After scrubbing the internet looking for a light-weight alternative to a full-blown CMS(Content Management System) I decided to build my own and make it available to anyone else who finds it useful.
Key Features:
- Lightweight
- Can be integrated easily into any existing html website or php site.
- Full-featured
- Has the ability to have multiple roles to gate access based on what role they have been assigned
- Usernames, real names, date fields, password validation
- Admin Area to easily manage users
Instructions:
To get started you will need to download the following package: User Portal
Then upload to your server using your preferred method. In the package is the starting database with the application administrator.
- Username is admin@userportal.com, password is 12345678
- To get started create a database and import the sql file. Keep track of your database name, database user you assign and the password you created for that user as you will need to update the lu_config.php to reflect these details.
- Once you have the userportal database created and update your config file, go to the log in page which should be yourdomain.com/userportal/.
- Log in using the default admin above. Once logged in create a new user. After creating the user, go back in to your database, delete the admin user, and change the roleID for the user you just created to 0. This finishes the initial setup of the application. (This user should not appear when users are listed with the way the application is set up to check, this is on purpose)
- At this point you are ready to install this to your web site. all files you will be protecting/managing will need to be php files (i.e. page.php instead of page.html) and you will add this code to the top of all of them:
<?php
// Initialize the session
ob_start();
session_start();require_once ‘source/lu_connect.php’;
$loggedin=$_SESSION[“username”];
// If session variable is not set it will redirect to login page
if(!isset($_SESSION[‘user’]) || empty($_SESSION[‘user’])){
header(“location: index.php”);
}elseif($_SESSION[‘role’]==0){
header(“location: lu_admin/index.php”);
}
// Uncomment below and modify to detect for other conditions for page access
/**
elseif($_SESSION[‘role’]==0){
header(“location: lu_admin/index.php”);
}
**/
// select all user detail
$res=mysqli_query($conn, “SELECT * FROM users WHERE user_id=”.$_SESSION[‘user’]);
$userRow=mysqli_fetch_array($res);
?>
- This simply checks for the session from logging in if it is a valid one.
- The main_hub.php is included as an example and is set up to be page ready, simply replace the html portion after the php code with the code from your site if you wish, or play around with it to get an idea of what to do. By default it is simply a basic page saying hello to the logged in user.
The Detailed Options:
- Now, the part that helps manage the users:
- In order to change the method of checking, the piece of code to modify is this:
-
// Uncomment below and modify to detect for other conditions for page access
/**
elseif($_SESSION[‘role’]==0){
header(“location: lu_admin/index.php”);
}
**/
-
- You always want to check for the session for user, however if you want to check for other types of roles (the default is roles 1-4) you would add:
- $_SESSION[‘role’]==role number (replace role number with the appropriate role) you can also use any other operator, such as < > !=, etc to get a range of roles.
- change the header(“location: index.php”); to whatever page you would like to redirect to, by default this is set to the log in page.
- You can also add the logout button to any page (styling will be ultimately determined on what you prefer) by adding the following to any page:
-
<a href=’../logout.php’ class=’float’ role=’button’><img src=’images/logout.png’ height=’32’ width=’32’ title=’Logout’></a>
- if this is on any page other than the base userportal directory or root of your website, you will need to change src=’images/logout.png’ to src=’../images/logout.png’
-
- In order to change the method of checking, the piece of code to modify is this:
It’s really that simple to protect your site or manage it as a simple alternative to a full-blown CMS.
In the admin interface you can manage your users and add new ones, there’s not much else needed. If anyone has any suggestions or ideas feel free to contact me via this site.
Hope you guys find this useful as I created it because I really did not want to have to install anything large like wordpress or drupal (or any other large content management site) and thought this was a lightweight alternative to allow people to integrate one into their own existing website.
If you want an idea of this in action, go to https://www.lucidmusic.tk/access/ to see it integrated.