Server Side Variables

Ask about general coding issues or problems here.

Moderators: egami, macek, gesf

Post Reply
PapaGeek
New php-forum User
New php-forum User
Posts: 2
Joined: Wed Feb 07, 2018 9:50 am

Wed Feb 07, 2018 10:31 am

I have been a software engineer for 50 years and have developed website since 1994. My only server side experience so far has been with ASP and XML. I am now working on a project for my camping group where I want to use MySQL and PHP because the database will be more complex. I want each page to display differently based on the “security” level of who is looking at it. For security reasons I want to keep the security level of the individual who has logged in on the Server, not as a cookie on the users browser. Since I am not fluent with PHP yet, I think this is the pseudo code that I would like to include at the top of every PHP page:

Code: Select all

<?php
if ( is_session_started() === FALSE ){
   Start_session for( 15 minutes );
   Define_session.variable(“UserType”, 0);    // A visitor    
   Local variable UserType = 0;
} else {
   Extend_session_time_to (15 minutes);
   Local variable UserType = get_session.variable(“UserType”);
}
?>
The local variable UserType would then be used to display that page depending on who is looking at it!

My first coding request is: Is this code reasonable and if so, what is the proper PHP coding?

My current HTML test files use JavaScript which makes every version of every page is viewable using the browser’s “display page source”. Once this is converted to PHP, every PHP page on the website will include the same pop-up log in menu and the HTML sent to the user’s browser will ONLY contain the information for that User Type.
Image

Once you are logged in, the test page display will change based on your User Type. Here is a rough idea of the HTML code that is currently used to display different things for different User Type security levels:

Code: Select all

<center>
<div class=Visitor>
    <p>You are currently classified as a Visitor, so the 
       names in our member list are not links to the hidden
       information about our members.
       <button onclick="show_login()">Log In</button></p>
</div>

<div class=Member>
    <h3><script type="text/javascript">sayHello();</script>
       &nbsp; &nbsp;
       <button onclick="do_logout()">Log Out</button></h3>
</div>
</center>
I can then activate various CSS files to display and hide divisions based on the current User Type, Members see one thing, Visitors see something else!
Image


Of course when using server side PHP the HTML code sent to the web browser will not include both versions, just the version that the current User Type is allowed to see.

Thanks in advance for any help you can provide.

PS: is it OK to provide a link to the website

User avatar
zaim
New php-forum User
New php-forum User
Posts: 29
Joined: Sat Jan 06, 2018 9:05 am
Location: Kedah, Malaysia.

Wed Feb 07, 2018 6:50 pm

Hello.

I just want to mention the session part.
In PHP7 there is a global variable of session, it is less complexity. As the manual stated, to start a session just simply add 'start_session()' at the most top of your script (in PHP), you must include the syntax in each of your pages to ensure each user holds their own session.
I once made a login system, to specify each user with their own session I would have to specify them with their own tag first (like id, no, or whatever that is unique). I used id, made it auto increment on each signup.

Fetch the detail of the user that logged in from the table and start your session. (below code is just an example)

Code: Select all

$querylogin = "SELECT * FROM usertable WHERE username='$username' AND password='$password'";
mysqli_query( $dbconnection, $querylogin );
Then, pick the user id and make a session of it.

Code: Select all

$usersession = $_SESSION['id'];
You can 'echo' the output of the session for validation.

Code: Select all

echo "Your userID : ".$usersession;
How to end session? Here.

Addition, for permission, I have thought about that for quite a time now. You can create an 'enum' column which will contain three (3) options;

a) ADMIN
b) SUPERUSER
c) USER

So, when a user access a page you wanted permission to be active then make a comparison. If it is not equal then redirect the user to other page or like how you said, make it invisible using div ( or css ).

That's how I would do it though, there are more efficient methods out there. :oops:
Last edited by zaim on Wed Feb 07, 2018 10:30 pm, edited 1 time in total.
Sorry if my answers aren't top notch but I will try my best to help anyone in need. :oops:

PapaGeek
New php-forum User
New php-forum User
Posts: 2
Joined: Wed Feb 07, 2018 9:50 am

Wed Feb 07, 2018 10:28 pm

You said:

I once made a login system, to specify each user with their own session I would have to specify them with their own tag first (like id, no, or whatever that is unique). I used id, made it auto increment on each signup.

Fetch the detail of the user that logged in from the table and start your session. Then, pick the user id and make a session of it.

$usersession = $_SESSION['id'];




You seem to be indicating that my code must define a unique ID for each session and that the first thing that must happen is for someone to log in. This would mean that a visitor would not be able to look at a restricted view of our website, that an admin of our site would not be able to log on and off as different users to help the non computer savvy members to sign up for camping trips.

Are you basically saying that the concept of the pseudo code I suggested is not possible in PHP and I have to find another language?

Are you saying that I have to supply the unique session ID for everyone who logs into our website? How do I allow Visitors to view our website but not allow them to see, for example, the full list of members with their e-mail addresses?

Post Reply