User Authentication for a PEAR CMS - Granting Access to the CMS

If there was no error, we continue to check whether any records have been returned, by testing the $res variable which will have the result of the query stored in it. If any records have been found, it means that the user does exist in the database, therefore we have to grant the user access to the CMS.

The next step that we take is to retrieve some user data. To do this we run a while loop to retrieve the information stored in the result variable. Also notice that we use DB's fetchrow() function to get the user's information. As a result, all data about the user is now stored in the $row variable. For the time being we only need to know the user's access level, so we extract it from the results:

if($res){

while ($row = $res->fetchRow(DB_FETCHMODE_OBJECT)) {

$level=$row->level;

}//end while loop

//******************************************Set up Session vars

We need two pieces of information to ensure that the CMS is accessed only by users who are known by the system, namely the username and access level. This information will be used to evaluate whether a user should be granted access to any of the scripts that make up the CMS. As a way of making this information available to all the scripts, we put them in session variables and then redirect the user to the main page of the CMS:

//user exists, setup session vars

$_SESSION['author_name'] = $username;

$_SESSION['level']=$level;

header("location:main.php");

}//end res check

If the result variable ($res) does not contain any records, an error message is added:  

else{

//user does not exist

$error .= "Your login details did not match";

}

}//end err check

In the next article we will discuss the HTML form that is responsible for collecting the information that we require from the user. We will also look at the last section of the user management process that deals with logging users out of the system.