Developing a Simple CMS Application with GridlessBuilder.js

Step 4: Securing Page

Example file: example4.php.

We need to prevent our page from being edited without authorization. In this step, we prepare a login page that performs a user check. You can try the example by opening login.php from your browser.

Please login using:

Email: you@example.com
Password: 123

In our final CMS project, you will be able to change the default login email and password.

http://localhost/mysite/login.php

The login page is querying a table called users to check if a user exists. If it exists, two session variables will be set:

  • $_SESSION[‘userid’] will be set with the user id
  • $_SESSION[‘authorized’] will be set to true.

Please note that, actually you can use a single $_SESSION[‘userid’] variable to indicate that a user has logged-in, but for flexibility and future improvement, we also have $_SESSION[‘authorized’]. This can be used for further authorization, for example: only the author can edit the page, etc. 

We will not show the login.php code here. It basically contains a simple HTML form and an sql query for checking users table.

Now we can check the user session on our page to see if a user has logged in.

session_start(); 
$authorized = false;
if(empty($_SESSION['userid'])==false) {
	$authorized = $_SESSION['authorized'];	
}

Here we have an $authorized variable that can have values true (user logged-in) or false (user not logged-in). Then we modify our previous code by adding $authorized variable in the checking before entering editing mode:

<?php if($authorized && $edit=='y'){ ?>
<link href="dist/gridlessbuilder.css" rel="stylesheet" type="text/css" />
<?php } ?>

<?php if($authorized && $edit=='y'){ ?>
<script src="assets/lang/en.js"></script> 
<script src="dist/gridlessbuilder.min.js"></script>
...
<?php } ?>

If logged-in:

http://localhost/mysite/example4.php?edit=y

For the complete code and to try the example, please open in your browser: example3.php. If you have logged-in, you can enter the editing mode using the querystring example4.php?edit=y. But if not logged-in, you will only see the page in viewing mode.

If not logged-in:

http://localhost/mysite/example4.php?edit=y

Note: to logout, you can open logout.php. This page will simply clear all the sessions.

Step 3: Separating Viewing & Editing Mode

Step 5: Using AJAX to Submit Content

About | Privacy | Delivery & Return

Copyright © 2021 Insite Mitra Inovindo. All Rights Reserved.

situs slot situs slot situs slot situs slot situs slot situs slot situs slot situs slot situs slot situs slot situs slot situs slot situs slot situs slot situs slot slot gacor slot gacor slot gacor slot gacor slot gacor slot gacor bengbengtoto bengbengtoto bengbengtoto bengbengtoto bengbengtoto bengbengtoto toto slot toto slot cahayatoto cahayatoto cahayatoto jual toto jualtoto balaitoto mpo slot toto togel toto togel toto togel toto slot toto slot toto slot indosattoto toto slot indosattoto indosattoto jualtoto toto slot cahayatoto Nagihtoto Balaitoto Balaitoto Bengbengtoto Balaitoto Balaitoto Balaitoto Mineraltoto Mineraltoto Mineraltoto Mineraltoto Nagihtoto Mineraltoto indosattoto indosattoto ohtogel ohtogel indosattoto Indosattoto Nagihtoto