Re: [PHP] Allowing user login, but NOT requiring?
Yes, but unless you're doing something like a shopping cart, php sessions are probably overkill. For this all that he needs to do is have a login box that checks to see if the username/password are ok, and saves them in a cookie if they are. then at the top of every script you load the user's preferences if the cookie is there and set a variable ($preferences maybe). Then, if $preferences is there, you show the edit button. On Wed, 21 Nov 2001 12:14:09 -0800, Fred wrote: >I agree, if you want to do anything special with logins do not rely >on >htaccess, write your own auth scripts. On the other hand, I would >not >recommend using cookies either, unless it is in conjuntion with >sessions. >PHP has great session management funtions and they should be used at >the >exclusion of other authenitication methods. > >There are plenty of tutorials and scripts for this out there, but >the basic >steps work like this: > >1. start a session at the top of every page >2. put a login form on at least one page >3. when a user logs in, register the username with the session >4. check for the username before displaying the edit buttons > >Fred > > >Mark <[EMAIL PROTECTED]> wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... >using apache to do the authorization is the cheap and easy way. If >you want something more advanced you should use a cookie. There's >probably tons of sample code on phpbuilder.com > > >On Wed, 21 Nov 2001 11:30:49 -0700, Nelson Goforth wrote: >>In my project I have basic HTML pages with PHP/MySQL driven content. >>In a subdirectory I have pages that allow users to change the >>content >>of the pages and other administrative functions. This subdirectory >>is protected with Apache mod_auth. >> >>What I would like to do is allow authorized users to see an "Edit" >>button on each page in the main directory, which would allow them to >>update a page right from the page itself - rather than going into >>the >>admin subdirectory to do it. >> >>I can drive the display of an "Edit" link from the REMOTE_USER >>environmental variable, but how can I allow the authorized users to >>log in, while STILL allowing unfettered access by the public? If >>they log in under the subdirectory that log in name doesn't carry >>back up to the top directory (I tried), even if I name the realm the >>same using the AuthName directive in .htaccess . >> >>I found some basic information in the book "Professional PHP >>Programming", but could someone point me to another resource that >>might give a bit more detail? >> >>Thanks, >>Nelson >> > > > > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Allowing user login, but NOT requiring?
I agree, if you want to do anything special with logins do not rely on htaccess, write your own auth scripts. On the other hand, I would not recommend using cookies either, unless it is in conjuntion with sessions. PHP has great session management funtions and they should be used at the exclusion of other authenitication methods. There are plenty of tutorials and scripts for this out there, but the basic steps work like this: 1. start a session at the top of every page 2. put a login form on at least one page 3. when a user logs in, register the username with the session 4. check for the username before displaying the edit buttons Fred Mark <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... using apache to do the authorization is the cheap and easy way. If you want something more advanced you should use a cookie. There's probably tons of sample code on phpbuilder.com On Wed, 21 Nov 2001 11:30:49 -0700, Nelson Goforth wrote: >In my project I have basic HTML pages with PHP/MySQL driven content. >In a subdirectory I have pages that allow users to change the >content >of the pages and other administrative functions. This subdirectory >is protected with Apache mod_auth. > >What I would like to do is allow authorized users to see an "Edit" >button on each page in the main directory, which would allow them to >update a page right from the page itself - rather than going into >the >admin subdirectory to do it. > >I can drive the display of an "Edit" link from the REMOTE_USER >environmental variable, but how can I allow the authorized users to >log in, while STILL allowing unfettered access by the public? If >they log in under the subdirectory that log in name doesn't carry >back up to the top directory (I tried), even if I name the realm the >same using the AuthName directive in .htaccess . > >I found some basic information in the book "Professional PHP >Programming", but could someone point me to another resource that >might give a bit more detail? > >Thanks, >Nelson > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Allowing user login, but NOT requiring?
using apache to do the authorization is the cheap and easy way. If you want something more advanced you should use a cookie. There's probably tons of sample code on phpbuilder.com On Wed, 21 Nov 2001 11:30:49 -0700, Nelson Goforth wrote: >In my project I have basic HTML pages with PHP/MySQL driven content. >In a subdirectory I have pages that allow users to change the >content >of the pages and other administrative functions. This subdirectory >is protected with Apache mod_auth. > >What I would like to do is allow authorized users to see an "Edit" >button on each page in the main directory, which would allow them to >update a page right from the page itself - rather than going into >the >admin subdirectory to do it. > >I can drive the display of an "Edit" link from the REMOTE_USER >environmental variable, but how can I allow the authorized users to >log in, while STILL allowing unfettered access by the public? If >they log in under the subdirectory that log in name doesn't carry >back up to the top directory (I tried), even if I name the realm the >same using the AuthName directive in .htaccess . > >I found some basic information in the book "Professional PHP >Programming", but could someone point me to another resource that >might give a bit more detail? > >Thanks, >Nelson > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]