Completing the Login Script for a PEAR CMS - The CMS

(Page 4 of 4 )

Now that we’ve finished discussing the user authentication process, we now start to discuss the program that is at the heart of the entire application. Immediately after a user has been authenticated, the system transfers the user to the first page of the CMS system, called main.php. This is the entry page for the entire CMS system. It lists the latest five articles and the names of the authors who wrote them. Below is some of the code that makes it work:

<?php

ob_start();

session_start();

if(!isset($_SESSION['author_name'])){

//redirect to login page

header("location:login.php");

}

The code above is responsible for ensuring that only users who are authenticated have access to the Content Management System.

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/main.dwt.php" codeOutsideHTMLIsLocked="false" -->

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<!-- InstanceBeginEditable name="doctitle" -->

<title>Untitled Document</title>

<!-- InstanceEndEditable -->

<!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable -->

<link href="Templates/pear.css" rel="stylesheet" type="text/css" />

</head>

<body>

<table width="100%" border="0" class="bord">

<tr class="header1">

<td colspan="2"><div align="center">Content Management System </div></td>

</tr>

<tr>

<td width="5%" valign="top"><!-- InstanceBeginEditable name="EditRegion4" -->

<table width="100%" border="0" cellspacing="0" class="navbord">

<tr>

<td colspan="2" bgcolor="#FFFFFF">&nbsp;</td>

</tr>

<tr>

<td colspan="2" bgcolor="#0066FF" class="section"><strong>Section</strong></td>

</tr>

<tr class="navbord">

<td class="nav"><a href="logout.php">Logout</a> </td>

<td><img src="images/user.gif" width="16" height="16" alt="" /></td>

</tr>

<tr class="navbord">

<td colspan="2" class="nav"><a href="main.php">Home</a></td>

</tr>

<tr class="navbord">

<td colspan="2" class="nav"><a href="authors.php">Authors</a></td>

</tr>

The code below checks to see if the user is an administrator, and displays appropriate navigation information based on the outcome.

<?php if($_SESSION['level']=="admin"){?>

<tr class="navbord">

<td colspan="2" class="nav"><a href="admin/index.php">Admin</a></td>

</tr>

<?php }?>

</table>

<!-- InstanceEndEditable --></td>

<td width="95%" valign="top"><!-- InstanceBeginEditable name="EditRegion3" -->

<table width="100%" border="0" class="bord">

<tr>

<td colspan="2" class="header">&nbsp;</td>

</tr>

<tr>

<td colspan="2" class="header">Read the latest stories from our authors... </td>

</tr>

The PHP code below extracts all the relevant information about authors and articles to display in the work area.

<?php

include 'db.php';

include 'connx.php';

//retrieve the latest 5 stories, include the author names as well. Store the record

$sql = "SELECT * FROM stories INNER JOIN authors ON stories.author=authors.aid

order by s_date asc limit 5";

$res = $db->query($sql);

if($res){

while ($row = $res->fetchRow(DB_FETCHMODE_OBJECT)) {

?>

<tr>

<td colspan="2" class="title">&nbsp;</td>

</tr>

<tr>

<td colspan="2" class="title"><a href="view.php?sid=<?php print $row->sid?>"

class="title"><?php print $row->title."..."; ?></a></td>

</tr>

<tr>

<td width="18%">&nbsp;</td>

<td width="82%" class="auth">by:<?php print $row->name ?></td>

</tr>

 

<?php

}//end while

}// no recs retrieved run else block

else{

?>

 

<tr>

<td colspan="2" class="maintxt"><p>No records found</p></td>

</tr>

<?php } ?>

</table>

 

<!-- InstanceEndEditable --></td>

</tr>

 

<tr class="copy">

<td colspan="2">&copy;2008</td>

</tr>

</table>

</body>

<!-- InstanceEnd --></html>

This is what the code produces:

How it works

We will look at the code in detail, but right now it is better to give a short explanation of how each script works, so that you have a complete understanding of the process. First, the script, like all the other scripts, is intuitive, in the sense that it checks to see that whoever is using it has the right to view it. It uses the session data that is available to it to do this. If this user is not authenticated, it will redirect the user to the login page. Otherwise the user will have access to all of the features that it offers. Also, the page does not display certain options on the navigation panel if the user of that page is not an administrator. The script uses the PEAR::DB package classes to access and retrieve the data from the database.

DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

Comments On: Completing the Login Script for a PEAR CMS

>>> Be the FIRST to comment on this article!