Greetings There was such a question on the way to perfection in php ... Here I did the page design, made a layout for it, now I need to register, did a registration with a muscle with the users table, where all the registered visitors are written, now the question was how to make reading was coming from the database of this particular users table and an users person could not see the contents of the page? What code should I place?

Something like this require_once("security_mod.php"); at the beginning of the main page, and in the file security_mod.php content will be like this:

 <?php /////////////////////////////////////////////////// // Система авторизации HTTP-Basic авторизации // 2003-2005 (C) IT-студия SoftTime (http://www.softtime.ru) // Симдянов И.В. (simdyanov@softtime.ru) /////////////////////////////////////////////////// // Устанавливаем соединение с базой данных require_once("config.php"); // Если пользователь не авторизовался - авторизуемся if(!isset($_SERVER['PHP_AUTH_USER'])) { Header("WWW-Authenticate: Basic realm=\"Admin Page\""); Header("HTTP/1.0 401 Unauthorized"); exit(); } else { // Утюжим переменные $_SERVER['PHP_AUTH_USER'] и $_SERVER['PHP_AUTH_PW'], // чтобы мышь не проскочила if (!get_magic_quotes_gpc()) { $_SERVER['PHP_AUTH_USER'] = mysql_escape_string($_SERVER['PHP_AUTH_USER']); $_SERVER['PHP_AUTH_PW'] = mysql_escape_string($_SERVER['PHP_AUTH_PW']); } $_SERVER['PHP_AUTH_USER'] = str_replace("'","`",$_SERVER['PHP_AUTH_USER']); $_SERVER['PHP_AUTH_PW'] = str_replace("'","`",$_SERVER['PHP_AUTH_PW']); $query = "SELECT pass FROM userlist WHERE name='".$_SERVER['PHP_AUTH_USER']."'"; $lst = @mysql_query($query); // Если ошибка в SQL-запросе - выдаём окно if(!$lst) { Header("WWW-Authenticate: Basic realm=\"Admin Page\""); Header("HTTP/1.0 401 Unauthorized"); exit(); } // Если такого пользователя нет - выдаём окно if(mysql_num_rows($lst) == 0) { Header("WWW-Authenticate: Basic realm=\"Admin Page\""); Header("HTTP/1.0 401 Unauthorized"); exit(); } // Если все проверки пройдены, сравниваем хэши паролей $pass = @mysql_fetch_array($lst); if(md5($_SERVER['PHP_AUTH_PW']) != $pass['pass']) { Header("WWW-Authenticate: Basic realm=\"Admin Page\""); Header("HTTP/1.0 401 Unauthorized"); exit(); } } ?>

The question is that I don’t like this type of password protection of the site, there is a blockage of the whole site, and not content in particular ... I need to password a part of the site ... Help ...

    4 answers 4

    how-to-close-to-non-registered-page
    authorization-in-php
    Both links are available if you enter authorization in the search.

      Well, connect only on the page that is required, or enter it into the function and call on the right place and use branching, if not authorized, then output the text and login form by the post else And the output of content went

      • And yes) go to $ _SESSION ['login'] - xsikor

      4 lessons on creating registrations on a site in PHP + MySQL

      here I advise you to read it is written everything is available and with examples.

       <?php if (!empty($_SESSION['login']) and !empty($_SESSION['password'])) { //если существет логин и пароль в сессиях, то проверяем их и извлекаем аватар $login = $_SESSION['login']; $password = $_SESSION['password']; $result = mysql_query("SELECT * FROM users WHERE login='$login' AND password='$password'",$db); $myrow = mysql_fetch_array($result); $classindex = "current_page_item"; //извлекаем нужные данные о пользователе } else { // если не существет логин и пароль в сессиях, то отправляем на главную страницу header('Location: /index.php'); exit; } ?>

        Make a variable in the session, for example $ _SESSION ['logging'], and when logging in the user, set it to 1. Then when displaying the content you want to close, just check if there is such a variable and if it is equal to one. As a result, the entire site will be available without login, and the necessary information will be hidden.