Admin Script

[DannLea]

So, I'm going to get right to the point.

Here's what I need:

I need a script in PHP which will allows ONE user to log in.
When they log in, I need them to redirect to edit.php
I need edit.php to be non-accessible to anyone who isn't logged in.

Now, if you can only do that, I would be greatly greatly pleased, and owe you my biggest thanks.

If you can ALSO do the following, though, I would be so much more thankful.

On edit.php , I need a few forms. They are as follows:

Date #1
Content #1
Date #2
Content #2

Basically I need it so when you type in the date in Date #1, it changed the date displayed on another page. When content #2 is edited, the 'Content #2' will change in the other page.

If you would also like the name of the page that will be edited by edit.php, it will be called events.php

I'm not even sure if you can do all this with PHP, but I would prefer if you just made the script for me and .zip'd it.. I don't know much PHP but I learn very quickly from looking at scripts and can edit them fairly easy.. I would be extremely thankful to anyone who can get this for me.. I know it's a lot to ask, but I am trying to help out a non-charitable organization for their website, and although everything I'm asking can be done without what I'm asking for, it would be much easier on the people I am making this website for if they could just log in and change the content and date rather than having to edit the source file over and over again.

I'm thinking I will need MySQL database set up to do all this, so I've already done that.


Thanks in advance either way, if you can or can't do it. I am just happy you've looked at this post and tried.

Thanks,
Dann

[Stevish]

This may not be something that someone will just whip up for you, but after a bit of practice and research, it might not be too hard!

I have recently made a large database program, and learning all the security techniques and session handling and all that (stuff you'll need even if there's only one user) took me the better part of a month. I'll try quickly to help you out though:

First, you need a password field (you might not need a username field since there is only one user, but it might help with security).

You can set up edit.php like this:

PHP Code:

<?php
session_start();
if($_SESSION['logged_in'] == true) {
   //Show date #1, content#1 fields, etc
} elseif($_POST['pass']) {
   //Login magic goes here
}
   //Show password field
}
?>

This is the basic idea for a single script login session. This doesn't take into account security from session hijacking, expiring sessions, etc.

The first thing you'll need to understand is the session variable. You can use that to tell your system whether or not the user is logged in, as well as any information that needs to be passed from page to page.

The second thing is the "login magic". This isn't really magic and can be very simple:

PHP Code:

<?php
if(md5($_POST['pass']) == "f3354d24ac563bc3dfe2363980fe0b6a")
   $_SESSION['logged_in'] = true;
?>

This looks at the variable set in this html form...

HTML Code:

<form action="edit.php" method="post">
   <input type="password" name="pass" />
   <input type="submit" value="Log In" />
</form>

If the md5 hash of that variable is the same as the md5 hash of the correct password, then the session variable will be set. Note here that using an md5 hash is for security (since it is a one-way hash and cannot be reversed) to hide your password. However, a plain md5 hash is very insecure, and you should look up secure hashing methods on google if you have the time.

Now, the form to edit the content will need to interact with the mysql database, and there are even more security concerns that enter here. You should become familiar with mysql syntax and the php mysql_ functions. I need to be getting to bed, so I will let someone else talk about mysql if there is anyone so kind.

I think you are asking a lot of a forum community to make an entire script for you. A better method would be to start working on it with the information that you already know, and ask for help on specific things whenever you get stuck. A lot of people on here would be happy to help with any little problems when you get stuck, but you ask a lot of someone to take the time to make a whole script for you.

I hope my code has been helpful in getting you started. Goodnight.

[DannLea]

Alright, thank you very much then. I greatly appreciate the help!

I will begin researching MySQL and PHP commands for MySQL.. I'll try to figure it out on my own this time, but the stuff you've given me so far seems to me exactly what I'm looking for for the majority of the login.

Again, many thanks for the help!

Thanks,
Dan