MySQL & PHP Tutorial: User Access Control

Posted 3 comments

PHP user access control

MySQL PHP User Account Tutorial

MySQL PHP Tutorial 1: MySQL User accounts
MySQL PHP Tutorial 2: PHP login Session
MySQL PHP Tutorial 3: PHP Form Validation
MySQL PHP Tutorial 4: PHP User Access Control

 

MySQL PHP Tutorial Step 7: User Access control

For user access control purposes we created the session userid in the sign up and log in process files. We do not want someone to be able to access the member.php page if they are not a member or the success.php page if they have not signed up.

signup_process.php

$_SESSION['userid'] = "0";
header('Location: success.php');

login_process.php

$row = mysql_fetch_assoc($data);
$_SESSION['userid'] = $row['userid'];

//PHP code

header('Location: member.php');

We create two separate PHP files and include them at the top of the member and success PHP files. We include them using the PHP function require_once(). The PHP file for the success.php page is called auth_success.php. The PHP file for the member.php page is called auth_member.php.

member.php

<?php
 require_once('auth_member.php');
?>

success.php

<?php
 require_once('auth_success.php');
?>

auth_success.php

In the auth_success.php file we start the session first and then we create the if construct. If the session userid has not been created, is empty, or does not equal 0, terminate the script to deny access. Notice the not equal to 0, if the user id is equal 0, the user is a newly signed up user that has not logged in yet. So the user is able to access the success page upon a successful sign up. If the user has already signed up they will not be able to access this page because their user id is not 0. Since they already signed up the user would be redirected to the member.php page and their userid will change to their user id given to them. Notice how we used the PHP trim() function, this removes white spaces and other predefined characters.

<?php
//Start session
session_start();

//Check whether the session variable userid has been created, not equal to 0, or is empty
if(!isset($_SESSION['userid']) || (trim($_SESSION['userid']) != '0') ||(trim($_SESSION['userid']) == '') )  {

header("location: access-denied.php");
exit();

 }
?>

auth_member.php

In the auth_member.php file we start the session first and then we create the if construct. If the session userid has not been created, is empty, or equals 0, terminate the script to deny access. Remember, in the signup process we set the userid to 0 before the user logs in. When the user logs in, the userid will change to their userid given to them, so it will not be equal 0. Remember in the MySQL table we set the userid to auto increment, so it always changes.

<?php
//Start the session
session_start();

//Check whether the session variable userid has been created, equals 0, or empty
if(!isset($_SESSION['userid']) || (trim($_SESSION['userid']) == '0') || (trim($_SESSION['userid']) == '') )  {

header("location: access-denied.php");
exit();
 }

?>

Congratulations, you now understand how user access control works. That sums up the PHP MySQL user account tutorial, if you have any questions feel free to ask.

Written by:

Enjoys Nature. Electronic Music. Design. Hockey. Being Inspired.

http://www.shimmertechno.com

Leave a Reply

3 Responses to “MySQL & PHP Tutorial: User Access Control”

  1. Anonymous says:

    Really awesome blog. The way you break things down is really impressive. Thanks so much!

  2. My sql and php both are related, when developing the web the php is required in the same way the mysql is related to these, there are lot of things to be learned in mysql and php. there are many coaching centers to teach php. i had gone through these blog, it is very helpful to all.

  3. Icone says:

    Nice tutorial above. I recommend to include the email verification source code just for a reference for newbies.