Home arrow PHP arrow Page 4 - Building an E-Commerce Site Part 2: Managing Users with Sessions

User Management and Privileges - PHP

This is the second article in a three-part series dealing with using PHP 4 and MySQL to make a comprehensive e-commerce storefront solution. This article covers session management within the store, user privileges, and a few security concerns.

  1. Building an E-Commerce Site Part 2: Managing Users with Sessions
  2. Assumptions and Requirements
  3. Primer on Sessions
  4. User Management and Privileges
  5. Step 1: Creating the Users Table
  6. Step 2: Extracting the New Scripts
  7. Step 3: General Script Changes from Tutorial 1
  8. Step 5: User Scripts
  9. Step 6: A Note on Security
  10. Step 7: Putting It All Together
By: Ying Zhang
Rating: starstarstarstarstar / 33
May 16, 2000

print this article



Okay, we've spend enough time on PHP4's session management, all you really need to get out of that was the two functions session_start() and session_register(). Let's get back to the issue of keeping track of users.

PHP can help us keep track of sessions, and group requests from the same session together. Now, we have to do our part and associate user accounts with these sessions. We will use a variable called SESSION["user"] to keep track of user information. When a user logs in, we will put their information into this variable. As long as this variable is defined, we will assume that a user has logged in. When a user logs off, we will clear out this variable.

Specifically, we will keep the following information about the user:

  • SESSION["user"]["username"] This is the user's login ID (their nick name if you will), and it is how we tell users apart from each other.
  • SESSION["user"]["firstname"] The user's firstname.
  • SESSION["user"]["lastname"] The user's lastname.
  • SESSION["user"]["email"] The user's email address.
  • SESSION["user"]["priv"] The user's privilege level.

Let's talk a bit about the privilege levels. We are going to have two levels of security: (1) normal customers and (2) administrative users. Normal customers can use the system, browse through the catalog, and do other customer functions. Administrators can do everything a normal user can do, but also has the ability to perform system administrative functions (e.g. everything from part 1 of this guide). In real life, there are probably many more privilege levels that you want defined but we are going to keep things simple here.

This is all fine and dandy, but where do we get this user information from? We need to have a way to store all the users on the system, and the perfect place for that would be in the database. We're going to create a users table to hold all our users.

>>> More PHP Articles          >>> More By Ying Zhang

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort


- Hackers Compromise PHP Sites to Launch Attac...
- Red Hat, Zend Form OpenShift PaaS Alliance
- PHP IDE News
- BCD, Zend Extend PHP Partnership
- PHP FAQ Highlight
- PHP Creator Didn't Set Out to Create a Langu...
- PHP Trends Revealed in Zend Study
- PHP: Best Methods for Running Scheduled Jobs
- PHP Array Functions: array_change_key_case
- PHP array_combine Function
- PHP array_chunk Function
- PHP Closures as View Helpers: Lazy-Loading F...
- Using PHP Closures as View Helpers
- PHP File and Operating System Program Execut...
- PHP: Effects of Wrapping Code in Class Const...

Developer Shed Affiliates


Dev Shed Tutorial Topics: