how to add client specific content to members area?

michael1291

Hi, a client of mine has asked me to implement a client login system to their website, I am a designer not a developer but have a little php and mysql knowledge. I have the login system and the database side working fine however I don't know how to add client specific content to the secured area e.g. if a client logs in all of their personal details will appear andd they have the option to carry out certain tasks.

I appreciate any help and would like to thank you in advance 🙂

johanafm

While this isn't difficult, once you know what you're doing, I'd still like to warn you that the task at hand is non-trivial. There are after all a lot of new areas that you will have to get a decent knowledge in.

When you authenticate your user during login, you should keep a unique identifier (UID) around as a session variable. What the UID is up to you, but also somewhat depends on the DB schema. For example, if your user table contains among other things:
id, username, email, social_security_number
and assuming you only allow one account per email address, then any one of the above will do. I'd recommend the id, which I assume is a primary key in the relation and also is used as a foreign key in other relations which makes it easy to use when retrieving data related to a specific user. If you use one of the others, you'd most likely have to start by looking up this id first.

At the very top of every script (wether this is one single script or hundreds) reachable from the outside where the user has to be logged in

require 'somefile.php';

Depending on exactly what you do in somefile.php, you might wanna call it application_top, init, auth etc, but one thing it should do is check wether the user is logged in or not. If the user is not logged in

header('location: yourloginpage.php');
exit;

If the user is logged in, you now have the user's id as a session variable. Assuming you want to retrieve account settings and photos for a specific user

# query to retrieve user's account settings
$query = sprintf('SELECT some, stuff FROM account WHERE user_id=%d', $_SESSION['id']);

# query to retrieve all user's photos
$query = sprintf('SELECT other, stuff FROM photo WHERE user_id=%d', $_SESSION['id']);


/* query to retrieve account settings and profile photo, where the account relation specifies which
 * photo is used as profile photo, while the photo information is stored in photo
 */
$query = sprintf('SELECT some, stuff FROM account
			LEFT JOIN photo ON account.profile_photo = photo.id
			WHERE account.user_id=%d',
			$_SESSION['id']);

But whatever you retrieve, you always specify that you want information related to this user through a UID, unless the information is non-private.

michael1291

Thank you for the response, this has really helped, I now have it so that if client a is logged in it will display client a's personal details. Sorry to be a pest but would you have any idea how to cross reference two tables for example if two members share the same area code then display those members.

again thank you in advance

johanafm

Assuming you have a table 'user' with a field 'area_code'

SELECT related.id, related.name
FROM user AS related
INNER JOIN user as u ON related.area_code = u.area_code AND related.id!=u.id
WHERE u.id = @id

where @id would be the user for whom you are doing the query

Or, if you allready have the area_code retrieved from an earlier query, simply

SELECT id, name FROM user WHERE area_code = @ac AND id != @id

where @ac would be the user's area code and @id would be the user's id.

michael1291

Thank you that was a great help, iam getting there now and iam actually glad I never just outsourced this as I have learned a lot. Sorry to he a pest but would you have any idea of how to create a button to turn on and off for instance if button state is on query the database else display an echo message. Ian guessing I would have to use javascript.