User/Member area/page

I have written a simple member management system for my site using sessions. I have the login, logout, etc. all working fine. However I need to understand the concept behing having member pages.

Basically I’ll have to type of users on my site, host and visitors/users. The host will have pages that they can maintain and broadcast and visitors/members can view the host pages based on whatever host they select. How do I go about making individual areas for each host upon their login? Sort of like a myspace system; but NOT, since I hate myspace.

Thanks.

If you have a definition of which logged in user is a host, you could use a simple if statement to echo extra options for them, which are not shown to visitors.

Yes, I distinguish a host from a user. I store the member type in the database and in a global variable. When a host logs in I direct them to their control panel where they can maintain settings. Below is the code for the host control panel usercp.php, but I’m not sure if I need to do something login specific to make sure host can only see their own control panel and users cannot see the control panel at all. After login I direct host to usercp.php and I pull user specifc information from the database for the logged in user. Regular members are sent to the site’s index page.

[php]<?php
session_start();
ob_start();
require_once($_SERVER[‘DOCUMENT_ROOT’].’/db_connect.php’);
require_once($_SERVER[‘DOCUMENT_ROOT’].’/global.php’);

//check cookie
if ($_SESSION[‘logged_in’] != 1 && isset($_COOKIE[‘login_cookie’])) {
list($user, $pass) = explode(’[]’, $_COOKIE[‘login_cookie’]);
$qu = mysql_query(“SELECT user_password FROM hgl_members WHERE username = '”.addslashes($user)."’") or die(mysql_error());
if (mysql_num_rows($qu) == 1) {
$passw = mysql_fetch_object($qu);
if ($passw->user_password == md5($pass)) {
$_SESSION[‘logged_in’] = 1;
$_SESSION[‘username’] = $user;
$_SESSION[‘password’] = $pass;
}
}
}

if(!isset($_SESSION[‘username’]) && !isset($_SESSION[‘password’])) {
$_SESSION[‘logged_in’] = 0;
$user = “Guest”;
echo $html_cpheader;
echo ‘You are not logged in and do not have access to this area.’;
echo $html_cpfooter;
} else {
echo $html_cpheader;
//I will do user specific database read/writes here
echo $html_cpfooter;
}
?>[/php]

*MOD Edit - For readability.

Okay, so how is that different from what you want?

This code is mainly from a tutorial, and I altered it. I’m just making sure this is all I need to do. I’m not sure if this is the widely accepted method, or if there is a industry standard and more secure way to go about this etc…

Also, this is just the host’s control panel, I also want the host to broad cast a personal page that visitors can view. I’m not sure how to go about the process of having individual host pages. I know it’s just a matter of using the host user_id in some manner and then indexing the host pages for visitors to choose a hosted page to visit. I’m having trouble drawing the line between the host’s own panel and the host’s public page.

Any help of links to tutorials would be appreciated.

P.S. My issue with learing a new programming language is that I always feel that I am using old sytax and approaches and that I’m not following industry standards.

The only thing I’d really change about that code is:

[php]if(!isset($_SESSION[‘username’]) && !isset($_SESSION[‘password’])) { [/php]

to:

[php]if(!isset($_SESSION[‘username’]) || !isset($_SESSION[‘password’])) { [/php]

Other than that, I’d suggest for you to read that code carefully, and understand what it’s doing. Industry standards are overrated when programming PHP, and innovative approaches to tackle problems are a good way to go. So is having it reviewed to make sure you’re not leaving any security holes btw

Thanks