Website with login area

TomStutt

Senior Member
Hi all

I have a question about the best way to do something. I have a friend who is a DJ, but he also has other DJ's do gigs.

What he wants a new site designed but a login area for all the other DJ's. This is so they can see booking details, times, venues of where they are supposed to be.

My question is... Whats the best way to do this with the login area?

Cheers Tom
 
Will each person need their own personal area, like user accounts? Or will there be one calendar that many people view?
 
Hmmm, s'a bigger job than I know how to do, not being a programmer and all. It'll need a hefty chunk of DB stuff. *cough* Jaz *cough*.
 
what about if it was 1 login that they all use that goes to a calendar. they can then click on the gig they are doing and it brings up a pdf of all the details.
 
Problem there is would a DJ want other DJs (potential competition) having that level of access to their upcoming gig details?
 
ummmm I suppose. Ok. Is there a way of creating a folder as part of the site that gets uploaded with the site that is password protected. then each dj could have their own folder and mike(the main guy) could just put stuff in there as and when he likes.
 
There isnt a budget at the moment. Just wondering how to do it.

I doubt there will be a budget. Il be doing it for a good friend so it will prob be for not much at all.
 
Right here goes if you need help with the coding let me know.
Well we can do it 2 ways depending on how well you are with a database.

We need a form to add new users, I strongly suggest this is only done via your mate in his secure section I'll talk you through that, if not we will need heavier security protocols in place.

If we are doing a DB solution we create a table in a DB. In that table add fields for name and hash.

First off start by creating this user register form.
Simple form as we wont need loads of info asking for username, password and to re-type the password.

When that is submitted we then enter a new row in the DB setting the name to the users name and the password to: password + a key phrase, this can be anything lets go with "My monkey is called Jack and he speaks french". We then hash this and store the hash in the DB under the hash row.

If your mate is the only one inputting it in and it is in his section then we can count the data as clean if this is open/not in his secured section we need to bring in cleaning TBH.

Right next, this will become clear with the hashing.

We create a simple template page for what they would see once they are logged in.
So what ever you want really we will taylor it to their needs in a bit.

Now that is done we create the login.
Now again it depends on the type of info about how secure you want to go. HSBC banking kind of secure, MOD kind of secure or basic level let me know and we'll implament the security.

Here though as there wont be any sensitive info to protect I will go with my level of basic as I'm a paroniod freak who lives in the dark rocking back wards and forwards holding a basball bat in my hands it may be a but more than basic.

So we create another form this time login.
Here we ask for user name and password.

When the form is submited we then add to the password our pharse ~
So:

$pass1=strip_tags($_POST['password']);
$pass2=$pass1."My monkey is called Jack and he speaks french"

So if you entered mike54
Our new password to test would be
mike54My monkey is called Jack and he speaks french

Still with me?
We then hash the pass2 variable, pull the hash from the DB and test to make sure they match. If they match they are the same and thus it is the correct password.

If it is not we reload the page saying:
The username and or password you entered could not be recognized.

That way to a hacker we give nothing away put PHP sleep function on the page reloading say 30seconds and there goes any brute force attack. Ideally I would set a counter and if they got to say 3 log them out for 24 hours so even if they got the password corect they would still be out that would make hacking nigh on impossible but that ouwld requirre changing our current set up with the DB.

So if it is we set 2 session variables one saying what their name is so we can taylor the admin section to them another random one to test to make sure they are logged in.

Again something like: My horse has a foot instead of a hoof

The point of the random names is just to make them harder to break TBH. We could write: kfhdsjhjhjkgfhdjkghhieruijh128 as that would do the same thing but as I said I sit in the dark so perfer the sentance approach.

Then redirect them to the login admin section.

Now on the login admin section we test for the random session variable if this is present we allow the page to continue if not we redirect them to the log in form. That bit needs to go as the first bit of code on every page you need securing.

We then taylor the page to them.

For example.
Hello <?php echo $_SESSION['name'];?>
or
<?php If($_SESSION['name']=="AdminHenry"){ //Henry being your mate ?>
<a href="new-user.php">Add a new user</a>
<a href="event-user.php">Add a new Event</a>
<a href="delete-user.php">Delete a new user</a>
<?php }?>

That way only your mate will get the link to add a new user to the DB.

If you want the dates to be set in a DB then your client will need another form where he can chose which user is in the DB and then add new dates.

We then get the dates and display them.

So something like

SELECT dates FROM events WHERE user='Norman'

Now on all the admin pages your mate can change you have to admend the log out redirect script to include a test for your mates session name and if that is not present log them out and delete thier session, set a email up to your mate informing them that the user that tried to access the DB editing pages tried to do it and put a permant ban in his DB row that your mate has to approve to unlock. Again that would need another form to do that, another DB row and another test at the login page.

And wella one basic login area we can get more insane if you really want to on the security front as I class that as basic TBF, up to you.

Now if your DB skills are not up to scratch then well we can do this however.

Have all the passwords in a line on the login page in PHP or whatever then test the username and password and see if it matches any of them, I've done this before on here look through my posts or use DF's search engine to find login and it should bring my code up.

Same thing then if there is a match set the sessions and test. Now though we need to create a page for each user and instead of redirecting them to a global admin page and change certain areas of it we send them to a page just for them.

Obvioulsy in my eyes that is a lot of work but if you need help let me know.

Jaz
 
Back
Top