Hello and welcome to our community! Is this your first visit?
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    New to the CF scene
    Join Date
    Sep 2013
    Thanked 0 Times in 0 Posts

    Post Can anyone suggest a good "dealer area" script?


    Can anyone suggest a good "dealer area" script?

    I’m looking for a script to password protect a section of a website, as a dealers area. It needs to have an admin area, where it lists the user's real name, username, email address, a notes column/field (maybe 100 characters that could be edited and visible only by the administrator), and I’d like a listing of when each user last logged in, with it highlighting anything older than 6 months. From here I can add, edit, delete, and reset passwords on users.

    I'd also like something that would allow me to use a variable that would allow me to say “Welcome Joe Smith” (using a variable such as $username=”Joe Smith”) if it’s Joe Smith logged in.

    Basically, then they could access various PDF files, etc. applicable to dealers only, and the vendor could administer who has access.

    I know lots of manufacturers / distributors use this sort of setup, but I'm not sure what they use.

    I'd prefer this in PHP, since that's what I'm most comfortable with.

    I found a few online, but nothing so far that really met what I was after.

    Any suggestions? Thanks!


  2. #2
    Regular Coder
    Join Date
    Aug 2012
    Thanked 3 Times in 3 Posts
    What you are trying to do isn't a single script solution. It's probably best handled with two tables. I usually set up a contacts, contactInfo and a users table with the following fields:

    id (primary key), date (current time stamp),firstName, middleName, lastName, active (enumerated y, n) and e-mail, token (a hashed variable that is used to verify legitimate contacts by e-mail. If they don't reply the contact info gets dropped)

    id (primary key), date (current time stamp), userID (for recording which user made the last change), contactID (for matching a contact with the contact info), emailUpdate, phone, address, city, state, zip, Profile (a text area for descriptive info) (and any other pertinent information).

    id (primary key), date (current time stamp), userID (for recording which user made the last change), contactID (for matching a contact with the user info), userName, password (always hashed), active (enumerated y, n), accessLevel, token (and any other user info you need)

    The contact table is populated with a contact form. Once posted an email is generated that contains a link that verifies the token and makes the contact legit. Without verification within a certain time limit the contact table entry is deleted.

    When the contact verifies their e-mail they are presented with a Contact Info form that can be filled out with additional information. The contact info is stored in a contactsInfo table. As a users contact info is updated over time the original entry is not modified, but a new entry is created giving you a historical record of all changes in contact info.

    After filling out the contact info form the user is presented with the opportunity to create a user name and password which is stored in the users table. Once a contact has generated a user name and password they are granted basic access levels.

    You use PHP user authentication to create a session and store a session variable in the browser. Each page you want protected checks for user name, password and security. A simple if statement can enclose html code that hides or reveals certain parts of the page.

    Say you wanted a user with access level 2 to be able to comment on an article. Before the comment form on the article page you would include something like this:

    PHP Code:
    if ($currentUser['accessLevel'] >= ?>

    // your html for the comment form goes here
    <?php }; ?>
    This code lets anyone with an access level of 2 or greater post a comment on the article.

    You can also use if statements like the one above to hide menu items or make re-directs for pages should someone not authorized know the URL. For example, on my admin page I have an if statement right at the head of the page that says if user.accessLevel < 10 redirect to error.php page.

    This is all pretty straight forward but it does require some thinking and planning in the first place. Using multiple tables to control access is far more efficient than throwing everything into a single table.

    Pulling down the user's name and password is pretty easy if you create a currentUser query that matches the session variable to the contact info by using the ID. Then it's just a simple matter of writing:

    PHP Code:
    <?php echo $currentUserRS['firstName], ' ', $currentUserRS['lastName']; ?>
    Your query would look something like this:
    PHP Code:
    // Current User Record Set
    $colname_currentUserRS "-1";
    if (isset(
    $_SESSION['MM_Username'])) {
    $colname_currentUserRS $_SESSION['MM_Username'];
    $query_currentUserRS sprintf("SELECT users.*, members.firstName, members.lastName 
    FROM users, members WHERE userName = %s 
    AND members.id =users.memberID"

    $currentUserRS mysql_query($query_currentUserRS$memberData) or die(mysql_error());
    $row_currentUserRS mysql_fetch_assoc($currentUserRS);
    $totalRows_currentUserRS mysql_num_rows($currentUserRS); 
    Last edited by rgEffects; 09-06-2013 at 09:47 AM.

  3. Users who have thanked rgEffects for this post:

    Ben in CA (09-11-2013)

  4. #3
    New to the CF scene
    Join Date
    Sep 2013
    Thanked 0 Times in 0 Posts
    Thank you very much for your detailed response! However, I was looking more for a pre-programmed package.

    I might end up going with http://www.phpjabbers.com/member-login/

    It seems to meet most of what I need, and I can get them to customize it, and I can also purchase the source code.


Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts