User Authentication for a PEAR CMS - Granting Access to the CMS
(Page 4 of 4 )
If there was no error, we continue to check whether any records have been returned, by testing the $res variable which will have the result of the query stored in it. If any records have been found, it means that the user does exist in the database, therefore we have to grant the user access to the CMS.
The next step that we take is to retrieve some user data. To do this we run a while loop to retrieve the information stored in the result variable. Also notice that we use DB's fetchrow() function to get the user's information. As a result, all data about the user is now stored in the $row variable. For the time being we only need to know the user's access level, so we extract it from the results:
if($res){
while ($row = $res->fetchRow(DB_FETCHMODE_OBJECT)) {
$level=$row->level;
}//end while loop
//******************************************Set up Session vars
We need two pieces of information to ensure that the CMS is accessed only by users who are known by the system, namely the username and access level. This information will be used to evaluate whether a user should be granted access to any of the scripts that make up the CMS. As a way of making this information available to all the scripts, we put them in session variables and then redirect the user to the main page of the CMS:
//user exists, setup session vars
$_SESSION['author_name'] = $username;
$_SESSION['level']=$level;
header("location:main.php");
}//end res check
If the result variable ($res) does not contain any records, an error message is added:
else{
//user does not exist
$error .= "Your login details did not match";
}
}//end err check
In the next article we will discuss the HTML form that is responsible for collecting the information that we require from the user. We will also look at the last section of the user management process that deals with logging users out of the system.
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
