Are you after a website overseen by a membership arrangement involving usernames and passwords?
“Oh well … but how about you over there?”
“No … oh … well … but it stands to reason in our street there’s bound to be one.”
Yes, a membership website is a common sight (and site … chortle, chortle), and a common requirement on the internet. You can just display information without it, sure, but if you want interaction from a known user, then you’ll want to involve a membership website.
Today we start you off with those login basics of a username and password, and get as far as a webpage arrangement for non-login pages that acts a lot like a template … but we are not calling it this … though you can turn it into a template scenario should you wish.
Anyway, the work is in PHP, and when we started considering it with reading of these two great books …
- PHP and MySql Web Development by Luke Welling, Laura Thomson … chapter 27
- Professional PHP Programming by Jesus Castagnetto, Haeish Rawat, Sascha Schumann, Chris Scollo, Deepak Veliath … chapter 20
… we saw that there was an alternative idea to the old HTML form element POST (or perhaps GET) method idea … so that we considered both …
- HTTP 401 authorization method (with MySql database)
- HTML form POST method (with MySql database)
… and it became apparent after a while that option 2 was a lot better way to go … though the HTTP 401 authorization method could be useful, accidentally, if by some weird arrangement you are happy to allow access to a functionality by one successful login until that browser is closed (plus some perhaps?).
Okay, but let’s concentrate on option 2 because it allows for more personal control, rather than relying on Apache (web server) concepts.
With both options, actually, you can, with a simple requirement, think of (a lot of) the (core of the) job as …
- login page is the landing page and establishes user credentials
- non-login pages (even the page of the natural web flow (ie. navigation) after the login page, which we called a member page), in simplified thinking, can all start out looking very similar, with the one difference being the answer to “what is the next page called in the natural web flow?”
… so that non-login pages must be supplied a mechanism to prove that the login page (successfully negotiated) has preceeded them … look into the use of ideas such as …
- PHP $_SESSION variables
- form POST settings via the calling webpage
- form GET settings via the calling webpage
- web browser cookies
- perhaps the whole job can be achieved using Ajax techniques and not leaving the login webpage
… and we used the “form POST settings via the calling webpage” as our mechanism of preference.
The proof of the pudding of a reasonable working website arrangement is to type into the address bar one of the “non-login pages” and see what happens … there is a difference in thinking, for my mind between …
- navigating within the normal working web flow (ie. not using the address bar URL at any time other than to get to the “login page”)
- using the address bar URL to jump to somewhere (as we are suggesting with the test above)
… and we’ve made it with the PHP code logic that if the second method happens, they’ll be forced to login again to continue, though can see that this is a debatable behaviour, as you may wish them to be able to do this and not have to login again. One thing is for certain though, and that is that they should not have to login again with “navigating within the normal working web flow” if they have already successfully logged in, unless you introduce a timer that makes the session peter out after a certain time. We haven’t got one of these timers, here, today, but you’d probably want to use a PHP $_SESSION arrangement to make this happen.
So why not try the “HTML form POST method (with MySql database)” membership website arrangement as a live run at live run? (Hint: username=myuser password=mypassword)
We’ve done those skeletal codings for 3 pages, but the difference between the second and third is negligible (I feel a template coming on?!) …
- login.php (PHP source code login.php) is the landing page that is helped along by db_connect.php (as an include file handling the connection to the MySql database), calling in the normal web flow …
- member.php (PHP source code member.php) is the page to go to after logging on, for our web application at least, calling, next, in the normal web flow …
- next.php (PHP source code next.php) is a “next” page (whose nextagain.php proposed web page was not written … but see what happens trying to go here) that is so very similar to member.php as per this link
… as you may have seen, a lot of the work occurs with the membership “logging on” logic.
Of course it must be said that there are many worked through websites out there in “Open Source” land (such as on GitHub or SourceForge repositories), and you may wish to go down that route. Sometimes, though, it is good to work through issues yourself to help aid understanding, and you may want to augment the words of this blog posting with a view of tutorial slides of a slideshow here.
If this was interesting you may be interested in this too.