Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    New Coder
    Join Date
    Jan 2010
    Posts
    36
    Thanks
    0
    Thanked 0 Times in 0 Posts

    permission to access certain links

    in my website i have done a log in page (PHP & SQL) . all users can log in using there email and password
    after logging in ,
    code is below
    PHP Code:
    <?php

    session_start
    ();
    $message "Invalid Email or Password";

    $result=mysql_query("SELECT * FROM ".TABLE_USERS." where email='".mysql_real_escape_string

    ($_POST['email'])."' AND password = '".mysql_real_escape_string($_POST['password'])."' LIMIT 1 ");




     
    $rowsReturnedByMatch mysql_num_rows($result);
      if (
    $rowsReturnedByMatch != 1)
       {
       echo 
    $message;
      }
      else
       {
       
    header('location: after_login.php');
       exit();
      }
    $email=$_POST['email'];
    $password=$_POST['password'];
    ?>
    above code is working fine.
    in the after_login.php page
    there are 3 links to 3 other php pages ...
    like this
    Code:
    <a href ="link1.php">link1</a>
    <a href ="link2.php">link2</a>
    <a href ="link3.php">link3</a>
    all users should not have permission to follow all link , suppose user1 can only access link1 , if he clicks link 2 / link 3 ...it will show an alert message "no permission" .
    user2 has permission to acces link 2 and link 3 , not link 1 ...if he clicks link 1 , it will show alert message

    in database there is a USERS table with fields email , password , link1 , link2 , link3

    email
    ------
    user1@test.com
    user2@test.com

    password
    ------------------

    *****
    ******
    link1
    ----
    1
    0

    link2
    -----
    0
    1

    link3
    -----
    0
    1

    what i was planning to do is. when user1 clicks the link1 , it should check whether the corresponding value for link1 / link2 / link3 for tat email is set to 1 or not and act accordingly..

    hope you understood the fact ??

    can anyone suggest a way to implement this... any help will be appreciated ... it will be very helpful to me..
    thank you..
    Last edited by renu-86; 02-01-2010 at 08:28 AM.

  • #2
    Regular Coder
    Join Date
    Mar 2006
    Posts
    238
    Thanks
    3
    Thanked 37 Times in 37 Posts
    You need role-based authorization. I would set permissions for each user and save them in the DB. Most probably in the same table TABLE_USERS.

    In the query where you select "*", I would list explicitly the fields I would like to select. Among these fields I would select permissions (depending on the system they could be defined as a bit flag or as separate fields for different roles).

    If authentication was successful, I would store an array "user" with all user-relevant data to a session variable. Never store the user password there - once the user is authenticated, the password is not required any more. Still user permissions could be stored here. Also use could store in this array user name, e-mail and some other data you could need at other page and for which you would not like to query the DB each time.

    At the next pages I would check if the session variable "user" is set. If it is not, user has not authenticated and can not view this page. If the session variable "user" is set and it is an array, I would check the user permissions (stored in this user array along with some other user-related data). If the user does not have permissions to view this page he is not authorized to view the page. Then I would redirect to the login page and show some error message.

  • #3
    New Coder
    Join Date
    Jan 2010
    Posts
    36
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks a lot for your suggestion ...


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •