warning: Creating default object from empty value in /home/coredogs/public_html/modules/taxonomy/ on line 33.

Logging out


  • How to add a log out link on the admin menu.
  • The log out page gets rid of the session data.

Checking permissions


  • Every admin page checks the log in flag in the session. You can put the code in a separate file, and use the require statement to insert it.
  • Admin pages can check permission data in the session.
  • Use permission data from the session to change the admin interface. Don’t show users actions they’re not allowed to do.

The goal


  • There two parts to restricting access to Web applications: authentication and permissions.
  • Authentication is about knowing who the user is.
  • Permissions is about knowing what the user is allowed to do.
  • Create a database table with information about users, including their user names, passwords, and permissions.

Adding data


  • There are two pages for adding a record: one page with a form the user fills in, and another page that adds the user’s data to the database.
  • The SQL INSERT statement does the work.
  • Use stripslashes() to remove backslashes that PHP adds to form data.
  • Use $db->escape_string() to foil SQL injection attacks.

Logging in

You will learn that:

  • The log in form gets a user name and password from the user.
  • It sends the data to a page that checks whether the user name and password is in the database table users.
  • If the user name and password are found, permission information is stored in the session.

Storing user data


  • Create a users table in the database. It will have user names, passwords, and permission flags.
  • Good passwords have lowercase letters, uppercase letters, digits, and special characters. They don’t correspond to a dictionary word.

Saving form data to a file

See more about:


  • How to append form data to a file.
  • How to read back data from the file.
  • Know how to do some basic security stuff.

Restricting access

Learn how to restrict what different people can do on a site.


How to...