT a swear (though it is vulgar) but as explained, a common slang expression i.e.
(slang, vulgar) A chaotic situation where everything seems to go wrong. It is often caused by incompetence, communication failure, or a complex environment
Everyone, please stay on-topic to avoid havng the post snipped or deleted or this topic Closed
So… dont make them inside the single quotes. $_SESSION[$F] = "Wark"; is perfectly valid PHP (assuming $F is defined), and will set an element of the Session Superglobal array, with key set to whatever the current value of $F is, to “Wark”,
I would think the page creator could select from a “users list” people that they would allow access to this page, which would be stored in a separate DB table. A simple joined query when the page is called would tell you if the user can view the page. No need to extra sessions for each page. Users just log in.