Learn how to crate registration form which sends an email with the activation link, login form with md5 password encryption, reset password form and restrict access to pages with Dreamweaver CS4, PHP and MySQL.
Time: 104:90 min / Price: £25.00
Sebastian Sulinski on 18th Apr 2009
Daniel on Monday, 22nd August 2011
is it possible to have multiple access levels for my website so that people would have different permissions ex: site admin, guest, user, CTO's, Human resource's, OWNER etc? how would that be set up with only the few options given?
Reply
Sebastian Sulinski : @designtutorials on Monday, 22nd August 2011
Yes - this could be done, but it would require some hand coding. You would have to create another field in the users table to flag each record with access level - it might be something as simple as numbers (1,2,3 etc.).
You would then have to create another session after login which would store this value and every time you check for user access (Restrict access to page) you would also check if this specific user's access level allows him/her to access this specific page - i.e. if page requires access 1 or 2 and all other should not be able to access this page, you could use something similar to this:
if (!in_array($_SESSION['access_level'], array(1, 2)) { // redirect user to login }I hope this helps.
Reply
Daniel on Monday, 22nd August 2011
Yes THX!! so would i have to make each page a certain level? or would it bock EVERY one who didnt have level 1,2. and im sorry because i AM new'ish to this how would i enter the level for each person who would sign up? on the data base? obviously the mainstreamers would be the lowest. and the PEOPle on MY team i would know about and set them accordingly.
Reply
Sebastian Sulinski : @designtutorials on Tuesday, 23rd August 2011
When you create a new table cell for the users, assing the default value as the lowest access - say the lowest is 1. Then every time someone registers, by default they will have the lowest access level assigned. If you want to upgrade their access then you'll be able to do so via database - unless you're building the whole user management system.
With regards to restricting access - yes, you would have to restrict it on all pages that need access restriction either by typing the same condition on each page or creating one include file with this condition and include it on each page after login.
Reply
Georges Naffah on Monday, 12th September 2011
Dear Sebastian
The tutorial is great but I have a question that is a must for the project I'm doing.
Let's say I have a user that didn't enter his email , (I know it's restricted form what you have done in your lessons), but in my case scenario the data have been already inserted into the database (imported to MySQL) and he wants to update his profile , well what I need is to let the code check to see if the user doesn't have an email then it should redirect him to a contact us page.
any hint please ?
Reply
Sebastian Sulinski : @designtutorials on Monday, 12th September 2011
Hi George,
The easiest way would be to find this user's record in the database - then check if the record email field is blank - and if so redirect him to the contact page.
Now - I'm not sure how you identify users as you have to have some unique id / email / username in order to find the record in the first place - so you would have to use this unique identifier to find the record in the table and then do the above check.
The IF statement should look something like this and should be placed at the top of the page:
if (empty($user['email'])) { header("Location: /contact_page_url"); exit; }I hope this is what you're looking for.
Reply
Luigi Fardella on Monday, 2nd January 2012
Very very good Sebastian!!!
The tutorial is fantastic. You are the best teacher!!!!!
Reply
Sebastian Sulinski : @designtutorials on Monday, 2nd January 2012
Thanks Luigi
I'm glad you like the tutorial.
Reply
Luigi Fardella on Tuesday, 3rd January 2012
I have the probelm when I send the email to activate the link:Warning: mail() [function.mail]: Failed to connect to mailserver at "localhost" port 25, verify your "SMTP" and "smtp_port" setting in php.ini or use ini_set() in C:wampwwwSSDRegistrationindex.php on line 186
Why?
Reply
Sebastian Sulinski : @designtutorials on Tuesday, 3rd January 2012
Hi Luigi,
This is due to some configuration settings with WAMP - check this post:
Sending e-mail from localhost in PHP in Windows Environment.
Reply
Luigi Fardella on Tuesday, 3rd January 2012
Sorry, is this not correct: http://localhost/Registration/activate.php?id='.$hash.' ?
The SMTP is localhost and the port is 25
Reply
Sebastian Sulinski : @designtutorials on Tuesday, 3rd January 2012
Hi Luigi,
This isn't really what's causing the problem - it's the WAMP settings. The best way to test it would be to run the application on the proper web host. There are plenty of the free ones, which would allow you to test your application in the real environment.
Here are a list of a few you can choose from: Free Web Hosting Providers.
Reply
Luigi Fardella on Wednesday, 4th January 2012
Hi Sebastian,
On the remote server it works fine now, but in the the function.php, on the last row:
if ( $isValid && !( checkdnsrr($domain,"MX") || checkdnsrr($domain,"A") ) ) { // domain not found in DNS $isValid = false; }I have an error, which refers to the function checkdnsrr(). I deleted the if condition and the problem was gone. Is this ok?
Reply
Sebastian Sulinski : @designtutorials on Wednesday, 4th January 2012
Hi Luigi,
Yes, that's fine - it's just an extra layer of validation, but you usually don't need such deep validation so it is ok to omit it.
You can read a bit more on that function here.
Reply
Luigi Fardella on Wednesday, 4th January 2012
Yes, Sebastian I wrote in the PHP Manual thank you! The tutorial is very good! The next week I will get the MacBook Pro with I7. For me it is a big change going from PC to MAC, but I am very happy!
Reply
Luigi Fardella on Wednesday, 4th January 2012
Hi Sebastian, I don't have a perfect connection with my ADSL to watch the video. Is it possible to have the download of the videos that I bought?
Thank you.
Reply
Sebastian Sulinski : @designtutorials on Wednesday, 4th January 2012
Hi Luigi,
I'm afraid our tutorials are only available online.
Reply
Luigi Fardella on Wednesday, 4th January 2012
Ok Sebastian....Thank you!
Reply
luigi Fardella on Thursday, 12th January 2012
But, if I want to create the form to delete the user, how do I do?
Reply
Sebastian Sulinski : @designtutorials on Thursday, 12th January 2012
Hi Luigi,
This specific tutorial does not cover the removal of user records. We have covered this topic in other tutorials, but this one is only explaining how to do things in the title.
Reply
Luigi Fardella on Thursday, 12th January 2012
ok thank you !!
Reply
Gabor Molnar on Wednesday, 7th March 2012
Hy Sebastian,
First of all i Would like to say a big thank you for this amazing tutorial. I have never seen anybody who can understand and able to teach php that well.
I would like to ask a few security questions, as a new to php not totally sure about the security issues.
Is the Dreamweaver generated code provide any security from code injection because i have seen "mysql_real_escape_string" and "HTML entities" code within the Dreamweaver generated codes. Are those things give any protection for my webpage? Do i need to worry about it or not because those codes give protection or my webpage...
Thank you very much for your answer in advance
Best Regards,
Gabor
Reply
Sebastian Sulinski : @designtutorials on Wednesday, 7th March 2012
Hi Gabor,
One of the functions that Dreamweaver generates is responsible for the input sanitation, but escaping the quotes etc. so you should be fairly secure. That said, you have to be aware of the fact that there really isn't something like 100% secure web application. Once you've published website on the world wide web - it automatically becomes vulnerable. We can only try to make it harder for the attacker to crack it.
For more advanced web applications I would suggest using PHP PDO, but from what I know Dreamweaver does not offer any extensions, which support PHP PDO class so you would have to learn a manual coding in order to use it.
We have a number of the tutorials, which cover this class in more detail.
Reply
Gabor Molnar on Wednesday, 7th March 2012
Thank you very much for your fast respond appreciate it....
Best Regards,
Gabor
Reply
Qaysar Akbar on Thursday, 12th April 2012
Hi Sebastian,
In my config file if I was to have the following defined:
define ("ADMIN_LEVEL", 5); define ("EDIT_LEVEL", 2); define ("USER_LEVEL", 1); define ("GUEST_LEVEL", 0);What would the custom function be to check access based on the above so I can call something on the protected page.
Thanks
Reply
Sebastian Sulinski : @designtutorials on Sunday, 15th April 2012
Hi Qaysar,
I'm not sure what you're trying to achieve, but if you're trying to deal with access levels it is best to keep it in the separate table in database and assign access id to the user profile directly within the table - no need for constants here.
Reply