Login to Members Area with Templates?

dolphinsnot

Hello all.

I am working with PHPLIB's templates.inc to plug info from a MySQL database into a template. Every single page on the website is assembled using my 'web.php' script that handles everything from the template stuff to dynamic CSS generation. All unique page content lives in the database.

On our current static .html site, we are using a seperate file folder in conjunction with an .htaccess and .htpass file for our 'Members Only' area.

What I need to know is: How do I set up my 'web.php' script to require members to login in order to access specific pages? I have all of the different site sections (about, links, news, magazine, members) in seperate tables in the MySQL database. I want users to log in before my web.php script will assemble a page containing content from the 'members' table.

??? i've stumped myself... thank ya fer yer help!

-dolphinsnot

reagent

Here's how I would do it

Create a config file w/ the list of directories to be protected (maybe in an array)

at the top of web.php check what directory you are going to fetch your content from.

if you are in a 'restricted' directory, check to see if the user is logged in. If so, let script continue, otherwise kick them out to a login page or whatever.

I hope I didn't simplify this too much.
let me know if that helps.

dolphinsnot

that makes sense.

unfortuantely, i've been scrambling to get this thing live by August 1st, and most likely won't have time to set up (and learn) sessions using php before then.

is there a way to do what you described using .htaccess & .htpass files?

is there a native php function to test for 'logged in'?

thanks for the help, and i'm going to spend some time right now trying to wrap my brain around php sessions. if i can incorporate session management into my script in less than a work-day, i may be able to take that route and stay within my deadline.

-dolphinsnot

dolphinsnot

ouch.

i didn't realize until just now how much there is i don't know about user authentication, cookies, and session management.

i found an article on this site, by tim perdue, that contains a basic user authentication library. i think i will be able to customize it to work for me, and once it does i'll be able to test at the top of 'web.php' to see if user_name is logged in or not....

thanks again. your comments have definitely jump-started the next phase of my project.

-dolphinsnot

reagent

Don't let it get too confusing, its much easier than you suspect.

I use both cookies and sessions (sometimes), here's how:

I create a 'user' class that has things like create(), update(), init(), delete() and does all the database calls for me.

I store all my passwords encrypted (one way hash) in the database upon user creation.

Let's say a registered user logs in. I just set the username for the class and then call the init method which will return true/false if it returned a record for that username. If so, I apply the same encryption method I use to store the password on the password that was submitted upon login. (confused yet?). If this matches the one in the database, the user is authenticated. I first register a session variable 'sesObjUser' and depending on if the user said 'save logins', i also set a cookie. i call the cookie 'userToken' or something similar that is in the form of <username>:<encrypted password>

at the top of each page, i check to see if the session object exists and is complete, if not, i look for the cookie. If the cookie exists, I call explode and repeat the steps above as if the user had logged in.

remember that when using objects stored in session, you must require/include the class definition BEFORE calling session_start()

good luck.
If you get stuck, email me.

dolphinsnot

Thank you. that makes sense. i've hit a point where i'm now learning by fire all that i had put off learning before (classes, sessions, encryption, etc.)

i spent a few hours yesterday researching, and am now confident that i'll be able to implement such a system. unfortunately i'm under a verrrrrrrry tight deadline and won't be able to get back to it all until after August 1.

i appreciate your offer to help via email if i get stuck. it's very likely i'll do so in early august.

thank ya p.

-dolphinsnot