Registration and authorization on the site

Greetings! There was such a question on the way to perfection in php …
So I made a page design, made a layout for it, now I need registration, I made a registration with a muscle with a userstable, where all registered visitors are recorded, now the question arose of how to make reading come from the database this table usersand an unauthorized person could not see the contents of the page? What code should be placed?

Something like this require_once("security_mod.php");at the top of the main page, and in the security_mod.phpfile, the content would be:

<?php 
  ///////////////////////////////////////////////////
  //   HTTP-Basic 
  // 2003-2005 (C) IT- SoftTime (http://www.softtime.ru)
  //  .. ([email protected])
  ///////////////////////////////////////////////////
  //     
  require_once("config.php");
  //     - 
  if(!isset($_SERVER['PHP_AUTH_USER'])) 
  { 
    Header("WWW-Authenticate: Basic realm=\"Admin Page\""); 
    Header("HTTP/1.0 401 Unauthorized"); 
    exit(); 
  } 
  else 
  { 
    //   $_SERVER['PHP_AUTH_USER']  $_SERVER['PHP_AUTH_PW'],
    //    
    if (!get_magic_quotes_gpc())
    {
      $_SERVER['PHP_AUTH_USER'] = mysql_escape_string($_SERVER['PHP_AUTH_USER']);
      $_SERVER['PHP_AUTH_PW'] = mysql_escape_string($_SERVER['PHP_AUTH_PW']);
    }
    $_SERVER['PHP_AUTH_USER'] = str_replace("'","`",$_SERVER['PHP_AUTH_USER']);
    $_SERVER['PHP_AUTH_PW'] = str_replace("'","`",$_SERVER['PHP_AUTH_PW']);
    $query = "SELECT pass FROM userlist WHERE name='".$_SERVER['PHP_AUTH_USER']."'";
    $lst = @mysql_query($query); 
    //    SQL- -  
    if(!$lst)
    {
      Header("WWW-Authenticate: Basic realm=\"Admin Page\""); 
      Header("HTTP/1.0 401 Unauthorized"); 
      exit(); 
    }
    //     -  
    if(mysql_num_rows($lst) == 0)
    {
      Header("WWW-Authenticate: Basic realm=\"Admin Page\""); 
      Header("HTTP/1.0 401 Unauthorized"); 
      exit(); 
    }
    //    ,   
    $pass = @mysql_fetch_array($lst);
    if(md5($_SERVER['PHP_AUTH_PW']) != $pass['pass'])
    {
      Header("WWW-Authenticate: Basic realm=\"Admin Page\""); 
      Header("HTTP/1.0 401 Unauthorized"); 
      exit(); 
    }
  }
?>

The question is, I don’t like this type of site password protection, it blocks the entire site, not the content in particular… I need to password protect part of the site… Help…


Answer 1, authority 100%

how-to-close-an-unregistered-user-page

php-authorization
Both links are available if you enter authorization in the search.


Answer 2

Well, connect only on the page you need, or put it in a function
and call at the right place and use branches, if not authorized then issue the text and the login form
post else
And the content output


Answer 3

4 Lessons on Creating a Website Registration in PHP + MySQL

here I advise you to read it is written everything is available and with examples.


<?php
if (!empty($_SESSION['login']) and !empty($_SESSION['password']))
{
//      ,      
$login = $_SESSION['login'];
$password = $_SESSION['password'];
$result = mysql_query("SELECT * FROM users WHERE login='$login' AND password='$password'",$db);
$myrow = mysql_fetch_array($result);
$classindex = "current_page_item";
//    
}
else {  //        ,     
header('Location: /index.php');
exit;
}
?>


Answer 4

Make a variable in the session, for example $_SESSION[‘logging’], and set it to 1 when the user logs in.
Further, when displaying content that you want to close, just check whether there is such a variable and whether it is equal to one. As a result, the entire site will be available without logging in, and the necessary information will be hidden.