Step 4: Securing Page

Example file: example4.php.

We need to prevent our page from being edited without authorization. In this step, we prepare a login page that performs a user check. You can try the example by opening login.php from your browser.

Please login using:

Email: you@example.com
Password: 123

In our final CMS project, you will be able to change the default login email and password.

http://localhost/mysite/login.php

The login page is querying a table called users to check if a user exists. If it exists, two session variables will be set:

  • $_SESSION[‘userid’] will be set with the user id
  • $_SESSION[‘authorized’] will be set to true.

Please note that, actually you can use a single $_SESSION[‘userid’] variable to indicate that a user has logged-in, but for flexibility and future improvement, we also have $_SESSION[‘authorized’]. This can be used for further authorization, for example: only the author can edit the page, etc. 

We will not show the login.php code here. It basically contains a simple HTML form and an sql query for checking users table.

Now we can check the user session on our page to see if a user has logged in.

session_start(); 
$authorized = false;
if(empty($_SESSION['userid'])==false) {
	$authorized = $_SESSION['authorized'];	
}

Here we have an $authorized variable that can have values true (user logged-in) or false (user not logged-in). Then we modify our previous code by adding $authorized variable in the checking before entering editing mode:

<?php if($authorized && $edit=='y'){ ?>
<link href="dist/gridlessbuilder.css" rel="stylesheet" type="text/css" />
<?php } ?>
<?php if($authorized && $edit=='y'){ ?>
<script src="assets/lang/en.js"></script> 
<script src="dist/gridlessbuilder.min.js"></script>
...
<?php } ?>

If logged-in:

http://localhost/mysite/example4.php?edit=y

For the complete code and to try the example, please open in your browser: example3.php. If you have logged-in, you can enter the editing mode using the querystring example4.php?edit=y. But if not logged-in, you will only see the page in viewing mode.

If not logged-in:

http://localhost/mysite/example4.php?edit=y

Note: to logout, you can open logout.php. This page will simply clear all the sessions.

About | Privacy | Delivery & Return

Copyright © 2021 Insite Mitra Inovindo. All Rights Reserved.