Mega Code Archive

 

Categories / Php / User Management

 

Authentication the Easy Way

//save this file as //index.php <?php //this uses sessions - see the php manual if you are confused on this part session_start(); //start session //see the php manual for the reasons on the SID part ?> <html> <head> </head> <body> <form method="POST" action="sendto.php?<?=SID?>"> <? //setting the error messages to match the type of error //this message is if no username/password pair is entered if ($error==1){ echo "<font color=\"#FF0000\" face=\"arial\" size=\"2\">"; echo "Invalid Login - Please try again"; echo "</font>"; echo "<br>"; session_destroy(); } //this message is if the wrong username/password pair is entered if ($error==2){ echo "<font color=\"#FF0000\" face=\"arial\" size=\"2\">"; echo "Unauthorized Access - Please Login"; echo "</font>"; echo "<br>"; session_destroy(); } //this message is if the cookie has expired if ($error==3){ echo "<font color=\"#FF0000\" face=\"arial\" size=\"2\">"; echo "Session has expired - Please Login"; echo "</font>"; echo "<br>"; session_destroy(); } //setting the form now for input ?> name:<br> <input type="text" name="username" size="20"> <br> password: <br> <input type="password" name="password" size="20"> <br> <input type="submit" value="Submit" name="B1"> <br> <input type="reset" value="Reset" name="B2"> </form> </body> </html> //end //**************************************** //save this file as //sendto.php <?php //this file is the gateway file. dont put anything to display here, because it is meant as a reroute session_start(); //start the session //i used an include file for all of my db stuff, makes it a LOT easier for creating new pages include("includedb.php"); //added this part because if someone hits submit with the username/password boxes empty, you could get in //so i set the string length to less than two, but you can use any number you wish - its dependent //on how long your usernames and passwords must be $loginstr="$username"."$password"; $loginstrlen=strlen($loginstr); if ($loginstrlen<2){ //confused on headers? see the manual //this means - go to index.php Header("Location: index.php"); $error = 1; session_register("error"); } //this part is from phpbuilder.com if (@$username && @$password) { $res = @mysql_query("SELECT username,password FROM $connectdb1 WHERE username='$username' AND password='$password'"); if(@mysql_num_rows($res) != 0) { Header("Location: pageone.php"); $verified_user = $username; $verified_userpw = $password; session_register("verified_user"); session_register("verified_userpw"); //setting a cookie to expire in 60 seconds (you can change it) //this will not let someone do something after a certain amount(60 seconds) of inactivity // //change the domain to match yours //or else you will have problems //dont forget to use two .'s setcookie("time",$PHPSESSID,time()+60,"/",".mydomain.com",0); } else { //if you are bad, you go back and reenter your password, mister! Header("Location: index.php"); $error = 1; session_register("error"); } } ?> //**************************************** //save this file as //header.php <? session_start(); //db stuff $connection = mysql_connect("localhost","mydb","mydb") or die ("Could not connect to the MySQL Server"); $db = mysql_select_db("mydb", $connection) or die ("Unable to select database."); $connectdb1="users"; $res = @mysql_query("SELECT username FROM $connectdb1 WHERE username='$verified_user' AND password='$verified_userpw'"); if(@mysql_num_rows($res) == 0) { Header("Location: index.php"); $error = 2; session_register("error"); } //using our good friend cookie here $time=$HTTP_COOKIE_VARS["time"]; $timesl=strlen($time); if($timesl<1) { Header("Location: index.php"); $error = 3; session_register("error"); } //if no problems, reset the cookie to expire 60 seconds from now //see the above file about the domain thing here setcookie("time",$PHPSESSID,time()+60,"/",".mydomain.com",0); ?> //**************************************** //save this file as //includedb.php <? //simple db connect //used for sendto.php //remove this next line if you are having problems - ssc955s 6/20/2001 session_start(); $connection = mysql_connect("localhost","mydb","mydb") or die ("Could not connect to the MySQL Server"); $db = mysql_select_db("mydb", $connection) or die ("Unable to select database."); $connectdb1="users"; ?> //**************************************** //save this file as //pageone.php <?php //add the db stuff include("header.php"); //for testing purposes, you can see what the username/password is, and i added the //this is page one part so you can reference the page //all of this part is unecessary echo "this is page one"; echo "<br>Your username is: "; echo $verified_user; echo "<br>Your password is: "; echo $verified_userpw; //add your database query here $sql1 = "SELECT color FROM $connectdb1 WHERE username=\"$verified_user\""; $sql_result1 = mysql_query($sql1,$connection) or die ("Cant do sql1"); while ($row = mysql_fetch_object($sql_result1)) { $color=$row->color; } //you can add whatever you like from this point on ?> <br> You did good. this is pageone.php. now go to <a href="pagetwo.php">pagetwo.php</a> <hr> <? //i added a variable to output echo $color; ?> <hr> <? //adds the logout button include ("logoutform.php"); ?> //**************************************** //save this file as //pagetwo.php <?php //add the db stuff include("header.php"); echo "i knew you could do it!"; echo "<br>"; //add your database query here $sql1 = "SELECT color FROM $connectdb1 WHERE username=\"$verified_user\""; $sql_result1 = mysql_query($sql1,$connection) or die ("Cant do sql1"); while ($row = mysql_fetch_object($sql_result1)) { $color=$row->color; } //you can add whatever you like from this point on ?> <br> You did good. this is pagetwo.php. now go to <a href="pageone.php">pageone.php</a> <hr> <? //i added a variable to output echo $color; ?> <hr> <? //adds the logout button include ("logoutform.php"); ?> //**************************************** //save this file as //logout.php <?php //pretty easy, you are done //and kill all the variables //aka hiding the evidence session_start(); //sending you to a custom 'buh-bye' page Header("Location: bye.php"); $verified_user = " "; $verified_userpw = " "; session_register("verified_user"); session_register("verified_userpw"); session_destroy(); ?> //**************************************** //save this file as //logoutform.php <?php echo " <form method=\"POST\" action=\"logout.php\"> <input type=\"submit\" value=\"Logout\"> </form> "; ?> //**************************************** //save this file as //bye.php <?php //custom 'buh-bye' page echo "thanks for visiting"; echo "<br>"; echo "<a href=\"index.php\">Login Again</a>"; echo "<hr>"; echo "bet you would like to try to get back into page one without logging in, huh?"; echo "<br>"; echo "go ahead and try, but don't say I didn't warn you!!"; echo "<br>"; echo "<a href=\"pageone.php\">pageone.php"; ?> //thats it. //not terribly sophisticated, but it does work //you can combine this with other things on this site //to develop a cool system