[PHP] Building Menus based on User Rights
I would like for my pages to generate HTML code based on a users rights. For example I have a table called user and it looks like this useridpasswordadminuser -- memypassY you yourpass Y When a person logs in they are authenticated against this table. Once they are logged in I would like to build a page with a few links. If the person has a Y in the admin, I would like to offer an additional link on the page for some admin functions. My question is this, when a person logs in I know the user name and password is stored in the $_POST global. How long does that stay available. Can I recall the userid and password, query the database and then generate a page based on those results? Would I be better off using the session information or setting cookies? I'm at the crossroads and not sure which trail to start going down. Ray -- --- Is the Internet down? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Building Menus based on User Rights
I found an article 1 of 6 parts by Ben Rowe on devarticles.com. It looks like he is doing what I want to accomplish but I have to wait for the other 5 articles. When a user logs in he writes a record to MYSQL for the session. That record holds certain variables for the session. Your reply helps, I'm new to all of this and not really a programmer but I would rather learn to do it the right way than the easy way. Ray On Mon, 2002-11-11 at 12:30, Jason Wong wrote: On Tuesday 12 November 2002 02:05, Ray Seals wrote: I would like for my pages to generate HTML code based on a users rights. For example I have a table called user and it looks like this useridpasswordadminuser -- memypassY you yourpass Y When a person logs in they are authenticated against this table. Once they are logged in I would like to build a page with a few links. If the person has a Y in the admin, I would like to offer an additional link on the page for some admin functions. My question is this, when a person logs in I know the user name and password is stored in the $_POST global. How long does that stay available. For all practical purposes[1] just treat it as if it's not available after the person is logged in. Can I recall the userid and password, query the database and then generate a page based on those results? Yes, but see [1]. Would I be better off using the session information or setting cookies? You definitely want to be looking at sessions. Search for some user authentication tutorials. [1] Unless you continue propagating the login info (user/password) via hidden elements in a form (which btw, is a very foolish thing to do) they would only be available on the page that is handling your login. -- Jason Wong - Gremlins Associates - www.gremlins.com.hk Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * /* Experience is not what happens to you; it is what you do with what happens to you. -- Aldous Huxley */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- --- Is the Internet down? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Questions on PHP Variables
The fact that tutorials are outdated using old code is not a good reason to stick with it :) I agree totally. So I'm trying to use the $_Server variables but I continue to get this error: Parse error: parse error, expecting 'T_STRNG' or 'T_VARIABLE' or 'T_NUM_STRING' in blah, blah, blah on line 33. Here is the script that is doing this: ?php // File Name: auth04.php // Check to see if $PHP_AUTH_USER already contains info if (!isset($_SERVER[PHP_AUTH_USER])) { // If empty, send header causing dialog box to appear header('WWW-Authenticate: Basic realm=My Private Stuff'); header('HTTP/1.0 401 Unauthorized'); exit; } else if (isset($_SERVER[PHP_AUTH_USER])) { // If non-empty, check the database for matches // connect to MySQL mysql_connect(hostname, username, password) or die (Unable to connect to database.); // select database on MySQL server mysql_select_db(dev_i2ii_com) or die (Unable to select database.); // Formulate the query $sql = SELECT * FROM users WHERE username='$_SERVER[PHP_AUTH_USER]' and password='$_SERVER[PHP_AUTH_PW]'; // Execute the query and put results in $result $result = mysql_query($sql); // Get number of rows in $result. 0 if invalid, 1 if valid. $num = mysql_numrows($result); if ($num != 0) { echo PYou're authorized!/p; exit; } else { header('WWW-Authenticate: Basic realm=My Private Stuff'); header('HTTP/1.0 401 Unauthorized'); echo 'Authorization Required.'; exit; } } ? -- The data base stuff hasn't been put in yet, I'm just trying to get the script to load cleanly before I trouble shoot the database connector side. Ray -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Questions on PHP Variables
I'm running PHP 4.2.3 as an Apache Module When I try to use $PHP_AUTH_USER it returns nothing. But if I print out $_SERVER[PHP_AUTH_USER] it prints the user name I tried. All of the sample code and books that I have use the $PHP_AUTH_USER. Can anyone give me some insight on what the difference is? Ray -- --- Is the Internet down? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php