Yet another PHP User Management question. It's for an image editor, and so each user should have their own "space" i.e. user directory (USERDIR) upon signing up, and anything under that directory should be accessible to the relevant user only. Fairly simple step up but I can't seem to find the right keywords to search for a tutorial.
The way I was thinking of implementing it is having a "USERDIR" column in the MySQL db along side "USERID" and "PASSWORD" (md5 hashed) (although I understand USERDIR is a redundant key if USERIDs are also unique - is this an issue to be worried about? i.e. I could just assign the USERID as the directory name instead of generating a unique random directory name). How do I then "check" whether the user has the privileges to access their directory (i.e. how do I code it to check the sessionID/cookie checking to stop another user from going to mysite.com/USERID or mysite.com/USERDIR). I appreciate this is really basic and repetitive for some of you but I can't seem to find the relevant tutorials anywhere! Any help much appreciated.
If i understand properly, each uses has their own images that they upload and can work on and they can only work on their own images? If so i would simply append the user id of the creator onto the front of the image name, you can then just compare the first 4 or so characters of each image name to the user ID to see if the user is allowed to access it.
One way you can keep someone from getting around the login page, have your index page provide a key, then have each page include onto the index page when they call it, that way if they dont have the key it returns them to the generic index page which will force them to login.