Blogging with PHP and MySQL

Question

I've been following a tutorial to make a blog in PHP and MySQL. But at the end of the tutorial, the finished blog lets any user who comes to the website edit the categories and post. What would be the best way to limit certain portions of the website to myself? I've thought of a login system where only I can login, or there might be a way in .htaccess. Any suggestions?

score 1 · Answer 1 · edited May 23 '17 at 11:47

1

Build your own ACL layer, check the web for resources but this link should be a good starting point

Implement ACL in PHP - Stackoverflow

edited May 23 '17 at 11:47

Community

1
1

answered Apr 30 '12 at 11:38

Packet Tracer

3,884
4
26
36

Ami · Accepted Answer · 2012-04-30T12:07:13.203

Take a look at PHP sessions.

You'll need some list of users to authenticate against. If this is a database, create a Users table, with columns username and password.

At the beginning of every page you put start_session(). This retains the session between pages.

Create a login page and link. On the login page, you authenticate the passed in username and hashed password against your list of users. If the user passes authentication, you add a session variable that stores which user is logged in. Also, regenerate the session ID after login to prevent session hijacking.

On every page that requires member access, you check to ensure the user is logged in. If not, you redirect them to the login page.

If you use .htaccess to setup HTTP basic authentication, you'll want to block just the pages that allow the user to edit the blog.

Consider adding SSL (HTTPS) in either case, otherwise, login credentials can be stolen if people are on an open network.

score 0 · Answer 3 · answered Apr 30 '12 at 11:16

0

Both ways you mention can work.

Or you can just install a robust, secure, feature full blog. For example http://wordpress.org

answered Apr 30 '12 at 11:16

Gavriel

18,880
12
68
105

score 0 · Answer 4 · answered Apr 30 '12 at 12:19

Make a user login module and use session check for that place for example user logged in and his you store his user id or something in $_SESSION['is_user'] then check for private content

if(isset($_SESSION['is_user'])){
//Show
} else {
//Redirect to login page
}

score 0 · Answer 5 · answered May 23 '13 at 19:01

I think first alter the links to post editing page and use a login system .

sample code,

save file as : login.php

<form method="post">
name : <input name="name">
password : <input name="name">
<button> login </button>
</form>
<?php 
session_start();
define('name','your name');
define('password','your password');
if($_SERVER['REQUEST_METHOD'] == "post"){
if($_POST['name' == name && $_POST['password'] == password){
$_SESSION['logged_in'] = 'yes';
header('location:admin.php'); //you can change this
}
}
?>

score -1 · Answer 6 · answered Apr 30 '12 at 11:30

-1

If you want a personal blog or similar thing, it's better use one that is supported by the community, you don't need reinvent the whell, use your time for something more productive.

The choices that you have are:

Wordpress, he has a big community and great documentation. http://wordpress.com/
Habari, the big thing of habari is that is designed using OOP. http://habariproject.org/en/

answered Apr 30 '12 at 11:30

Yago Riveiro

727
13
28

That's not the solution of problem :p – Mohit Bumb Apr 30 '12 at 12:16
DRY, if someone did this before, you can save time do other things. The problem in self is the question, why he needs to do this...? but ok, if he need to do access control list, Zen have a good library, the Zen_ACL. – Yago Riveiro Apr 30 '12 at 14:04

Blogging with PHP and MySQL

6 Answers6