Weโre starting down the road of PHP mcrypt encryption and decryption methods for a Membership Website, today establishing three webpages (that might be all you need to know โฆ weโll see) โฆ
- mcrypt_login
php webpage handles โRegisterโ and โLoginโ (button functionalities) โฆ and that, if successful will navigate the user to โฆ
- mcrypt_first_nonlogin
php webpage can be your template โฆ
<?php
// mcrypt_first_nonlogin.php
// RJM Programming
// December, 2018
// Thanks to //php.net/manual/en/function.mdecrypt-generic.php
session_start();
if ($_SESSION['username']) {
echo "<!doctype html><html><head><title>Registration and Login via PHP Mcrypt - RJM Programming - December, 2018</title></head><body><p>Here at first non-login page.</p><br><br><input onclick=\" location.href='./mcrypt_logout.php'; \" type=button style=background-color:red; value=Logout></input></body></html>";
} else {
echo "<!doctype html><html><head><title>Registration and Login via PHP Mcrypt - RJM Programming - December, 2018</title></head><body onload=\" location.href='./mcrypt_login.php?redirectto=' + encodeURIComponent(document.URL); \"></body></html>";
}
?>
โฆ for any non-login page, that offers a โLogoutโ button โฆ that calls โฆ - mcrypt_logout
php webpage to clear the $_SESSION[] of the successful Login session, ready for another, as the user requires
Donโt we need to mention a database or cookies or localStorage here? Well, not really, because we self-contain the login data into the inaccessible (to the outside world) PHP code itself, getting the PHP to update itself on a successful click of the โRegisterโ button. That PHP updating of itself uses โฆ
โฆ in amongst its avoidance of showing any real username or password anywhere, even if that โanywhereโ place is inaccessible to the world anyway. In these terms why donโt you try out mcrypt_loginphpโs live
run to see what we mean (and if you do not feel like adding your own Registration you can use โRobertโ and โtesting_timesโ as a Login here). As you examine the PHP codesets above, see how $_SESSION[โusernameโ] usage stops a user coming into mcrypt_first_nonlogin
php (and try that for yourself here if you like) without logging in.
Then, perhaps, compare and contrast to previous (PHP) Registration thinking in Registration via Captcha Primer Tutorial below.
Previous relevant Registration via Captcha Primer Tutorial is shown below.
We, pretty obviously, spoke too soon, yesterday, that that was it, or words to that effect, with this topic, and that is no wonder, as it covers a lot of territory.
Up to now, weโve restricted its scope, hugely, by saying there are only โadminโ users and โguestโ users involved with โฆ
โฆ the idea that the โThings That We Have in Commonโ far outweigh the things that divide us, and present some ideas here โฆ
โฆ because with a real blog or CMS or social media scenario there are real users with real needs that it is preferable to cater for with real software โฆ so even though we are still just theoretical here, short of a full blown website, letโs get onto the topic of โregistrationโ. โRegistrationโ is the creation of a new user registered with your web application, that you see a lot of, all over the web.
Ideally you register a real human user, though we would really enjoy any Martian to register (for free, plus a prize of one free Earth Bar) โฆ but we digress. So today we channel the tutorial of yesterday to go over the top with CAPTCHA again. In fairness to CAPTCHA, though, the best place to use it is during login and/or registration procedures.
What are the changes that phpMyAdmin helps us with regarding the database โฆ well, with regard to the `rusers` MySql table we have we append to the pre-existing โฆ
- username
- password โฆ columns, the new โฆ
- usertype
โฆ because, respectively, `email` is great to use both for what it is, and as a database uniqueness constraint method, and `usertype` is where we define our new list of user types, namely โฆ
- admin โฆ the only real type up to now โฆ but, as of today, specifiable (in addition to โguestโ users) are โฆ
- registered
- subscriber
โฆ and ask the user what they want to be out of those last two. We donโt do so much different here, but we just want to show you today an approach to organize yourself regarding compartmentalizing this โreal worldโ real user thinking that is a bit like โshelling peasโ once all this is set up โฆ and modularizable and job-assignment-to-a-worker-friendly because you get to a one PHP set of code per one user type scenario, once youโre finished.
As you might imagine the biggest changes today are to our login.php rather than to member.php and moderator_captcha.php (the main changers yesterday) โฆ
Here is the login PHP code for all registered users you could call loginphp with its admin user useful live
run, changed a lot from previously to handle registration and more varied user types thisway.
Here is the member PHP code that follows the login(.php) page you could call memberphp changed a little (but very importantly) from yesterdayโs work thisway to restrict its usage to โadminโ user types.
Here is new template like PHP code (nirvana for PHP Membership Website Primer Tutorial) for registered users you could call registeredphp
Here is new template like PHP code (nirvana for PHP Membership Website Primer Tutorial) for subscriber users you could call subscriberphp
We found two great book sources researching these blog posts, particularly regarding the subject of โmembershipโ. They are โฆ
- PHP and MySql Web Development by Luke Welling, Laura Thomson
- Professional PHP Programming by Jesus Castagnetto, Haeish Rawat, Sascha Schumann, Chris Scollo, Deepak Veliath โฆ chapter 20
Finally, here is a liverun link that interfaces this to the moderation ideas of previous days.
Previous relevant Moderation by Captcha Primer Tutorial is shown below.
In our โonions of the 4th dimensionโ world we have an onion layer of thought today regarding โmoderationโ.
Let me just quietly ask? Are you a robot? Mr Turing posed this very fundamental question some time back. But the fact is, a lot of visitors to just about everybodyโs website are robots (shock! โฆ horror!), else how else would Search Engines get updated information, but to โcrawlโ your website (as I say this, forgot to say how blogs like WordPress ping Search Engines), man person.
And just to get in (really) early (with the way modern technology is shaping) โฆ โNot that thereโs anything wrong with being a robotโ (if only Seinfeld had watched Humans โฆ Jerry?! George?!).
So letโs talk about CAPTCHA, which we have not capitalized in the blog title, because we hate shouting too much here. It is a way to try to verify the web application is dealing with a real human being, as we intimated above. As such, you may want to consider it a replacement for โmoderationโ, but this is not advisable, because, alas, not all the nasty stuff on the net can be attributed to robots โฆ far from it. But it is a good idea up to a point. My personal objection to its use revolves around the disturbance of usage for some disabled users, though am sure there are really sophisticated CAPTCHA plugins for all the scenarios out there.
Todayโs work places a CAPTCHA layer on top of all four previously talked about modes of โmoderationโ, as per โฆ
- no moderation โฆ even this needs a server side language, in our eyes, because you will be changing a server side webpage for all users
- email (or sms or voicemail or any direct communication method) moderation โฆ ask for an admin user of the website to change things after having emailed them โฆ this is the one we showed three days back โฆ and please feel free to try your own entries
- moderate via a (web server) database with posting statuses such as โAwaiting Moderationโ, โPublishedโ, โTo Be Deletedโ โฆ this is the one we showed yesterday โฆ and, yet again, please feel free to try your own entries
- moderate via a system of (web server) files with posting statuses such as โAwaiting Moderationโ, โPublishedโ, โTo Be Deletedโ โฆ this is the one we showed two days back โฆ and, again, please feel free to try your own entries
- only moderate to either of the four above after having gone through a CAPTCHA test that the user is not a robot โฆ this is the one we show today
To get the PHP CAPTCHA functionality going we thank this very useful link from โThe Art of Webโ website. Its precise and clever advice creates the imagery required to present a CAPTCHA image to the user that contains five digits for the user to enter to verify to the web application that they are human. The web application CAPTCHA logic is applied to all the method=POST forms used (and a new form was encased around the โprivate moderationโ (ie. no moderation) case) via the HTML formโs โฆ
... onsubmit="return checkForm(this);" ...
โฆ validation method.
So, for the last time, today, we pose the idea that the โThings That We Have in Commonโ far outweigh the things that divide us, and present some ideas here. We offer, and encourage you to email us your ideas on the topic or use the file moderation method, and weโll moderate them within 24 hours. With todayโs file moderation method you are given the opportunity to login and โmoderateโ your own work but as you will recall from yesterday with โฆ
CAPTCHA does not affect user roles going forward. In all these scenarios we present, where we donโt ask anything of you (ie. no registration), except an email address, presumably, you can be thought of as a โฆ
- โguestโ user โฆ though in strict terms the word โguestโ usually implies that there is a user registration involved โฆ which we do not do here today โฆ but to read a bit about this you could read PHP Membership Website Primer Tutorial โฆ as distinct from โฆ
- the emailee of the โguestโ user will be an โadminโ user โฆ one who can offer the means to moderate the uploaded data, and, as approved, write that data to a place where it will be picked up and included in the contents of the webpage(s) involved โฆ hence the term โContent Management Systemโ
โฆ you, as a โguestโ user will not succeed with this โadminโ user login to โmoderateโ, but the mechanism is there for real โadminโ users, as is a โgetโ parameter method like our โ?admin=yโ idea, with most blogs and CMS websites.
Here is the downloadable PHP code you could call moderation_captchaphp with its live
run and changed from yesterdayโs work thisway.
Here is the login PHP code for the admin section you could call loginphp with its admin user useful live
run, unchanged from yesterday.
Here is the PHP code login(.php) uses to connect to the MySql database you could call db_connectphp unchanged from yesterday.
Here is the member PHP code that follows the login(.php) page you could call memberphp that handles, so far, the โbusiness logicโ for file moderation as of yesterday and the admin user follow up to reading the email and approving the email moderation, of two days back, as well as todayโs extended MySql database functionality, is not needing to change from yesterdayโs work regarding CAPTCHA.
Previous relevant Moderation by MySql Database Primer Tutorial is shown below.
Todayโs the day we tackle some database โmoderationโ ideas. You will recall from yesterdayโs Moderation by File Primer Tutorial as shown below, that โmoderationโ is associated with blogs and Content Management Systems and social media as a means by which uploaded content can be vetted, or not, during a โmoderation phaseโ for a posting of some sort.
This can involve, in our eyes, quite a few options, none of which would not involve a server-side solution of some sort โฆ
- no moderation โฆ even this needs a server side language, in our eyes, because you will be changing a server side webpage for all users
- email (or sms or voicemail or any direct communication method) moderation โฆ ask for an admin user of the website to change things after having emailed them โฆ this is the one we showed two days back โฆ and please feel free to try your own entries
- moderate via a (web server) database with posting statuses such as โAwaiting Moderationโ, โPublishedโ, โTo Be Deletedโ โฆ this is the one we show today โฆ and, yet again, please feel free to try your own entries
- moderate via a system of (web server) files with posting statuses such as โAwaiting Moderationโ, โPublishedโ, โTo Be Deletedโ โฆ this is the one we showed yesterday โฆ and, again, please feel free to try your own entries
- only moderate to either of the four above after having gone through a CAPTCHA test that the user is not a robot
So today we are still here posing the idea that the โThings That We Have in Commonโ far outweigh the things that divide us, and present some ideas here. We offer, and encourage you to email us your ideas on the topic or use the file moderation method, and weโll moderate them within 24 hours. With todayโs file moderation method you are given the opportunity to login and โmoderateโ your own work but as you will recall from yesterday with โฆ
The major lesson today, for us, is to show you the brilliance of phpMyAdmin as the administrator back-end to a MySql database. Some of the great features of phpMyAdmin we used to get to this point are โฆ
- phpMyAdminโs great ability to export (to SQL, most usefully) the structure, in terms of โCREATE TABLEโ type SQL and/or data of existant database tables as a useful way to help design your own new database tables
- phpMyAdminโs ease of use of the usual DML SQL functionality
- phpMyAdminโs ease of use of the usual DDL SQL functionality for the creation of users and the granting or denial of user priviledges, and drop and truncate functionalities
We still have the two basic web user roles going today. In this scenario, where we donโt ask anything of you (ie. no registration), except an email address, presumably, you can be thought of as a โฆ
- โguestโ user โฆ though in strict terms the word โguestโ usually implies that there is a user registration involved โฆ which we do not do here today โฆ but to read a bit about this you could read PHP Membership Website Primer Tutorial โฆ as distinct from โฆ
- the emailee of the โguestโ user will be an โadminโ user โฆ one who can offer the means to moderate the uploaded data, and, as approved, write that data to a place where it will be picked up and included in the contents of the webpage(s) involved โฆ hence the term โContent Management Systemโ
โฆ you, as a โguestโ user will not succeed with this โadminโ user login to โmoderateโ, but the mechanism is there for real โadminโ users, as is a โgetโ parameter method like our โ?admin=yโ idea, with most blogs and CMS websites.
You will recall yesterday that ideas from PHP Membership Website Primer Tutorial came into play with the use of web server files and today its functionality is even more important with some MySql database work to follow up on phpMyAdmin database setup preparation. It screens โadminโ users from the rest, ensuring you can write your fully functional database PHP free in the knowledge that the user is logged in as an โadminโ user.
Here is the downloadable PHP code you could call moderationphp with its live
run and changed from yesterdayโs work thisway.
Here is the login PHP code for the admin section you could call loginphp with its admin user useful live
run, unchanged from yesterday.
Here is the PHP code login(.php) uses to connect to the MySql database you could call db_connectphp unchanged from yesterday.
Here is the member PHP code that follows the login(.php) page you could call memberphp that handles, so far, the โbusiness logicโ for file moderation as of yesterday and the admin user follow up to reading the email and approving the email moderation, of two days back, as well as todayโs extended MySql database functionality, is changed from yesterdayโs work thisway.
Previous relevant Moderation by File Primer Tutorial is shown below.
We continue on with โmoderationโ ideas today, as with WordPress 4.1.1โs Moderation by File Primer Tutorial. You will recall from yesterdayโs Moderation by Email Primer Tutorial as shown below, that โmoderationโ is associated with blogs and Content Management Systems and social media as a means by which uploaded content can be vetted, or not, during a โmoderation phaseโ for a posting of some sort.
This can involve, in our eyes, quite a few options, none of which would not involve a server-side solution of some sort โฆ
- no moderation โฆ even this needs a server side language, in our eyes, because you will be changing a server side webpage for all users
- email (or sms or voicemail or any direct communication method) moderation โฆ ask for an admin user of the website to change things after having emailed them โฆ this is the one we showed yesterday โฆ and please feel free to try your own entries
- moderate via a (web server) database with posting statuses such as โAwaiting Moderationโ, โPublishedโ, โTo Be Deletedโ
- moderate via a system of (web server) files with posting statuses such as โAwaiting Moderationโ, โPublishedโ, โTo Be Deletedโ โฆ this is the one we show today โฆ and, again, please feel free to try your own entries
- only moderate to either of the four above after having gone through a CAPTCHA test that the user is not a robot
So today we continue to pose the idea that the โThings That We Have in Commonโ far outweigh the things that divide us, and present some ideas here. We offer, and encourage you to email us your ideas on the topic or use the file moderation method, and weโll moderate them within 24 hours. With todayโs file moderation method you are given the opportunity to login and โmoderateโ your own work but as you will recall from yesterday with โฆ
This brings up the topic of web user roles. In this scenario, where we donโt ask anything of you, except an email address, presumably, you can be thought of as a โฆ
- โguestโ user โฆ though in strict terms the word โguestโ usually implies that there is a user registration involved โฆ which we do not do here today โฆ but to read a bit about this you could read PHP Membership Website Primer Tutorial โฆ as distinct from โฆ
- the emailee of the โguestโ user will be an โadminโ user โฆ one who can offer the means to moderate the uploaded data, and, as approved, write that data to a place where it will be picked up and included in the contents of the webpage(s) involved โฆ hence the term โContent Management Systemโ
โฆ you, as a โguestโ user will not succeed with this โadminโ user login to โmoderateโ, but the mechanism is there for real โadminโ users, as is a โgetโ parameter method like our โ?admin=yโ idea, with most blogs and CMS websites.
The reason we didnโt need these PHP Membership Website Primer Tutorial ideas yesterday was that no web server files had to be written at that stage, but today they do, and we canโt let any โguestโ user do it, so we find that MySql database work via the wonderful and enormously stupendous phpMyAdmin comes into play, and weโll talk more about this tomorrow, when databases are used for all aspects of our final โmoderationโ via database discussion.
Here is the downloadable PHP code you could call moderationphp with its live
run and changed from yesterdayโs work thisway.
Here is the login PHP code for the admin section you could call loginphp with its admin user useful live
run.
Here is the PHP code login(.php) uses to connect to the MySql database you could call db_connectphp
Here is the member PHP code that follows the login(.php) page you could call memberphp that handles, so far, the โbusiness logicโ for file moderation and the admin user follow up to reading the email and approving the email moderation, of yesterday.
Previous relevant Moderation by Email Primer Tutorial is shown below.
The term โmoderationโ is associated with blogs and Content Management Systems and social media as a means by which uploaded content can be vetted, or not, during a โmoderation phaseโ for a posting of some sort.
This can involve, in our eyes, quite a few options, none of which would not involve a server-side solution of some sort. Weโll think on this further (maybe Ajax?!), but some of the ideas for moderation would be โฆ
- no moderation โฆ even this needs a server side language, in our eyes, because you will be changing a server side webpage for all users
- email (or sms or voicemail or any direct communication method) moderation โฆ ask for an admin user of the website to change things after having emailed them โฆ this is the one we show today โฆ and please feel free to try your own entries
- moderate via a (web server) database with posting statuses such as โAwaiting Moderationโ, โPublishedโ, โTo Be Deletedโ
- moderate via a system of (web server) files with posting statuses such as โAwaiting Moderationโ, โPublishedโ, โTo Be Deletedโ
- only moderate to either of the four above after having gone through a CAPTCHA test that the user is not a robot
So today we pose the idea that the โThings That We Have in Commonโ far outweigh the things that divide us, and present some ideas here. We offer, and encourage you to email us your ideas on the topic, and weโll moderate them within 24 hours. The mechanism, today, is via you, the user, sending us here, at RJM Programming, an email.
This brings up the topic of web user roles. In this scenario, where we donโt ask anything of you, except an email address, presumably, you can be thought of as a โฆ
- โguestโ user โฆ though in strict terms the word โguestโ usually implies that there is a user registration involved โฆ which we do not do here today โฆ but to read a bit about this you could read PHP Membership Website Primer Tutorial โฆ as distinct from โฆ
- the emailee of the โguestโ user will be an โadminโ user โฆ one who can offer the means to moderate the uploaded data, and, as approved, write that data to a place where it will be picked up and included in the contents of the webpage(s) involved โฆ hence the term โContent Management Systemโ
โฆ and so, in the scenario of โno moderationโ โguestโ users circumvent the moderation part of the โadminโ user role and, in some automated (programming) way, with a language like PHP and a database like MySql, be able to get their uploaded content straight onto the webpage(s) of interest. So, sometimes you see โno moderationโ but a CAPTCHA (robot) check, as the scenario of use.
Of interest, too, is the nature of the uploaded data. Is it โjust textโ or โcan it contain imagesโ or โcan it contain videosโ etcetera. Today, we are just allowing text.
Here is the downloadable PHP code you could call moderationphp with its live
run.
If this was interesting you may be interested in this too.
If this was interesting you may be interested in this too.
If this was interesting you may be interested in this too.
If this was interesting you may be interested in this too.
If this was interesting you may be interested in this too.
If this was interesting you may be interested in this too.