View Full Version : Really Basic Web/DB Question(s)

06-06-2007, 09:24 PM
The site I am building will accomodate users of various privilege levels, but all, including unregistered visitors will have, at least, some access to the main database.

I am in the process of building the login system. It will have a some login tables (users, etc), which will keep track of user ids, passwords, privileges, etc.

The questions I have clearly demonstrate that this is the first time I am building a database-dependent site, so be gentle with me. I think I know the answers but before I dive in, I just wanted to confirm with people that have already been there.

1) This sounds really lame but I have to ask... I assume all users will access the database with the same userid/password. At minimum, to get to the user/id pswd table, the database would have to be accessed with a single userid, pswd, so is there such a concept of using that id/pswd to reconnect to the database with their own id/pswd? In other words, is the userid/pswd in my login system totally separate from the db id/pswd?

2) The current state of my site is there is no login system, and everything is kind of in ADMIN mode. Once the login system is in place, I'll start blocking off various features depending on the users privilege levels. Right now, for each section that accesses the database, I connect/disconnect. Is the "right" way to connect to the database upon sign on, and stay connected until sign off?

Thanks in advance for your help.

06-07-2007, 02:06 AM
Look for a pre-made PHP/MySQL membership script. No need to
re-invent the wheel. There are dozens of scripts already created.
Use Google to do a search: PHP membership script

06-07-2007, 04:13 AM
1).. you connect to the database once per session with the mysql/whichever db user/pass , but this is not the same as the username and password that your users provide, you build a separate auth table in your database to store usernames and passwords (and indeed other data) , each user will have their own username and password (in more advanced systems you can assign group passwords if required)

so when the user wants to log in, you connect to your database (with the db user/pass) and then simply query the auth table to see if the user asking for login is in the database and their usernames and passwords match.

If you get a successful login you would normally (in PHP) store this authentication data in a session which is unique to the user, one of the fields that you store in the session would be the unique id from the auth table for the current user

2) with the authentication you have stored in a user session you then make other queries using that data where required, so you might have a table full of information for all users, to pull only the current users data from the table you simply add a foreign key to the table which will match up with the id of the auth table ...

"SELECT * FROM some_table WHERE some_table_user_id = {$_SESSION['auth_table_id']}"

this way you only get the data from that table that relates to the current user.

I know from your other posts that you really just want to learn this stuff, but do mlseim's exercise and download some existing systems, open them up and see how they work... some systems out there are woeful but they almost all include the basics

06-07-2007, 04:37 AM
Thanks for your advice. I'm currently in the process of checking out the "PHP Membership Scripts" - right now I'm checking out MemberGate. Earlier I had downloaded evolt.org's login system, and although it didn't work "right-out-of-the-box", I've been walking through it and learning and collecting all the necessary tasks and info involved to maintain a login system. My plan at that point was to tear apart that code and build my own.

Certainly, with all the work in front of me I would love to just plug-in an authentication system that met my needs, but I've yet to come by such a solution. Also, I don't mind paying a few bucks (let's say, up to $150) for a "perfect" solution, but it's tough to figure out what will work as I weed through all the alternatives.

Again, I'm currently going through this MemberGate site and at the moment I'm totally confused. It appears to offer every feature in the book. I have no idea how it will integrate with what I've already done, or if the trick will be putting my existing stuff into their framework (or is it a framework).

This is turning out to be quite an interesting journey. Working with Microsoft's .NET/ASP Visual Web Dev stuff seemed the most straight forward and all-inclusive, but for whatever reason, I quickly gravitated to the PHP/javascript/sql opensource world.

OK, I'll go back to this MemberGate site and see if I can make heads or tails of what the hell I would be purchasing.

I truly appreciate your input and welcome you comments. I feel like there's this hump I need to get over (settling on a strategy to build this thing), and though I thought I was there, I guess I'm not.

06-07-2007, 04:58 AM
I don't see any MemberGate pricing - just "contact us if interested". It must cost a zillion $. It seems to me like this may be total overkill and it looks like there's virutually no coding involved and it's hard to tell how customizable it really is. Man, I'm confused. OK... back to looking at other options. Right now, I think all I want is a complete and customizeable login system, and as you can see, I don't mind writing it all from scratch, but it seems like a ton of work for something that really is a small part of the complete project.

To firepages... You are correct when you say, "I know from your other posts that you really just want to learn this stuff". I have 2 goals - one is to get this site working and the other is to understand how it all works and be able to build others. Just fyi, I'm a 53 year old retired (well, disabled) programmer who wrote his first program in 1970. I've worked on a bunch of commercial packages, from games to spreadsheets, to wordprocessors, etc, etc - but after my brain surgery in 2002, I stopped working and kind of lost touch with things. Though I've thrown together a bunch of websites, the whole Java/Javascript/PHP/PERL/HTML/XML/ETC stuff passed me by and it's only in the last month or 2 that I'm making an attempt to catch up.

Thanks again for all your help.