Hi I am interested in a basic, and simple code for to check for a user and make sure he only has access to such pages, I am just starting to undestand PHP, if you can help me and not make it really complicated, it would rally help . tanks....

PS ask me about any other details, cus there is always details.

>PS ask me about any other details, cus there is always details.

Will you please?

>PS ask me about any other details, cus there is always details.

Will you please?

I am trying to make a database for different church's, where someone can add a table to the db, then name that table would be the church name "example" and then have a list of songs that they want to have in the db then pull the songs and see them in a html format. just the lyrics of the songs no mp3 files or anything. I have all this, but now I need to make it secure, so that people from other church, cant delete or edit the songs from other church. hopefully that was enugh, else I can give you more detail or even post the site online, if needed... thanks in advance

hi, you can use sessions.

what you can do is set session variables when the user is logged in. if the user is logged in set the session variable to 1 else set it to 0 .

also you can create more session variables depending on the user type and what permissions he has.

you then use if else conditions.
where $authuser and $allowed are session variables

if($authuser==1 && $allowed==1)
{
//edit and delete
}
else
{
//do not allow to edit or delete
}

This code, I put it at the top of every page, or do I have another page where I put it.
Also do I need to make a Database to save the usernames and passwords or how does this go all together.

hello, yes you will need a table for your user which contains all the permissions.

you can make a table like the following,

user_id 
int(11) 
NOT NULL 
auto_increment
--------------------
user_name
varchar(20)
NOT NULL
-------------------
pass_word
varchar(10)
NOT NULL
------------------
user_type
int(1)
NOT NULL
------------------

the user_type field will contain what type the user is. you can set 0 for admin, or 1 for a normal user with no special powers.

then you can use the following query to get the user,

<?php
session_start();
//authenticateuser.php this is the file which gets the data from teh login file

$username=trim($_POST['username']); //$username gets the username entered by the user in the login form
$password=trim($_POST['password']); //$password gets the password entered by the user in the login form

$getuser="SELECT *
                 FROM  user
                 WHERE user_name='$username' AND pass_word='$password'
                ";
$user=mysql_query($getuser) or die(mysql_error());

$num=mysql_num_rows($user);

if($num!=0)
{//a row exists, hence a user exists. this is the first level of security
$userex=mysql_fetch_array($user);

extract($userex);

if($username==$user_name)
{ //checks if the user that has been retrieved is the real user. this check has to be made to ensure that case sensitivity is ensured. this is the second level of security

//the following session variables will be used throughout the website. you can use these variables to check whether a valid user has logged in or not.

$_SESSION['authuser']=1;
$_SESSION['usertype']=$user_type; 
$_SESSION['userid']=$user_id;

}

?>

now you can type the following code in a seperate file and include the file in the needed files.

<?php
session_start();
//file.php

$authuser=$_SESSION['authuser'];
$usertype=$_SESSION['usertype'];
$userid=$_SESSION['userid'];
?>

you can include the above file in the following file,

<?php

session_start();

include 'file.php';


//print lyrics here from your lyrics table


if($authuser==1 && $usertype==0)
{

//allow to edit and delete lyrics. you can use images as buttons.

}
else
{
//do not allow to edit and delete the lyrics


}

?>

basically this is the code for the program that you need.

hi Thanks for the info, it really help , like a lot, specialy since I had no Idea where to start, and also becuase I am a new PHP user and I like it alot.

i still can't undestand what
//authenticateuser.php this is the file which gets the data from teh login file

means
is this the name that I need, to name the file that follows the login.php file, or is this another file, that I need to make.

also, how can I make divs and give them style, inside a php tag. like
echo, or print "<div style="text-align:center; etc"> text that need CSS</div> ";
everytime I add a < or > it changes the code.
thanks...

what is the code that I put on the pages that I have?

I need to add a 'edit or remove' choice in the end of every title name can any one help me please ...
here is the code

<?php
$table = $_GET['name'];

session_start();
//check 
include 'check.php';

echo '<div style="background-color:#F8FFF5; padding: 5px;text-align:center; width: 800px; margin-right: auto; margin-left: auto; border:1px solid #569856;">';
echo "inside big div";

echo '<div style="text-align:left; width: 780px; margin-right: auto; margin-left: auto; border:0px solid #9BACB4;border:1px solid black;">';
echo "inside med div";
echo "<h2><i>"; echo $table; echo "$allowed</i></h2>";
echo '</div><br>';

echo '<div style="background-color:#E6EFF4; text-align:left;  width: 780px; margin-right: auto; margin-left: auto; border:1px solid #569856;"><i>Lista de Cantos</i><br>';
//CONNECT
include ("includes/connect.php");
//SELECT DATABASE
if (mysql_select_db("iglesias"))
	{/*echo "Database Selected<br> ";*/}
$query="SELECT * FROM `$table` ORDER BY id DESC";
$result=mysql_query($query);
$num = mysql_num_rows ($result);
mysql_close($con);

if ($num > 0 ) {
$i=0;
while ($i < $num) {
$titulo_del_canto = mysql_result($result,$i,"titulo_del_canto");
$autor_del_canto = mysql_result($result,$i,"autor_del_canto");
$letra_del_canto = mysql_result($result,$i,"letra_del_canto");
$id = mysql_result($result,$i,"id");

echo "&#9835<a href=\"canto.php?id=$id&name=$table\">$titulo_del_canto</a><br>";
echo "$autor_del_canto<br>";
//********************************
//this is the code that I need to show to people that are allowed to edit, and not show to those who are not allowed to edit.

echo "<a style='font-size:10px'href=\"update.php?id=$id&name=$table\">Edit Canto</a> - <a style='font-size:10px'href=\"delete.php?id=$id&name=$table\">Delete Canto</a><br>";
//***************************************
++$i; } } else { echo "&#9835<a href='add.php?name=$table'> Add Canto </a>&#9835"; }

echo '</div><br>';


echo '</div>';
echo '</div>';
echo '</div>';


if($authuser==1 && $usertype==0)
{
//allow to edit and delete lyrics. you can use images as buttons.
echo "&#9835<a href='add.php?name=$table'> Add Canto </a>&#9835<br>";
echo "<a href='index.php'> Back to Church List </a><br>";

}
else
{
echo '<div style="background-color:#F8FFF5; padding: 5px;text-align:center; width: 800px; margin-right: auto; margin-left: auto; border:1px solid #569856;">';



//do not allow to edit and delete the lyrics
//echo "you are not alow to edit and delete";


}
echo '<div style="background-color:#E6EFF4; text-align:center; width: 780px; margin-right: auto; margin-left: auto; border:1px solid #569856;">';
include ('includes/footer.php');
echo '</div>';
echo '</div>';
?>

nice

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.