<%@LANGUAGE="JAVASCRIPT" CODEPAGE="1252"%> Overseas Telecommunications Veterans Association (Australia)

Member Admin Area

Create a new member login - http://www.otva.com/member_registration.php

Delete an existing member login - http://www.otva.com/member_delete.php

Update an existing member expiry date - http://www.otva.com/member_status_update.php

List all usernames in the database - http://www.otva.com/memer_listall.php

Web page security description.

Following is a brief description of how pages on this web site can be restricted to viewing only by registered members of the association.

By using PHP scripts together with a MySQL databse a reasonable level of security has been implemented on this web site. The My SQL database (called "users") on the web site stores the user names and encrypted passwords for all registered members. All the web files files with a file extension of PHP with the instruction <? include 'member_auth.php'; ?> in the first line of code are secured by the password system. In fact all the PHP security scripts have this line inserted so only a regisered user can view and use these scripts. Following is a list of the scripts in the security system and their use:

  1. "member_admin.php" - This page you are reading now. It also has links to pages to add and delete logins.
  2. "member_auth.php" - This script looks on the members computer for a cookie created when they login. If the cookie exists the member is allowed to view the page, if the cookie is missing they are redirected to the error page - "member_notloggedon.html".
  3. "member_bibi.php" - displayed when members logout
  4. "member_delete.php" - deletes a login from the database.
  5. "member_logon.html" - this pages displays a form for the member to enter their username and password and then calls "member_logon.php" to validate the login.
  6. "member_logon.php" - validates the username and password at member login. The script checks the entered login information with the username and password stored in the database, if they match a cookie is created on the member's computer and the script "member_ok.html" runs.
  7. "member_logout.php" - runs when members click on "logout' on the web site menu. The script modifies the time in the cookie to the past so the cookie on the member's computer is destroyed.
  8. "member_notloggedon.html" - displays a warning when accessing secure pages without first logging in.
  9. "member_ok.html" - displays a message when members log in ok.
  10. "member_registration.php"- script to register new logins. Adds new usernames and encrypted passwords to the database.
  11. "member_status_update.php" - script to update the member "expiry date" field in the member database. This field is checked during the logon process and will advise members at logon if they are unfinancial.
  12. "member_unfinancial_login_ok.html" - shown at successful logon if the member is unfinancial.

All the PHP scripts are quite well commented internally to explain their operation. To password protect an existing HTML page simply edit the HTML page and insert the code <? include 'member_auth.php'; ?> into the first line, then save the document with a PHP file extension and delete the old HTML file. To unprotect a document reverse this procedure.