Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Some guidance please 1

Status
Not open for further replies.
keepingbusy

keepingbusy

Programmer
Apr 9, 2000
1,470
GB

Hi

We have set up a website using php (and oscommerce).

I'm now looking to set up a similar site but this time, I need the login/create account screen at the front end and once logged in, it would take you to the shop.

This has to be a sort of "Members only" area with no access other than through the front end.

We have available webspace with the ability to password protect directories etc.

If you need any other information, please let me know.

Some guidance not the sollution would be very helpful.

Thank you

Lee
 
Sort by date Sort by votes
i am not familiar with oscommerce but i suspect my normal answer of "use the despatch method" would not be consistent with this application.

i don't think htaccess is going to get you anywhere at all either.

i would use a bespoke php.ini file for this application and add a directive as follows:

Code: 
auto_prepend_file = login.php

then in your login.php script I would create a logic flow that looks like this

Code: 
is a login session variable set?
if yes ->
  has the login timed out (check against a timestamp stored in the session
  [has the IP address of the user migrated] //possibility of spoof
  if yes -> unset the session variables, redirect to a login form. exit()
  if no -> reset the timestamp to time();
if no->
  is this a login attempt (are the right form variables present)
  if yes->check login validity
           if valid -> set the session variables.  Allow the script to continue (i.e. do nothing else
           if invalid-> set a login attempt counter.  if the counter is exceeded. lock the user out for 10 minutes
  if no -> redirect to a login form. exit()
the crtical steps above are to call exit() explicitly when you do not want to let the user through to the main site. for all other instances just allow this script to terminate naturally and then the user will automatically receive the browsing experience from the page that he has requested.

the other advantage of a auto_prepend_file is that you can add your logging scripts and other libraries into this script without it affecting the flow of you main application.

if you are unable to modify the php.ini file you will need to open each of your *.php files (that are externally reachable) and add this as the top line of your code
Code: 
<?php require_once "login.php"; ?>
this may sound like a hassle but you can write a script in only a couple of minutes that will do this for you.
 
Upvote 0 Downvote

Hi jpadie

Thank you for posting your suggesting which I can see the logic and is a very good pointer of what to do.
if you are unable to modify the php.ini...
Click to expand...
I'm not sure we can do that, but in any case, it shouldn't be a problem to edit the other php files and add the code line you suggested.

This project is likely to take a few weeks but I will post back with the outcome for other visitors of this forum.

I'm grateful for your guidance.

Lee
 
Upvote 0 Downvote
if your site uses php as a cgi it is often possible to upload a local php.ini in the directory that the scripts are executed. the php.ini need not be "full", you can just include the directives that you care about.

i was toying with a batch update script after writing my earlier post. here is my (untested) effort in case it is useful to anyone

Code: 
<?php
$dir = "path/to/directory/with/php/files/";
$dh = opendir($dir);
$permittedTypes = array("php", "php4", "php5");
while (false !== ($file=readdir($dh))){
	$pi = pathinfo($dir.$file);
	if (isset($pi['extension']) && in_array($pi['extension']. $permittedTypes)){
		if (addCode($dir.$file)){
			echo "$dir.$file updated successfully <br/>";
		} else {
			echo "$dir.$file: problem updating file <br/>";
		}
	} 
}

function addCode ($file){
	$addition = '<?php require_once "login.php"; ?>' . "\r\n";
	$fh = @fopen($file, "xb");
	if (!$fh) { return false;}
	if (fwrite($fh, $addition. $fc) === FALSE) { return false;}
	@fclose($fh);
	return true;
}
?>
 
Upvote 0 Downvote
oops. the function was wrong (before I remembered about the "x" switch

Code: 
function addCode ($file){
    $addition = '<?php require_once "login.php"; ?>' . "\r\n";
    $fh = @fopen($file, "xb");
    if (!$fh) { return false;}
    if (fwrite($fh, $addition) === FALSE) { return false;} //[red]this line changed[/red]
    @fclose($fh);
    return true;
}
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

dball63
  • Locked
  • Question
Noob Needs some help making HTML edits on PHP page
Replies
6
Views
261
spamjim
spamjim
BobMCT
  • Locked
  • Question
Some in_array logic help please?
Replies
2
Views
117
BobMCT
BobMCT
southbeach
  • Locked
  • Question
PDO whoopping me up! Please tell me what is wrong w/ snippet!
Replies
1
Views
145
southbeach
southbeach
BobMCT
  • Locked
  • Question
Please help with what should be a simple task? 1
Replies
1
Views
48
jpadie
jpadie
Xsi
  • Locked
  • Question
Could someone explain following stuff for me (eval and functions)
Replies
4
Views
163
Xsi
Xsi

Part and Inventory Search

Sponsor

Back
Top