Customer Control Panel?

**Buddha** · 05-20-2004, 08:23 PM

Originally posted by Jonathan

Hmm, I think I'm gonna stop using PHP-Nuke (annoying as hell)
and get off my lazy @$$ and custom-code a site for it.

Go for it! Just remember time is money and the learning curve is steep which can get expensive.

Obviously I'd want some sort of CCP, where a user
can submit a support-ticket, request status of account,
request cancelation/upgrade of an account.

Not very much, but I'm not sure even
how to do the support-ticket part; the
request status, cancelation/upgrade of an account I can do.

Might start with the core functions login, logout, register, sessions, forgot password, etc.

Anybody got some tips/hints/help,
and/or links to (a) tutorial(s)?

Check out Shiflett's articles: http://shiflett.org/articles/
Check out Sitepoint's articles: http://www.sitepoint.com/subcat/php-tutorials

Tip: Adapt or develop a coding style and STICK TO IT!

**Skky** · 06-10-2004, 08:40 PM

I agree, start with the login system first. I'm going to assume you are going to use PHP (since that is the only server-side language I know well). First of all, read up on how PHP sessions work in the manual at php.net.

PHP sessions store information in a similiar fashion as cookies, only the data is stored on the server instead of the client's computer. Only one cookie is stored on the user's machine, a unique random string of characters that identifies them called the "Session ID". Anyways... here is an example of a basic script that could be used as the basis for a secure control panel system. (note: I wrote this out really fast, there may be syntax errors, little things missing, ect. Hopefully it will give you an idea of how it works, though.)

Code:

<?php /*-- index.php --*/

// no page was specified.. bring them to some default main page

if (!isset($_GET['page'])) {
    $_GET['page'] = 'home';
}

// Start session function... required when using PHP sessions

session_start();

// check if user is logged in.  If so, load requested page, else show login form.

if (isset($_SESSION['uid'])) {   // user is logged in
     include('../folder_outside_of_www/'.$_GET['page'].'.php');
}
elseif (isset($_GET['val_login'])) {  // user is trying to login
    include('path/to/val_login.php');
}
else {  // user is not logged in
     include('path/to/login_form.php');
}
?>

I generally have everyone go through this "security check" everytime a page is loaded in the control panel. To do this, I use an "include" statement in the index.php page that loads the requested page. So URLs to pages look like this: index.php?page=login (or simply "?page=login" if you are lazy) where $page = the relative path to the page you want to load. If the user is not logged in, or if the session expired, it will load the login page instead. Since the PHP files are all stored outside of the www directory, people can't bypass this security check - they must go through index.php.

Now for the login part. I would recommend you use MySQL to store user information. First you need to create a login form with a username and password field and have it lead to a script that will validate the information and create session variables for the user. I would have the form's action go through the index.php file, ( it would take the middle path in the if/elseif/else logic above) by using this URL "index.php?login_val=1". The validation script would look something like this:

Code:

<?php  // val_login.php

// Connect to database and check to see if username/password are valid

mysql_connect('localhost', $DB_user, $DB_pass);
mysql_db_select($DB_name);
$query = mysql_query('SELECT * from $DB_table WHERE (username="'.$_POST['username'].'" and password="'.$_POST['$password'].'") LIMIT 1');

if (mysql_num_rows($query)) {   // user info is valid
    
/* Lets save a couple peices of user data so we don't have to access the database for them later on.. always keep some kind of unique userID handy */

    $_SESSION['uid'] = mysql_result($query, 0, 'uid');  
    $_SESSION['firstname'] = mysql_result($query, 0, 'firstname');

/* We're done!  Let's go back to index.php and hopefully, it will let us enter the control panel */

    include('index.php');  

} else {  // user info is not valid, return error and login page
    echo '<h4 align="center">Invalid username/password</h4>';
    include('path/to/login_form.php');
}
?>

At this point, I would throw a couple dummy user accounts into the database manually and make sure it works. Then.. you can tackle creating a script that will create new users and modify existing user's information. Hopefully this wasn't too confusing.. I wrote it really quick.

PS: Paypal has a neat system called IPN (Instant Payment Notification). It allows you to automate the webhosting account creation so you don't have to manually do it in WHM. (when used with Cpanel's remote account creation interface). IPN lets you know, programmically, if the transaction was completed successfully, so you can safely let a script create a webhosting account without your intervention. I can testify that it works.. I use paypal w/IPN for my webhosting business.

In addition, you can use IPN to update a database whenever someone sends funds with paypal allowing you can keep track of when people have paid. You can then use that information for some kind of account status or billing history in the control panel.

**Jonathan** · 06-10-2004, 09:22 PM

awsome post skky

I actually managed to get
the CCP done bout a week after this post--
but this seems a little bit more simple

Also-- as for IPN, I perfer to manually
make the account to ensure nothing looks fishy

**Skky** · 06-10-2004, 09:52 PM

I don't blame you. IPN really isn't worth the effort putting together, considering how little time it takes to manually create an account. Also, testing IPN is kind of a pain, becuase you have to do live transations.. there is no test server.

Anyways, thank you for your praise and good luck on your future programming projects.

Customer Control Panel?

Customer Control Panel?

Comment

Comment

Comment

Comment