Admin side to the web site

mike08

Could someone please tell me how to set up an Admin side to my website.

do i just make a new table in mysql and include admin username and password? or is there another way.

travelbuff

That is a really broad question requiring more than what I would care to put in a post - I suggest you take a look at one of these - http://www.hotscripts.com/PHP/Tips_and_Tutorials/User_Authentication/index.html and come back and post any specific questions you may have.

HTH,

Mark

mike08

Thanks for your help

ive been looking into http authentication

ive copied the exact code from the web site

bring up the window i fill in 'user' and 'open' into the username and password boxes provided but it just bounces back and doesn't do anything. Am i doing something wrong? hope someone can help


if ( ( !isset( $PHP_AUTH_USER )) || (!isset($PHP_AUTH_PW))  

     || ( $PHP_AUTH_USER != 'user' ) || ( $PHP_AUTH_PW != 'open' ) ) { 

header( 'WWW-Authenticate: Basic realm="Private"' ); 
header( 'HTTP/1.0 401 Unauthorized' ); 
echo 'Authorization Required.'; 
exit; 

} else { 

echo 'Success!'; 

} 
?>

travelbuff

Mike - that can't be all of the code. PHP_AUTH_USER is just a method for transferring a user entered value to a variable. It doesn't actually do anything with the data.

My guess is that you have a page that calls for a PHP_AUTH_USER value to be entered not matter what. So the user enters the value, you validate it, then you ask for the user to enter the value again.

Here is how it should work:
A session is started to track the user individually.

A conditional (if...else) evaluates a variable to see whether or not the user has authenticated. For example, you could have a session variable called $_SESSION['authorized'] , which has a default value of false or simply doesn't exist.

---$SESSION['authorized'] is FALSE---
If $SESSION['authorized'] is false or doesn't exist, the script prompts the users (via PHP_AUTH_USER) to enter a value for username and pwd.

The script determines if the values the user entered are valid.

If the values are valid, $_SESSION['authorized'] is set to 'TRUE' or some other value.

---$SESSION['authorized'] is TRUE----
If the first conditional determines that $SESSION['authorized'] is TRUE (or whatever you decide), the page loads and the user IS NOT prompted to enter a value.

The site I gave you not only has tutorials but also free (and paid) code snippets. There are a bunch for user authentication. Perhaps you should download one and look at the code to see how it works.