I really need some pointers/Help

rsolis1

Hi, I´m new here. I have a question. My company has a web site already made in html, no databases or anything. Now my boss wants to have a private area for about 100 users. So he wants an user registration system and a way to track the visits of those users to the restricted area. I have no idea how to do this. Will I have to redo all of the web pages he now wants in that private area? or can they be in a private folder on the server or something like that? I just need some direction how to do this, I´m waiting for a book on PHP, but it hasn´t arrived yet

Sorry for the totally beginner question, I just want to explain to him what it will be needed

Kudose

Depending on the private content, your project could be as simple as HTTP Authentication or as complicated as a Content Management System.

You will most likely be able to salvage existing pages.

Could you elaborate a little more?

rsolis1

Thanks for the reply!

The private section is made of plain html pages made in dreamweaver, basically a menu for different kinds of very long laws (it´s for lawyers) and a section for internal news and information . The main structure of the pages are made from a template that we designed, so adding the user registration form should be not a problem. Most of the content will not be needed to be updated constantly, except for the news section. We have been updating those news without a problem because is just one page.

My boss wants to give access to around 100 users with there own particular users names and passwords, and be able to know who of those users are really visiting the private area and when (so they can´t lie about going to the web site when they really didn´t).

So, that´s basically it.

bpat1434

Well you can't really use HTTP authentication, as that will take a lot of manual updating. Basically, what I see you looking at is a few tables to track all of this:

Table Listing

users
- userID int(11) NOT NULL AUTOINCREMENT [Primary Key]
- username varchar(32) NOT NULL
- password varchar(255) NOT NULL
- emailAddress smalltext NOT NULL

sessions
- sessID varchar(255) NOT NULL [Primary Key]
- userID int(11) NOT NULL [Foreign Key to users.userID]
- variable varchar(255) NOT NULL
- value varchar(255) NOT NULL

log_visits
- visitID int(11) NOT NULL [Primary Key]
- userID int(11) NOT NULL [Foreign Key to users.userID]
- timeIn TIMESTAMP NOT NULL

Basically, the way it would work is something like:

1.) User registers, and their information is stored in the "users" table.
2.) User then uses the previously made credentials to log in:
2a.) Username is looked up in users table
2b.) Passwords are checked and verified to be correct
2c.) User has session information validated for them
3.) Session table is updated with information and the PHP Session Identifier
4.) log_vists table is updated so that the it's logged that the user visited on XX day.
5.) User logs out:
5a.) Session table is cleared of all data pertaining to that sessionID

That's basically it. Now, depending upon how secure you want the application, you can either implement a Database Session scheme (as I proposed here) or just use the typical file session scheme (which is PHPs default). The database provides more protection, but also takes more effort to implement.