WEB PHP site: Creating users/passwords

Discussion in 'OT Technology' started by Ancoats, Dec 3, 2007.

  1. Ancoats

    Ancoats New Member

    Joined:
    Oct 7, 2004
    Messages:
    135,775
    Likes Received:
    0
    Location:
    Benchill, Manchester, UK
    For one of my assignments this semester I had to create a dynamic image gallery website, and considering before I started it I little programming experience (last time I programmed in a similar language was back in 2002 with java) I have finally got everything working with a few flaws. (which is to be expected, but due to the scope of the assignment its not really worth correcting)

    I'd show you guys the site, but as it is there is no password protection so anyone could upload shit to the database and totally fuck it up.

    So this is a question. Bearing in mind the assignment criteria, and due to the fact that the basic brief was to create an image gallery, which I have done (I have implemented additional features like an image uploader that uploads an image from your computer and moves it to an image folder should secure me high marks - most people are just linking the images from a folder that they have uploaded thier images to manually) is it worth attempting to make the site only available to upload with an admin account?

    I have no knowledge of this, but I do know I would have to create another table and make it communicate with the one I have already - it might be behind my abilities at the moment - so do you guys know of any good tutorials or sections in the book PHP and MySQL Web Development that I can browse through to get a feel of what may be required when setting up user accounts?

    Thanks!
     
  2. kingtoad

    kingtoad OT Supporter

    Joined:
    Sep 2, 2003
    Messages:
    55,924
    Likes Received:
    11
    Location:
    Los Angeles
    Creating your basic authentication system is pretty easy, easier than your image gallery project. Table will contain four fields: id, username, password, type. The `type` field will determine what type of user the person visiting is. You would either have an admin or regular user.

    The login script will be a userame and password field which will accomplish a comparison check with the data in the database. The username and password submitted by the user will query the database, if the data is true (user exists), a session is created containing the user 'type'. Whether it be an admin or regular user.

    In the top of every page you can do a check to see whether or not the session variable you declared on the type of user is an administrator, if it is not, then exit() the script, write error handling, or forward to another page. :dunno:

    Although this method isn't 100% secure, it's a pretty easy method, and I think would accommodate your small project accordingly.
     
  3. Logik

    Logik Livin la vida broka

    Joined:
    Jun 30, 2000
    Messages:
    20,667
    Likes Received:
    1
    Location:
    The Steel City

Share This Page