A little help with PHP/MySQL
Hey there guys!
I'm building up a site for a friend, he's a lawyer, and he just needs basic info such as street address, staff, some pictures, about us, contact us, etc...you know, the basic, static stuff, and I got no problem there (I'm doing this with Dreamweaver CS3).
However, here comes the tricky part:
He wants his clients to be able to log in with a username/password and check their cases on the website, which means I would need to create a different unique page for each user.
So, being a complete newbie with PHP and MySQL, I successfully followed this tutorial on how to create a login page for users. Everything was understood. Everything went fine. That's covered.
Now, all I need, is to know how to redirect each user to his own page, where he'll be able to find his documents, cases, pictures, or whatever my friend asks me to upload.
For example, Mr. Jones wants to check how his car insurance case is going, so he would go to the website, login, and he would be redirected to a page that only HE can see. This page will contain pictures of his crashed car, text files, or whatever I upload...
I hope you can understand what I'm trying to do :Blushing: It's like when you go to your profile page here in the forum.
I'm sure it's not too hard for experienced users to accomplish something like this. If you could tell me how to achieve this I'd be really grateful!
Thanks a lot!
I havent looked at the tutorial you followed, but it might be an idea to look into sessions if you havent already.
The way I would do it (and I am by no means an expert) is use the login script youve created and assign the user a session, then set up a unique page for each client e.g /client/john-jones.php and have this page check that the user has the 'session' assigned.. If not, ask them to login.
Ive made it sound easier than it really is.. I hope your getting paid, or some legal advice should you ever need it, as this isnt an easy task.
If you need any help, fire me an email lewis [at] hilldesigns.co.uk or add me on MSN lewwy [at] hotmail [dot] co [dot] uk.
I am a PHP and MySQL developer and I have to advise you not to do this job. You're looking at some serious legal ramifications, unless you can have your friend write up a waiver that he will sign which removes you from all liability in case his clients' stuff is stolen. I could see you learning on some other sites that it's not a privacy issue if people hack it, but this is a potential lawsuit.
Now if you do not take my advise, then you need to do some serious reading on PHP security methods. I would also put all the client info into the database, make sure you have two specific MySQL logins, one for the admin you should create your friend and then one that only has read only and write permissions for the login and the client data. Then your friend can enter the data through the admin, and then when the client logs in, you can take their user id and grab all their info from the database.
This is a lot more involved than this, but again.. Im going to have to recommend you learn with something a lot easier and with less liability then this job.
Ah, fair play Murlyn.. I didnt think that far into it, glad you did though.
What with it being legal data, I agree.
Furthermore I took a look at the tutorial you followed, and it seems that dreamweaver did all the work for you in the first place, so it wouldnt make sense for you to learn about sessions having essentially skipped the first bit, kind of like running before you can walk.
Good luck whatever you do.
Thanks a lot to both of you guys. In fact, I might have said no If I didn't know what I was getting into, but my friend actually works only with routine stuff that no one would really pay attention to...I mean a hacker would not be interested in reading this kind of stuff. Although it is legal information, it is not really classified...he just wants to give his clients a bit of a better service.
I warned him I didn't know much about advanced web programming and security, but he said it didn't matter since he has a handful of clients with routine cases that no one would take advantage off even if they were published on a newspaper :D
So, getting back on track, it would seem I have to do some reading and learn about sessions from the start. I'll walk before running and come back here and bother you with some other questions once I know a little more.
Thanks a lot really -- you'll hear more about me and php soon I hope.
|All times are GMT -4. The time now is 01:06 AM.|
Powered by vBulletin
Copyright ©2000 - 2015, Jelsoft Enterprises Ltd.