Restrict access to current members

conmolbry · April 17, 2010, 11:04pm

I’m looking for guidance how to use PHP and MySQL to manage member access to a site. That is, based on an individual’s membership expiration date to the organization, they would be prevented from accessing the members-only pages. Any help would be greatly appreciated.

Paul_Wilkins · April 17, 2010, 11:59pm

Your page will want to do the following:

[list][*]if member is not stored in a session variable

[list][]set a session redirect variable with the current page location
[]redirect to a login page[/list]
[*]show the page[/list]

The login page would:

[list][]set a session variable so that other pages can determine that the person is a valid member
[]and then return to the redirected page
[/list]

frank1 · April 18, 2010, 3:21am

I make a ACL matrix (With CRUD allow/deny indicators)
and matching position of person with allowed priviledge for that position from database

conmolbry · April 18, 2010, 3:39am

Thanks very much for responding. I’m afraid I’m very new at this technology and needing a walk-through on the procedure. Any possibility you could point me to an example?

frank1 · April 18, 2010, 4:19am

well the best example of acl is this forum itself vbulletin usues it
so does phpbb

and i guess it wont be ideal to refer it to u now,cakephp has very good acl model

and other have look at these
http://www.phpeveryday.com/articles/CHAPTER-7-ACCESS-CONTROL-LIST-P823.html

conmolbry · April 18, 2010, 6:25am

Sorry I was trying to respond to the gentleman from Christchurch. I really can’t understand what you’re saying.

wackyjoe · April 18, 2010, 7:17am

As frank1 said, have a look at this tutorial http://net.tutsplus.com/tutorials/php/a-better-login-system/

People here can tell you how to build it in theory, but as you said you are new to the technology, so why not just use that tutorial to help you.

Paul_Wilkins · April 18, 2010, 7:53am

The tutorial at http://net.tutsplus.com/tutorials/php/a-better-login-system/ gives you all of the code to properly setup and manage user and admin permissions. It uses a similar technique as what I described earlier to check if a person has the right permission or not.

For example:


<?php  
include("assets/php/database.php");  
include("assets/php/class.acl.php");  
$myACL = new ACL();  
if ($myACL->hasPermission('access_admin') != true)  
{  
    header("location: insufficientPermission.php");  
}  
?>

As they say though, the devil is in the details, but fortunately for you someone else has already worked out the details and provided them for you as a tutorial, so that you end up with a production-ready solution.

conmolbry · April 18, 2010, 1:46pm

Right, I’ll give it a try. Thanks to you all for the great help.