Need help with my first big project.

Atari

I'm starting with my first big project since I started experimenting with php.
I want to create a site where users can login with different passwords and usernames. Depending on their status they can acces guestbooks and newspages that are seperated from the rest of the site. The users with the administrator username must be able to update the news and calendar.
I've never made something bigger than some online contests. So I could use some help with this. Do I have to put something on paper before I start? And how do I do this? Any help is apreciated!!!
Thanx.

mystrymaster

Basically I think you are looking at creating a site map or flow chart on paper before hand

Design your database schema on paper (or in notepad or something like that) before hand as well so you can make sure your db's or normalized

Basically the way I handle a new site is I ge tthe whole site flow on paper and then start to code it makes it much easier to follow and you will realize before you spent 2 hours coding a page only to find out that it isn't going to work where you have it.

d99kg

I have sort of done something like this!

I established a users table in my MySQL database and the attributes I used where username, password,userfunctions, firstname,lastname, emailadd. The userfuctions where either Normal or administrator.

In my password page the code I used was:

if($password==$thepassword && $userFunctions=="Normal")
{
header("Location: custView.php");
}

else if($password==$thepassword && $userFunctions=="Administrator")
{

	header("Location: databaseControl.php");
}

else
{
	header("Location: incorrectPass.php");
}

This take the user who has normal access to where they can view and buy products etc. This takes the administrator when he types in his username and password to data base control functions i.e add, delete modify records within the database. If a wrong password or username is inputted this will take them to a page to make the user aware of this!

Hope this helps as I'm fairly new to this stuff aswell

Atari

sure it helps! Every tip is welcome. Thanx. keep it coming please.

paul088

d99kg pointed to a right direction. You can also "user_level" in place of "userfunctions" if you have more than two levels of users. For example, a higher level (greater numeric number instead of words) gives a user greater access to pages/tasks. You should also keep this in mind while writing those pages/tasks. That is to say, you have to have a level check on each page. Othewise, a user may not be directed to a page with a level than his assigned level after login, but he can access that page later if he knows the page name.

Atari

I think I partially understand. I was thinkin 'bout that too. Can you give me some more specific information? Can I do this with sessions or something wich will be checked each time a user tries to acces a page? See, I don't know how it's done normally. i'm a newbie :rolleyes:

paul088

Which part do you have problem:

database design?
login script?
login check on each page?

Atari

The login script and the login check won't be a problem. I have a good example for this in a book. Database design will be a bigger problem cause I'm just learning mysql.

paul088

The database work involves two steps:

Add a user level column to your existing user table. It would be convenient to just call it "user_level". Its type could be INT with a length of 2.
Assign user level to users. You need to work out a scheme to decide what levels users are given. I would say most users are given lowest level (e.g. 0 or 1) by default when they register. When they register, in addition to their user login and personal info (if any), a user level number is also inserted to the database table. If you want to change their user levels for some reasons (admin or paid services, etc), you can create an interface to update the user_level field.

User level check on each page also involves two stepd:

When a user is logged in, his/her user_level is stored in a session. Log in script normally takes the input username and password, and compares them with those selected from user table in database. While selecting user information from database, also take the user_level data, and store it in a session. For example,

<?
$query = "SELECT * FROM usertable WHERE username='$username]'";
$query_result = mysql_query ($query) or die (mysql_error());
$result = @mysql_fetch_array ($query_result);
if ($result[password]!="")//make suer it is not blank
{
if ($password == $result[password]) // if passwords match
{

// If a session already exist, destroy it

if(isset($_COOKIE[session_name()]))

{
session_start(); // To be able to use session_destroy
session_destroy(); // To delete the old session file
unset($_COOKIE[session_name()]);

}

session_start();//start a new session
$SESSION[username]=$result[username];
$SESSION[user_level]=$result[user_level];//that's what you want

}
}

$_SESSION[user_level] will be available to you. The next step is on every page where a user level check is required, at these lines to the top:

<?
session_start(); //you must start a session to use a session
if ($SESSION[username]) //if the user is logged in
{
$level=1;//you need to specify a level for this page
if ($SESSION[user_level] < "$level")// if this user's level below the level specified for this page
{echo "You are not authorized to view this page"; //Put anything here you want or redirect the user to another page using "header" function
}
else {
//here comes the page content
}
}
else { //if the user is not logged in}