A Member System in PHP with some extras

Do you want to share WYSIWYG Web Builder tips, tricks, tutorials or useful HTML code? You can post it here...
(no questions or problems please, this section is not monitored by support).
Forum rules
This section is to share tips, tricks and tutorials related to WYSIWYG Web Builder.
Please do not post questions or problems here. They will not be answered.

PLEASE READ THE FORUM RULES BEFORE YOU POST:
viewtopic.php?f=12&t=1901
Locked
cmsintent
 
 
Posts: 99
Joined: Tue Oct 09, 2007 4:59 pm
Location: Alberta, Canada
Contact:

Post by cmsintent »

This is weird... I have used the password script program with success for a few sites.

Works well except for the last site - I constructed the site and all was well. I then added 5 new pages to the site and found that those pages are not protected.

EG:

I have a paged called noticesandminutes.php (can't access unless you have passwords)

I have another page called zskylights.php linked from the Notices and Minutes page (the skylight can be accessed without passwords)

It appears it is the 5 new pages that I added recently that are not protected.

All the pages, new and old are in the same folder.... any thoughts?

Thanks.
User avatar
kees
 
Posts: 48
Joined: Mon May 23, 2005 7:36 pm
Location: Soest - NL

Post by kees »

PHP can not protect folders, just single pages.

For all pages that need 'protection' you should follow step II-1 (A protected page).
madjamonline
 
 
Posts: 51
Joined: Tue Jun 19, 2007 4:27 pm
Location: United Kingdom
Contact:

Post by madjamonline »

kees wrote:
madjamonline wrote:...nothing is safe in this world anymore... there will always be a way.

I always make sure that my pwds in php are MD5'd.
madjamonline,

I agree that hashing passwords (md5, sha1) is more secure. I didn't use this technics in order to keep it clear for WebBuilder users.

Of course I and you will understand that NASA will not use my script :wink:
Sorry for the late post! Yeah I agree. I made a suggestion that the password protect in Wb6 should have MySql database support because with all of my members areas, there is soooo much code! I decided I am going to make a professional extension suite for members areas for WB6 so I will be sharing that with you all when it is done. It will have support for remember me functions, admin areas, extra user fields, profile info for user, database support (mysql) and more! Of course it is going to take a while... :wink:
User avatar
Navaldesign
 
 
Posts: 862
Joined: Sat Mar 01, 2008 8:08 pm
Location: Italy
Contact:

Post by Navaldesign »

Not sure what you mean...

If you want a specific landing page (password protected) to be available to all members (both simple members - 1 - and Admins - 2 - ) set the required level to 1 and place the code in the start of page. That's all.

The same goes for ALL pages where all members should have access.

If, instead, you only want the Admins to be able to see the page set the required level to 2.

Or maybe I misunderstood ??
www.dbtechnosystems.com
madjamonline
 
 
Posts: 51
Joined: Tue Jun 19, 2007 4:27 pm
Location: United Kingdom
Contact:

Post by madjamonline »

Oops you believe right! :oops:
I observed the php and worked out that it is the higher the more status!
User avatar
Navaldesign
 
 
Posts: 862
Joined: Sat Mar 01, 2008 8:08 pm
Location: Italy
Contact:

Post by Navaldesign »

Please note that unless you need sorting and exporting features that go beyond a free script limits, the file system that is used (as well as that that is embedded in WB6) are quite enough. On a randomly created 20.000 members archive file, i have a 0.5 secs delay compared to a MySQL DB driven script. Of course, a file based script is not intended for such volumes....
www.dbtechnosystems.com
madjamonline
 
 
Posts: 51
Joined: Tue Jun 19, 2007 4:27 pm
Location: United Kingdom
Contact:

Post by madjamonline »

I use a mysql database too :D
User avatar
Navaldesign
 
 
Posts: 862
Joined: Sat Mar 01, 2008 8:08 pm
Location: Italy
Contact:

Post by Navaldesign »

There is no doubt that a DB driven script is far better. However, it is also true that the simlicity of a file driven extension is FAR better, as the user have nothing else to do than publish their pages!
www.dbtechnosystems.com
madjamonline
 
 
Posts: 51
Joined: Tue Jun 19, 2007 4:27 pm
Location: United Kingdom
Contact:

Post by madjamonline »

ahh okay!!!
I better get it done then lol! :lol:
madjamonline
 
 
Posts: 51
Joined: Tue Jun 19, 2007 4:27 pm
Location: United Kingdom
Contact:

Post by madjamonline »

This members system is good.
My mysql extension is going well but it is taking a bit longer than estimated! :cry:
madjamonline
 
 
Posts: 51
Joined: Tue Jun 19, 2007 4:27 pm
Location: United Kingdom
Contact:

Post by madjamonline »

I have thought of an easier idea. Insted of having to enter the field names etc into each object, there will be a DB connection object that you insert on each page as well.
User avatar
kees
 
Posts: 48
Joined: Mon May 23, 2005 7:36 pm
Location: Soest - NL

Post by kees »

The 'Member System' and the 'News Writer' have no relationship, they work independent.
User avatar
kees
 
Posts: 48
Joined: Mon May 23, 2005 7:36 pm
Location: Soest - NL

Post by kees »

At the end of the tutorial there is a download link for a working example. Does that help you?
User avatar
bry
 
 
Posts: 176
Joined: Fri Jan 11, 2008 8:44 pm

Post by bry »

Very interesting. I read through the whole thing but not having a particular problem and never having done a password protection, it was more of academic interest than anything.

However, I have a design upcoming very soon where password protection is required.

General questions...

Will the "members" have to re-enter their passwords to access multiple pages?? I gather I shouldn't use cookies so is there an alternative?

In this situation, I don't know of any reason for individual passwords. It is really more a matter of keeping non-members out of certain pages.

I was thinking in terms of a portal page with member pages being hidden, but maybe that is all wrong. I haven't gotten to the point of design yet so I really haven't given this any serious study yet but since this topic is so right on, I thought I would ask.

thanks!!!
User avatar
Navaldesign
 
 
Posts: 862
Joined: Sat Mar 01, 2008 8:08 pm
Location: Italy
Contact:

Post by Navaldesign »

bry wrote: Will the "members" have to re-enter their passwords to access multiple pages?? I gather I shouldn't use cookies so is there an alternative?
No, the script uses sessions so it keeps the members logged in until they log out.
www.dbtechnosystems.com
User avatar
bry
 
 
Posts: 176
Joined: Fri Jan 11, 2008 8:44 pm

Post by bry »

Thanks Navaldesign!!!!
User avatar
bry
 
 
Posts: 176
Joined: Fri Jan 11, 2008 8:44 pm

Post by bry »

Is there some way to keep any track of member check-ins without doing a data base?? I will be designing a site that will have about 1400 members. There is only one level of membership. There will be a unique member ID and password for each member.

I was trying to think of someway that I could pull stats without a database. For instance, if each login took each member to their own page, then stats from my host server tells me how many hits there were on each page and that info might be useful. However, that puts an extra page in the process for each member (and of course in the website).

Any ideas?? It isn't worth the cost of a data base so it probably isn't worth doing unless someone has a great idea.

Thanks!!!
User avatar
Navaldesign
 
 
Posts: 862
Joined: Sat Mar 01, 2008 8:08 pm
Location: Italy
Contact:

Post by Navaldesign »

Most hosting companies nowdays offer a "Protected Directories" feature through the hosting account control panel. If yours does also, password protect the folder from there. It would be logical to place the relevant pages in the same protected directory.
www.dbtechnosystems.com
adex1
 
 
Posts: 167
Joined: Fri Apr 01, 2011 1:13 pm

Re:

Post by adex1 »

madjamonline wrote:
kees wrote:
madjamonline wrote:...nothing is safe in this world anymore... there will always be a way.

I always make sure that my pwds in php are MD5'd.
madjamonline,

I agree that hashing passwords (md5, sha1) is more secure. I didn't use this technics in order to keep it clear for WebBuilder users.

Of course I and you will understand that NASA will not use my script :wink:
Sorry for the late post! Yeah I agree. I made a suggestion that the password protect in Wb6 should have MySql database support because with all of my members areas, there is soooo much code! I decided I am going to make a professional extension suite for members areas for WB6 so I will be sharing that with you all when it is done. It will have support for remember me functions, admin areas, extra user fields, profile info for user, database support (mysql) and more! Of course it is going to take a while... :wink:
Are you still planning to make the extension or have you make it already?
Buy Automation Shopping Cart for CMS WEBSHOP + 2.2 Using WB10!
- Use secure gateway to buy using PAYPAL website.
User avatar
Navaldesign
 
 
Posts: 862
Joined: Sat Mar 01, 2008 8:08 pm
Location: Italy
Contact:

Re: A Member System in PHP with some extras

Post by Navaldesign »

madjamonline no longer is active on this forum (at least from what I know) however,most of these features have been added in the standard WWB login tools.
www.dbtechnosystems.com
adex1
 
 
Posts: 167
Joined: Fri Apr 01, 2011 1:13 pm

Re: A Member System in PHP with some extras

Post by adex1 »

Navaldesign wrote:madjamonline no longer is active on this forum (at least from what I know) however,most of these features have been added in the standard WWB login tools.
Alright thanks. But l will like redirect login username to different page using database (mysql or flatfile or other db). Any idea on how l should do this using above guide?
Buy Automation Shopping Cart for CMS WEBSHOP + 2.2 Using WB10!
- Use secure gateway to buy using PAYPAL website.
User avatar
Navaldesign
 
 
Posts: 862
Joined: Sat Mar 01, 2008 8:08 pm
Location: Italy
Contact:

Re: A Member System in PHP with some extras

Post by Navaldesign »

Set a default Destination page in the "login" tool. All users will be sent to this page.
Then, in this page, add the "Redirect user" tool to define the page where each user will be redirected.

The user will not even know or see that there is a "redirect". He will only see the page he is supposed to see.

OR (better solution):

Use (with MySQL) the DBTS Login tools that allow the administrator to set a specific page (after login) for each user.

Related thread: viewtopic.php?t=29083
www.dbtechnosystems.com
Locked