 PHP Page 2 - Authentication Scripts for a User Management Application |
Script Explained - PHPIn this article we will continue to discuss the application-wide scripts that we started to talk about in the last article. These special scripts are used by all the scripts and pages of the application. We will continue to look at the func.inc script that has several useful functions defined in it. This article is the third part of a nine-part series.
print this article SEARCH DEV SHED |
The first function checks to see if a given user has admin access. It takes one parameter, which is the user ID. It uses this id to run a query and check the user access level. First, a query is defined: function isadmin($id){ //run query to check if this user is admin $sql = "SELECT level FROM users WHERE uid='".$id."'"; Then the query is run using the mysql_query() function: $res = mysql_query($sql); Then a check is made to determine whether or not the query was successful, using the $res variable that contains the result of the query. If the result has a value, then it means that the user id is valid. In that case, the access level is retrieved: if($res){ $row= mysql_fetch_assoc($res); Next, the code checks the access level. If it is admin, then the function returns true: if($row['level'] == 'admin'){ return TRUE; }else{ Otherwise it returns false: return FALSE; } } } The next function is called the isAuthed() function. It is responsible for checking to see if a user is authenticated. It should be used on the very top of every page to ensure that anyone who accessed a particular page has the right to be there. The function takes one parameter. It essentially works by checking to see if the session variable is set. In this case, it will be the username that is set when the user logs in. Below is the code: function isAuthed($uname){ if(isset($uname)){ return TRUE; }else{ return FALSE; } } It can be used in the following way: if(isauthed){ //user is authenticated, can view the page }else{ //the user is not authenticated, redirect to login page } The function is very easy to understand. First it takes the given name and checks to see if it is set. If so, the function returns true if(isset($uname)){ return TRUE; }else{ Otherwise, the function returns false, which basically means that the username is not set; therefore, the user that is trying to access this particular page does not have the right to do so: return FALSE; The next function is called genpass(). It does not take any parameters. It is responsible for generating a random password. It will be used during the registration process, and features the following code: function genpass() { //This function generates a 7 character password $chars = "1234567890abcdefGHIJKLMNOPQRSTUVWxyz $thepass = ''; for($i=0;$i<7;$i++) { $thepass .= $chars{rand() % 39}; } return $thepass; } It is used like so: $randpass = genpass();
blog comments powered by Disqus |
|
|
|
|
|
|
|
