[PHP] Building Menus based on User Rights
I would like for my pages to generate HTML code based on a users rights. For example I have a table called user and it looks like this useridpasswordadminuser -- memypassY you yourpass Y When a person logs in they are authenticated against this table. Once they are logged in I would like to build a page with a few links. If the person has a Y in the admin, I would like to offer an additional link on the page for some admin functions. My question is this, when a person logs in I know the user name and password is stored in the $_POST global. How long does that stay available. Can I recall the userid and password, query the database and then generate a page based on those results? Would I be better off using the session information or setting cookies? I'm at the crossroads and not sure which trail to start going down. Ray -- --- Is the Internet down? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Building Menus based on User Rights
I found an article 1 of 6 parts by Ben Rowe on devarticles.com. It looks like he is doing what I want to accomplish but I have to wait for the other 5 articles. When a user logs in he writes a record to MYSQL for the session. That record holds certain variables for the session. Your reply helps, I'm new to all of this and not really a programmer but I would rather learn to do it the right way than the easy way. Ray On Mon, 2002-11-11 at 12:30, Jason Wong wrote: On Tuesday 12 November 2002 02:05, Ray Seals wrote: I would like for my pages to generate HTML code based on a users rights. For example I have a table called user and it looks like this useridpasswordadminuser -- memypassY you yourpass Y When a person logs in they are authenticated against this table. Once they are logged in I would like to build a page with a few links. If the person has a Y in the admin, I would like to offer an additional link on the page for some admin functions. My question is this, when a person logs in I know the user name and password is stored in the $_POST global. How long does that stay available. For all practical purposes[1] just treat it as if it's not available after the person is logged in. Can I recall the userid and password, query the database and then generate a page based on those results? Yes, but see [1]. Would I be better off using the session information or setting cookies? You definitely want to be looking at sessions. Search for some user authentication tutorials. [1] Unless you continue propagating the login info (user/password) via hidden elements in a form (which btw, is a very foolish thing to do) they would only be available on the page that is handling your login. -- Jason Wong - Gremlins Associates - www.gremlins.com.hk Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * /* Experience is not what happens to you; it is what you do with what happens to you. -- Aldous Huxley */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- --- Is the Internet down? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Questions on PHP Variables
The fact that tutorials are outdated using old code is not a good reason
to stick with it :)
I agree totally.
So I'm trying to use the $_Server variables but I continue to get this
error:
Parse error: parse error, expecting 'T_STRNG' or 'T_VARIABLE' or
'T_NUM_STRING' in blah, blah, blah on line 33.
Here is the script that is doing this:
?php
// File Name: auth04.php
// Check to see if $PHP_AUTH_USER already contains info
if (!isset($_SERVER[PHP_AUTH_USER])) {
// If empty, send header causing dialog box to appear
header('WWW-Authenticate: Basic realm=My Private
Stuff');
header('HTTP/1.0 401 Unauthorized');
exit;
} else if (isset($_SERVER[PHP_AUTH_USER])) {
// If non-empty, check the database for matches
// connect to MySQL
mysql_connect(hostname, username, password)
or die (Unable to connect to database.);
// select database on MySQL server
mysql_select_db(dev_i2ii_com)
or die (Unable to select database.);
// Formulate the query
$sql = SELECT *
FROM users
WHERE username='$_SERVER[PHP_AUTH_USER]' and
password='$_SERVER[PHP_AUTH_PW]';
// Execute the query and put results in $result
$result = mysql_query($sql);
// Get number of rows in $result. 0 if invalid, 1 if
valid.
$num = mysql_numrows($result);
if ($num != 0) {
echo PYou're authorized!/p;
exit;
} else {
header('WWW-Authenticate: Basic realm=My
Private Stuff');
header('HTTP/1.0 401 Unauthorized');
echo 'Authorization Required.';
exit;
}
}
?
--
The data base stuff hasn't been put in yet, I'm just trying to get the
script to load cleanly before I trouble shoot the database connector
side.
Ray
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Questions on PHP Variables
I'm running PHP 4.2.3 as an Apache Module When I try to use $PHP_AUTH_USER it returns nothing. But if I print out $_SERVER[PHP_AUTH_USER] it prints the user name I tried. All of the sample code and books that I have use the $PHP_AUTH_USER. Can anyone give me some insight on what the difference is? Ray -- --- Is the Internet down? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
