Thread: Secure members section on websites

http://www.spruz.com

There is probably a way to do this. I'm not entirely sure myself, but if i were you i'd keep looking around for answers, post on some support forums if you can and see if people can make any suggestions, they usually will do.

If you find nothing, paying would probably be the only option you have, at the end of the day, at least you know it will get done properly. But don't give up, as i said, check forums, they are bound to give you some help. Maybe a website creation forum, or a forum which specializes in the building of forums.

Sorry i couldn't help more.

May I add that you get a subdomain with Spruz, total control over your site and free indexing?

By free I mean automatic.

Originally Posted by Seismosaur

http://www.spruz.com

Thanks Seis - I already have the site hosted and build - I just need to add this section too it - that site looks more like a free hosting site etc?

Personally, if it were me, I would create a new field in your members table, called "login_url", with a default value of "index.php" or whatever page you want the regular members to go to after they login. Then, on the users you want the special pages for, change it to whatever the page url is.

Then on the login page, when you have it reload to the "index.php" page (or whatever you want after they login), replace your reload thing with like <meta-http content-refresh=$row['login_url']> or whatever that refresh tag is.

That should make all normal members automatically be forwarded to the normal page, but the special members, forwarded to the secure member pages.

Sorry if I didn't explain it so well, but if it makese sense what I suggested, then that should work.

Originally Posted by Adam

Thanks Seis - I already have the site hosted and build - I just need to add this section too it - that site looks more like a free hosting site etc?

Oh, it sounded like you were building a site (As in; going to) and needed that. >.>

Originally Posted by The Tao

Personally, if it were me, I would create a new field in your members table, called "login_url", with a default value of "index.php" or whatever page you want the regular members to go to after they login. Then, on the users you want the special pages for, change it to whatever the page url is.

Then on the login page, when you have it reload to the "index.php" page (or whatever you want after they login), replace your reload thing with like <meta-http content-refresh=$row['login_url']> or whatever that refresh tag is.

That should make all normal members automatically be forwarded to the normal page, but the special members, forwarded to the secure member pages.

Sorry if I didn't explain it so well, but if it makese sense what I suggested, then that should work.

Tao,

The website is a public website. If I explain more perhaps you could elaborate?

This is a photography website, for a photographer, with a 'prices' section of the site. What the photographer wants is a members login area within the prices page, so for example:

Joe Public > enters website > enters [price] page > views normal prices

Referral from Agency A > enters website > enters [price] page > logs into members area with login [agencyA] > views [agency A price] page > views deals for that referral

Referral from Agency B > enters website > enters [price] page > logs into members area with login [agencyB] > views [agency B price] page > views deals for that referral

And so on. Basically an area to keep prices separate if you are referred as she doesn't want Joe Public to see the special referral prices.

Hope that makes sense?

Ok, so I assume then that there is a way to check to see if someone is referred, like a referral code someone enters then? If so, the simplest way would be to have 2 seperate sets of prices in the database, and do something like this when they login:

if ($referral_code == true) {
setcookie("referral_code","true",time()+60*60*24); }

and then on the prices page, check the referall code that is saved, against a valid referall code in the database, and if they match, display referall prices, otherwise, display normal prices.

Or, does the person want a referall page with different prices for each Referral from a seperate Agency, like Agency B Referral gives x price, Agency A referral gives y price, Agency C referall gives n price, and so on? That might be a little harder, but only in the sense that it would require slightly more work to set the prices for each agency and keep them stored.

Not a way to check. The way it works is she sets 'deals' with an agency, whereby is a model needs some portfolio shots, they will send the model to her website, they go to the prices page and enter in login credentials.

So the prices structure would be:

Login > [no login] = display <prices.htm>
Login > [agency A] = display <prices_agency1.htm>
Login > [agency B] = display <pirces_agency2.htm>

Oh, so she has different prices for different agencies then? Well, depending on how easy you wanna do it, I would suggest using 1 prices page, but depending on the user logged in at the time, the content of that page will vary. And then with each new agency that she adds in, I guess just create a new table/entry with new prices that corrospond to that entry.

If it were me, and I had that same business, I would just set up some Referral Codes, with a corrosponding price table to each code, and then have the Agency enter in the referall code on the website, and just display the prices that match the code.

Edit: As far as coding goes, with php, how much of that can you do? The way I'm explaining things, I'm just kind of assuming you have a decent knowledge of php and mysql.

cool how would that work? I don't have a database either....

Are you running the website, or is the other person? And the only way to get a Login of any kind, is to have a database that stores the information, unless you wanna hardcode it all into your script, which would take a while, and is harder to manipulate when need be.

Anyway umm.. if you don't have a database, I would see if your host provides one, and if not, look at http://www.mysql.com/ and see if you can figure out how to set one up from there. Most hosts give Cpanel, and at least 1 free database, even the free hosts. If your paying for a host, check your hosting package and see if they provide any kind of database.

I'd have to know more about your set up before I could really tell you how to proceed.

Ah sorry I do have a mysql database. But nothing there - wouldn't know how to set this up. I am running the website, but am very new to all this. I can build a site, but this is going above my knowledge

Lol... well umm... remember that link I gave to you over MSN, to the Dev-Shed forums? The people there are really smart when it comes to php and mysql (if you post in the right section).

One thing you might wanna consider doing, before tackling this project any further is, rather than looking for scripts that you don't understand, try to learn the php coding yourself so that you can customize them to your liking. I didn't find it overly difficult, just start with easy things, and work your way up.

I have something I can put online and give you a link to if you want it (I might have sent it to you actually). Its an E-Book called "PHP and MySQL Web-Development", which helps teach you this stuff from the start.

if you want to do it simply without using a database, you need a static html page with a form in it and a password field with name="password" in it. the action of the form should point to a php page.

the page of php it points to will need something like this in it (you can put this code anywhere in the page):

<?
$password = $_REQUEST[password];

if ($password == "foo") {
?>
here is some web content for people who know that the password is foo
<?
} elseif ($password == "bar") {
?>
here is some web content for people who know that the password is bar
<?
} else {
?>
here is some web content for all the other schmucks
<?
}
?>

please note, this is quick and dirty but it works and should get you started in the right direction for writing more complex stuff. experiment with it and see where it gets you. the web content can be any html including images, tables links etc or it could contain just a row or two of a table that starts before the quoted code and ends after it. as i said, play with it, see where it gets you and feel free to ask me for help.

i've got a working version of this file running here. you can point a form to it and test it if you like.

Is this site worth money for you, or is it just something for fun? embedding a password directly into the PHP source like that isn't really the most secure thing to do.

Originally Posted by Replicon

Is this site worth money for you, or is it just something for fun? embedding a password directly into the PHP source like that isn't really the most secure thing to do.

i did say it was quick and dirty. i make no apologies for that. if i was doing this myself i'd be using a mysql database, cookies and session keys but it didn't seem like adam knew if he had a database or how to use it so baby steps here. oh yeah, i'd also be charging for it by then

would you be happier if i used crypt and stored the password in php in it's encrypted form?

Hehe I know you said it was quick n dirty Yes I'd feel a bit better with crypt.

Just make sure my friend ' or 1=1 -- doesn't have access.