p2p.wrox.com Forums

Need to download code?

View our list of code downloads.


  Return to Index  

beginning_php thread: Re: Login verify script. to Nik


Message #1 by "jorge" <jorge@d...> on Mon, 14 Oct 2002 16:15:30 -0500
Hi Nik this is Jorge

I normally check for the existence of the value, that way i can make pages
with diferent levels of access (excuse my gramar)
let me explain:
lest say i want
user with level 1 only access pages 1,3,and 5
user admin all pages
public users only pages 2,and 4
instead of checking by the exeption (!) i found  alot shorter to do it the
other way
since i grab the user authentification value with the user security level to
see if they have access or not
should i do it the other way ??
thanks.

Jorge

----- Original Message -----
From: "Nikolai Devereaux" <yomama@u...>
To: "beginning php" <beginning_php@p...>
Sent: Monday, October 14, 2002 2:54 PM
Subject: [beginning_php] Re: Login verify script.


>
> I find it cleaner to check for the absense of $chk_uid than the existence
of
> it:
>
>
> if(! isset($chk_uid) || ($chk_uid == ''))
> {
>   // redirect
> }
>
> // display your page here.
>
>
>
> Doing it this way allows you to encapsulate this into a function:
>
> // defined in, say, "user_mgmt.inc"
> function enforce_login($bounce_page)
> {
>     if( !isset($_SESSION['chk_uid']) ||
>         ($_SESSION['chk_uid'] == ''))
>     {
>         Header("Location: $bounce_page");
>     }
> }
>
>
> Now your page is just
>
> <?php
>
> require('user_mgmt.inc');
> enfore_login('register.php');
>
> // display your page here.
> ?>
>
>
> If you want to whittle it down one more line, you can do this interesting
> trick:
>
>
> <?php  // filename: "valid_user"
> session_start();
>
> if( !isset($_SESSION['chk_uid']) ||
>     ($_SESSION['chk_uid'] == ''))
> {
>     Header("Location: $bounce_page");
> }
> ?>
>
>
>
> Now your page is just
> <?php
>
> require 'valid_user';
>
> // display your page here.
>
>
>
> hth,
>
> nik
>
>


Message #2 by "Nikolai Devereaux" <yomama@u...> on Mon, 14 Oct 2002 15:10:24 -0700
The only reason I suggest checking for the absense of the value is because you
can move your page display code completely outside of the authentication
checks.

One way, you have this:

if($auth)
{
  // page code here
}
else
{
  // header stuff here
}


The page generation code can get pretty long, so by the time you get down to
the else block, it doesn't flow too well with its surrounding code.  It's just
a shift in how you look at the reason for if() statement.

On one hand, you can say that the if() expression determines who is allowed to
view the page.  That's your way of looking at it.

On the other hand, you can say that the if() expression exists to determine who
is supposed to be redirected FROM the page.  That's my way of looking at it.

This means that the page generation code for a script can be located outside of
the if/else blocks.  It's the same effect, after all is said and done, but
things are organized in the code a little better, imho.

if(! $auth)
{
   // header stuff here
}

// page code here


Having different levels of authorization is fine, and should be how things are
done.  You can create a function for each level of authorization that a user
can have which determines whether or not a user is that level.  If not,
redirect.


For example:

function is_admin()
{
   ...
}

function is_registered_user()
{
   ...
}



<?php
// protect this page from anyone not logged in as
// a registered user:

if(! is_registered_user())
{
   // redirect here.
}

// page code here.
?>


<?php
// This page is accessible by administrators ONLY.

if(! is_admin())
{
  // redirect here
}

// page code here.

?>


Hope this helps!

Nik


> -----Original Message-----
> From: jorge [mailto:jorge@d...]
> Sent: Monday, October 14, 2002 2:16 PM
> To: beginning php
> Subject: [beginning_php] Re: Login verify script. to Nik
>
>
> Hi Nik this is Jorge
>
> I normally check for the existence of the value, that way i can make pages
> with diferent levels of access (excuse my gramar)
> let me explain:
> lest say i want
> user with level 1 only access pages 1,3,and 5
> user admin all pages
> public users only pages 2,and 4
> instead of checking by the exeption (!) i found  alot shorter to do it the
> other way
> since i grab the user authentification value with the user security level to
> see if they have access or not
> should i do it the other way ??
> thanks.
>
> Jorge
>
> ----- Original Message -----
> From: "Nikolai Devereaux" <yomama@u...>
> To: "beginning php" <beginning_php@p...>
> Sent: Monday, October 14, 2002 2:54 PM
> Subject: [beginning_php] Re: Login verify script.
>
>
> >
> > I find it cleaner to check for the absense of $chk_uid than the existence
> of
> > it:
> >
> >
> > if(! isset($chk_uid) || ($chk_uid == ''))
> > {
> >   // redirect
> > }
> >
> > // display your page here.
> >
> >
> >
> > Doing it this way allows you to encapsulate this into a function:
> >
> > // defined in, say, "user_mgmt.inc"
> > function enforce_login($bounce_page)
> > {
> >     if( !isset($_SESSION['chk_uid']) ||
> >         ($_SESSION['chk_uid'] == ''))
> >     {
> >         Header("Location: $bounce_page");
> >     }
> > }
> >
> >
> > Now your page is just
> >
> > <?php
> >
> > require('user_mgmt.inc');
> > enfore_login('register.php');
> >
> > // display your page here.
> > ?>
> >
> >
> > If you want to whittle it down one more line, you can do this interesting
> > trick:
> >
> >
> > <?php  // filename: "valid_user"
> > session_start();
> >
> > if( !isset($_SESSION['chk_uid']) ||
> >     ($_SESSION['chk_uid'] == ''))
> > {
> >     Header("Location: $bounce_page");
> > }
> > ?>
> >
> >
> >
> > Now your page is just
> > <?php
> >
> > require 'valid_user';
> >
> > // display your page here.
> >
> >
> >
> > hth,
> >
> > nik
> >
> >
>
>
>

Message #3 by "jorge" <jorge@d...> on Mon, 14 Oct 2002 19:04:01 -0500
thanks Nik

I understand its a better way to do thinks without a doubt, have everything
outside
the page.
and have functions out there will speed up updates and shorten the page
code.


Jorge :)




I value your Help

Jorge :)
----- Original Message -----
From: "Nikolai Devereaux" <yomama@u...>
To: "beginning php" <beginning_php@p...>
Sent: Monday, October 14, 2002 5:10 PM
Subject: [beginning_php] Re: Login verify script. to Nik


>
> The only reason I suggest checking for the absense of the value is because
you
> can move your page display code completely outside of the authentication
> checks.
>
> One way, you have this:
>
> if($auth)
> {
>   // page code here
> }
> else
> {
>   // header stuff here
> }
>
>
> The page generation code can get pretty long, so by the time you get down
to
> the else block, it doesn't flow too well with its surrounding code.  It's
just
> a shift in how you look at the reason for if() statement.
>
> On one hand, you can say that the if() expression determines who is
allowed to
> view the page.  That's your way of looking at it.
>
> On the other hand, you can say that the if() expression exists to
determine who
> is supposed to be redirected FROM the page.  That's my way of looking at
it.
>
> This means that the page generation code for a script can be located
outside of
> the if/else blocks.  It's the same effect, after all is said and done, but
> things are organized in the code a little better, imho.
>
> if(! $auth)
> {
>    // header stuff here
> }
>
> // page code here
>
>
> Having different levels of authorization is fine, and should be how things
are
> done.  You can create a function for each level of authorization that a
user
> can have which determines whether or not a user is that level.  If not,
> redirect.
>
>
> For example:
>
> function is_admin()
> {
>    ...
> }
>
> function is_registered_user()
> {
>    ...
> }
>
>
>
> <?php
> // protect this page from anyone not logged in as
> // a registered user:
>
> if(! is_registered_user())
> {
>    // redirect here.
> }
>
> // page code here.
> ?>
>
>
> <?php
> // This page is accessible by administrators ONLY.
>
> if(! is_admin())
> {
>   // redirect here
> }
>
> // page code here.
>
> ?>
>
>
> Hope this helps!
>
> Nik
>
>
> > -----Original Message-----
> > From: jorge [mailto:jorge@d...]
> > Sent: Monday, October 14, 2002 2:16 PM
> > To: beginning php
> > Subject: [beginning_php] Re: Login verify script. to Nik
> >
> >
> > Hi Nik this is Jorge
> >
> > I normally check for the existence of the value, that way i can make
pages
> > with diferent levels of access (excuse my gramar)
> > let me explain:
> > lest say i want
> > user with level 1 only access pages 1,3,and 5
> > user admin all pages
> > public users only pages 2,and 4
> > instead of checking by the exeption (!) i found  alot shorter to do it
the
> > other way
> > since i grab the user authentification value with the user security
level to
> > see if they have access or not
> > should i do it the other way ??
> > thanks.
> >
> > Jorge
> >
> > ----- Original Message -----
> > From: "Nikolai Devereaux" <yomama@u...>
> > To: "beginning php" <beginning_php@p...>
> > Sent: Monday, October 14, 2002 2:54 PM
> > Subject: [beginning_php] Re: Login verify script.
> >
> >
> > >
> > > I find it cleaner to check for the absense of $chk_uid than the
existence
> > of
> > > it:
> > >
> > >
> > > if(! isset($chk_uid) || ($chk_uid == ''))
> > > {
> > >   // redirect
> > > }
> > >
> > > // display your page here.
> > >
> > >
> > >
> > > Doing it this way allows you to encapsulate this into a function:
> > >
> > > // defined in, say, "user_mgmt.inc"
> > > function enforce_login($bounce_page)
> > > {
> > >     if( !isset($_SESSION['chk_uid']) ||
> > >         ($_SESSION['chk_uid'] == ''))
> > >     {
> > >         Header("Location: $bounce_page");
> > >     }
> > > }
> > >
> > >
> > > Now your page is just
> > >
> > > <?php
> > >
> > > require('user_mgmt.inc');
> > > enfore_login('register.php');
> > >
> > > // display your page here.
> > > ?>
> > >
> > >
> > > If you want to whittle it down one more line, you can do this
interesting
> > > trick:
> > >
> > >
> > > <?php  // filename: "valid_user"
> > > session_start();
> > >
> > > if( !isset($_SESSION['chk_uid']) ||
> > >     ($_SESSION['chk_uid'] == ''))
> > > {
> > >     Header("Location: $bounce_page");
> > > }
> > > ?>
> > >
> > >
> > >
> > > Now your page is just
> > > <?php
> > >
> > > require 'valid_user';
> > >
> > > // display your page here.
> > >
> > >
> > >
> > > hth,
> > >
> > > nik
> > >
> > >
> >
> >
> >
>
>


Message #4 by "Nikolai Devereaux" <yomama@u...> on Mon, 14 Oct 2002 16:59:41 -0700
no problem!  As always, I'm glad to help out.

  Return to Index