User Login to specific area of website

So, will Jill have an area that John can't see? or does John have membership privileges that Jill doesn't have? What I'm asking is: is this more a membership deal where one set of members goes to one 'part' of the site and another go to a different part, or is it to be more like facebook where each user has their own 'part'

If the latter I'd say try storing the page in the mySQL database, so maybe there are five different pages each person accesses. Store five pages for each user, then each of those five pages is unique to that user but easily accessed by field name in the database.

If the former, maybe put in a 'access type' field next to the user name and make a php function that gets called from every page that determines if the user should be able to access that page or not. If not, send them to a page of links they *can* access.

That makes sense, what i imagined happening was, say john goes onto my site and logs in with John and the right password he gets sent to www.mysite.com/johnsprivatearea/ and everything in that folder only john can see. Vice versa, Jill logs in and gets sent to www.mysite.com/jillsprivatearea/ and john cant access this folder. Does that make it simpler or not?

Thanks

Hrm...

You've gone into an area I know very little about. :)

I think you want to do a little research into MOD_REWRITE, assuming you use an Apache server.

So:

New user signs up -> create directory (or) create entry in mySQL database
-> edit external file for Apache to add a new rewrite rule

User logs in -> page is either pulled from database or from user's directory
-> mod_rewrite shows the URL with their directory name.

Here's how I would actually do it, but keep in mind I'm new to web coding and I've never been the cleanest coder. :)

I'd dispense with the mod rewrite and use generic names for the pages, but you could if you wanted. When the user signs up, I'd create a table in the database with a prefix and their user number. So maybe John's table is dbt1013.

So John signs up, and his information is put into a table of users plus a new table is created with his basic pages. The name of the table is stored in the central user file where the username and password are stored.

When John accesses his page, it goes to the central user table and pulls his table name and then the first row(record) from that table is pulled and displayed. You could also have a field that indicated if it was a file for download, a page for display, or an image/sound/etc.

Hopefully others will have a more elegant solution. :)

David

Thanks for this David, well explained but i think i could make it easier by the fact that no one will sign up, i know the users individually and will hand them out a separate username and password each, this wont change. so all i need to satisfy is that the general public cant access any users folders and the users cant see each others folders. so there wont be any sign up or dynamic folder creation, i will create the folders and try (through this forum) to username/password protect them..

Sorry to complicate matters or has this made it easier?

Ah, well then. :)

Much easier.

<?php session_start(); ?> //not sure why I put this in. habit?
...HTML HEADER STUFF...

<?php

if (isset($_POST['username']))
 {
 $un=$_POST['username'];
 $pw=$_POST['password'];
 //I'm going to use a shortcut here
 // $return=popvar("table","condition",row,"field); is a function I use to access my DB
 $pwdb=popvar("users","name='$un'",0,"password");
 // assuming you have fields in table users called name and password
 if ($pw==pwdb)
  {
  switch ($un)
   {
   case 'john':
    echo "<script>location.replace('johnsarea/index.php');</script>";
    break;
   case 'jill':
    echo "<script>location.replace('jillsarea/index.php');</script>";
    break;
   default:
    echo "<script>location.replace('thispage.php');</script>";
   }
  }
 else
  {
  echo "<script>location.replace('/thispage.php');</script>";
  }
 }
else
 {
 echo "</form action='thispage.php' method='post'>";
 echo "<input type='text' name='username' />";
 echo "<input type='password' name='password' />";
 echo "</form>";
 }

I didn't try this so I may have missed something, but with a little fleshing out this might work for you.

David

I would like to amend that last post.

after line#17 put:

$_SESSION=$un;

And at the top of each index.php have:

<?php session_start();
if (isset($_SESSION['username']))
 {
 $un=$_SESSION['username'];
 switch ($un)
  {
  case 'john':
   echo "<script>location.replace('johnsarea/index.php');</script>";
   break;
  case 'jill':
   echo "<script>location.replace('jillsarea/index.php');</script>";
   break;
  default:
   echo "<script>location.replace('thispage.php');</script>";
 }
else
 {
 echo "<script>location.replace('thispage.php');</script>";
 }
?>

That will prevent the user from putting in a URL from accessing other users pages. See, I knew I put that session_start() in there for a reason. ;)

David

Amazing..haven't tested it yet, but glad you understood exactly what i meant! Thanks for your help on solving something i really should have just sat down and figured out!

SOLVED