Ready to watch this entire course?
Become a member and get unlimited access to the entire skills library of over 4,900 courses, including more Business and personalized recommendations.Start Your Free Trial Now
- View Offline
This course was updated on 6/12/2012.
- Understanding dynamic versus static content
- Adding PHP commands to web pages
- Setting and outputting variables
- Using server-side includes
- Creating PHP custom classes
- Adding the Zend Framework to a PHP installation
- Creating a MySQL database
- Adding data in phpMyAdmin
- Building recordsets
- Formatting dynamic data
- Building data entry forms
- Authenticating users
- Deploying a dynamic site
Skill Level Intermediate
Once you've created a login form for your web site, you can then protect individual pages so that only users who have logged in can view them. For this demonstration, I'll use the file explorerlist.php in the explorers folder, under the chapter 8 site root. With the file open on the screen, I'll go to the menu and choose Insert > Data Objects > User Authentication. From there, I'll choose Restrict Access To Page. On this screen, I am asked to check whether a user has already logged in.
You can either choose to protect based on a username and password or a username, password, and access level. I'll use the default setting, and that means that anybody who is logged in will be able to view the page. Then for users who haven't logged in, I'll indicate which page I want them to see. I'll browse, make sure I'm at the site root, go to the login folder, and choose my login form, login.php, and then I'll click OK. I'll save my changes, and I'll run the page in the browser.
And now, instead of going to the page I requested, I am sent to the Log In form. If you're working on Mac and you're having trouble previewing the file, go back to the first video in this chapter and make sure you followed the instructions for updating your database connection. It might be that you're having trouble connecting to the database. Let's take a look at the code that was generated. I'll go back to the page in Dreamweaver and look at Code View. Up at the top of the page, there is a bunch of new PHP code. Here are some of the critical pieces.
This conditional code block checks to make sure that a session has been started. The nature of a session is that it tracks a particular user, as long as they keep their browser open. Information is passed from page to page using something called a cookie. You don't need to worry about how this works; it's all handled automatically by PHP and the browser. But it is important to note that in PHP any page that you need to protect or any page that you need to put information into the session must call the session_start function.
Once that function has been called, this session associative array known as $_SESSION is created. And so this expression is set, $_SESSION returns true, if the session has started and false if it hasn't been. The rest of the code examines whether the current user has logged in, and then indicates with this variable, MM_ restrictGoTo, which page should be navigated to if the login fails. That's pretty much it.
If you want to apply this page restriction to all of your pages, you could copy this PHP code block, starting here at line 2, and going down to the end of the code block at line 46 into a separate PHP file, and then you could include that file in all of your other pages throughout the web site. I'm going to keep this demonstration focused on a single page though, so that we can see how the code that's generated by Dreamweaver works in its default state.
Now, to complete the cycle, I'll preview the page in Firefox. And now, I am going to log in with my user name and password, explorerone and password, and I'll click Submit. As long as I keep the browser open, I'll be able to navigate around throughout the web site. I can go to the Insert form and back. I can click Delete and delete a record, and I can also update data. If I close the browser though, and then restart the page, I'll see that my session has started over, and I am sent back to the Log In form.
Again, you can either protect each page individually, or you can take this generated code that to remove your places at the top of a page, move it into its own PHP file and then include it in all the pages that you want to protect. The default behavior is that any user who is logged in at all can see the protected pages, but you can also apply access levels, if you desire, to create a more granular security model.