...

View Full Version : Members Only Pages



wayne3503
08-02-2007, 09:13 PM
Right now with my CMS im working on there is a default menu with only a small selection of options in the menu, once a guest logs in then the menu expands with more options. Now of course one could get around this by just typing in the address with the name of one of the pages, so I want to know how I would go about making sure that ALL the pages/features that are for members only STAY as members only pages?

Thanks for the help

matak
08-02-2007, 09:16 PM
Are you using database or flat files?

wayne3503
08-02-2007, 09:20 PM
I am using a MySQL db.

wayne3503
08-03-2007, 05:12 AM
Any ideas how to do it if I am using a db? Id rather keep using my db if its ok to do it that way.

Fumigator
08-03-2007, 05:45 AM
Use sessions (http://us2.php.net/manual/en/ref.session.php).

fl00d
08-03-2007, 05:54 AM
Yeah uses sessions like Fumigator suggested.
A simple if statement would work, but it could get tedious.


<?php
if(@_SESSION['loggedin'] = "yes"){
?>
<a href="link">Link</a>
<a href="link">Link</a>
<a href="link">Link</a>
<a href="link">Link</a>
<?php
echo "<a href=\Secret link\">Secret Link</a>";
}
?>

wayne3503
08-03-2007, 07:10 AM
Well I got the script from a book and I do have something like that, so Im not sure how I would incorporate that into what I have. Here is the code I have right now.

<?php
//This page begins the header for the site.

//start output buffering and initialize a session
ob_start();
session_start();

//Check for a $page_title value
if (!isset($page_title)) {
$page_title = 'Twincitieshotspot.com Account Editor v1.0';
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title><?php echo $page_title; ?></title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>

<body>

<table width="60%" border="0" cellspacing="10" cellpadding="0" align="center">

<tr>
<td colspan="2" bgcolor="#003366"><p class="title">Content Management System</p></td>
</tr>

<tr>
<td valign="top" nowrap="nowrap">
<b><a href="index.php" class="navlink">Home</a><br />
<a href="../index.php" class="navlink">Main Site</a><br />
<?php
//This page ends the header for the site.

//Display links based upon the login staus.
if (isset($_SESSION['user_id']) AND
(substr($_SERVER['PHP_SELF'], -10) !='logout.php')) {
echo '<b><a href="logout.php" class="navlink">Logout</a><br />
<a href="change_password.php" class="navlink">Change Password</a><br />
<a href="add_urls.php" class="navlink">Add URLs</a><br />
<a href="view_urls.php" class="navlink">View URLs</a><br />
<a href="add_files.php" class="navlink">Add Files</a><br />
<a href="view_files.php" class="navlink">View Files</a><br />
<a href="#" class="navlink">Upload Music</a><br />
<a href="#" class="navlink">Upload Video</a><br />
<a href="edit_content.php" class="navlink">Edit Content</a><br />
<a href="form.php" class="navlink">Manage Images</a><br />';
} else {
echo '<a href="register.php" class="navlink">Register</a><br />
<a href="login.php" class="navlink">Login</a><br />
<a href="forgot_password.php" class="navlink">Forgot Password</a><br /></b>';
}
?>
<b><a href="#" class="navlink"></a><br />
<a href="#" class="navlink"></a><br /></b>
</td>

<td valign="top" class="content">
<!-- Script 11.1 - header.php -->

Thanks a lot for your help

wayne3503
08-03-2007, 06:09 PM
any ideas on this one? Thanks for the help again.

fl00d
08-03-2007, 06:11 PM
It says right here...just add stuff to it if thats what you're using...


//Display links based upon the login staus.
if (isset($_SESSION['user_id']) AND
(substr($_SERVER['PHP_SELF'], -10) !='logout.php')) {
echo '<b><a href="logout.php" class="navlink">Logout</a><br />
<a href="change_password.php" class="navlink">Change Password</a><br />
<a href="add_urls.php" class="navlink">Add URLs</a><br />
<a href="view_urls.php" class="navlink">View URLs</a><br />
<a href="add_files.php" class="navlink">Add Files</a><br />
<a href="view_files.php" class="navlink">View Files</a><br />
<a href="#" class="navlink">Upload Music</a><br />
<a href="#" class="navlink">Upload Video</a><br />
<a href="edit_content.php" class="navlink">Edit Content</a><br />
<a href="form.php" class="navlink">Manage Images</a><br />';
} else {
echo '<a href="register.php" class="navlink">Register</a><br />
<a href="login.php" class="navlink">Login</a><br />
<a href="forgot_password.php" class="navlink">Forgot Password</a><br /></b>';
}

wayne3503
08-03-2007, 06:31 PM
well maybe im getting the results I am because im running it locally. See the deal is that if I bring up say for instance the index.php for this and dont login but type in a file that SHOULD be secured such as "add_files.php" and ht enter..it will bring the page up without me logging in. Incase this isnt clear...if I have this in my address bar...
http://localhost/viewable/hsrevised/cms/index.php
and change it to...
http://localhost/viewable/hsrevised/cms/add_files.php
without logging in, the page will be displayed and allow me to add files.

Would it behave this way because I am running everything locally or is there something else going on?

Thanks

fl00d
08-03-2007, 09:40 PM
Thats because the page isn't protected. Assign a session at login, and check if it exists for that page. To do so you would add something like this to the top of the page:

addfiles.php


if($_SESSION['member'] != "member"){
header("Location: login.php");
}
<html>
blah blah
</html>


Obviously the session names(member) and value(member) are examples, and can be changed to whatever you would like.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum