Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Login sytem with PHP

Tags:

authentication

php

session

Good day.

I have questions about the login system , that disturbed me quite a long time. For this i want you to imagine that i have 2 pages login.php and userpage.php. The login page contains fields for input of user name and password. While userpage contains all the information about the logined user. When user inputs his data, some class Connection checks him in the database and if user exists, creates a session.

  1. When I'm creating a redirection from login.php to userpage.php, how should i redirect users data? (Should I use global arrays (like $_SESSION) to transfer the info or I should connect the db again from the user page?)

  2. Should I create some multi-threading (Do not judge strictly, I'm a newbie) for userpage.php, to be created for multiple users, which are trying to login at the same time?

  3. How should I protect the information (code side), for being hard to read? (For example Facebook pages source-code. because i don't want some "bad guys" to view my sources) and other things.

  4. How can I make some users to see what the others can't ? For example userpage.php shows different links and information for different users and all the information for me .

  5. How can i prevent membership.php from being viewed?(Is there some other way than using header?)

  6. How can i prevent my require and require_once from being viewd at the login.php and userpage.php ?

like image 384
Animus Avatar asked Feb 14 '23 00:02

Animus

1 Answers

1.) When I'm creating a redirection from login.php to userpage.php, how should i redirect users data? (Should I use global arrays (like $_SESSION) to transfer the info or I should connect the db again from the user page?)

You need to have a connection to the db everytime you want to get the user's data. You can create a session to store a unique attribute for the user, like $_SESSION['id'], when the user is successfully logged in, and you can use that value on any page to query the db and get the necessary user data.

2.) Should I create some multi-threading (Do not judge strictly, I'm a newbie) for userpage.php, to be created for multiple users, which are trying to login at the same time?

No, you don't need to worry about users connecting at the same time. The server can handle this. When you have a million users or so, you can start considering this. (Although, even then I'm not too sure. Unfortunately I've never had that problem ;) )

3.) How should I protect the information (code side), for being hard to read? (For example Facebook pages source-code. because i don't want some "bad guys" to view my sources) and other things.

You cannot prevent anyone from seeing your markup and styles, that is, your html and css, or any client side scripting, like javascript. However, your php is server side and not displayed in the source. The 'bad guys' will not be able to view source to see your db connections, php logic, etc.

4.) How can I make some users to see what the others can't ? For example userpage.php shows different links and information for different users and all the information for me .

There are different approaches to take. The simplest is probably to store the user's 'permission level' in the db, and then check that every time you load content. For example,

    if ($user['permission']==1)
        // Show something
    elseif ($user['permission']==2)
        // show something else

5.) How can i prevent membership.php from being viewed?(Is there some other way than using header?)

The easiest way to do this is by checking to see if there is an active session, and if not, redirect:

    if (!isset($_SESSION['id']))
        header("Location: login.php");

6.) How can i prevent my require and require_once from being viewed at the login.php and userpage.php ?

Not too sure what you mean by this, but consider this: require and require_once are the exact same as including the code directly in the file. If you are referring to them being viewed directly by the client by hitting 'view source', don't worry - see answer to question 3.

Note:

These answers are simplified, and there are plenty of other complications to consider. Some of this stuff may not make sense, but I wouldn't sweat it too much. I would recommend starting small - find a decent tutorial or two on how to create a simple user database, a registration, and login page, and start there. No answers you get here will substitute research, practice, and trial and error. Start small, and things will quickly become clearer as you progress.

like image 197
Mark Miller Avatar answered Feb 24 '23 08:02

Mark Miller
Sign in to Comment

Related questions

laravel 4: Route to controller when error occurred
Call another action from one action of the same controller
--enable-phar=shared Do I have to recompile PHP to Install Composer?
Silverstripe admin page not coming
Woocommerce - Call custom function after payment is completed
Wpdb update via $wpdb->query() not working
laravel passing errors to views through controllers
Mails sent using PHP taking too much time
Fatal error: Cannot redeclare class Database
SHA256 in PHP & Java
Doctrine [Semantical Error] Error: Class xxx has no field or association named yyy
Text in div limited characters, add "Read more" link and show all characters when link is clicked
laravel 4 reset password: sending multiple emails
Woocommerce price after discount
Array key in php
getting metadata from table sql server (php)
Is HHVM or PHP5 Zend running?
Unable to render template ... resolver could not resolve to a file
Only accept AJAX $_GET or $_POST requests from specific page
split string if next chracter is specific character e.g 'abc'

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!