Jump to content

[SOLVED] help with authentication

meomike2000

By meomike2000
in PHP Coding Help

 Share

Recommended Posts

meomike2000 Member

meomike2000

Posted
Posted

I need some help getting started with a way to authenticate users as they sign on with there username and password. can somebody please point me in the right direction where i can find more info related to this.

 

i have a php script that allows input of username and password and then checks them against values in another script. not sure that is the correct way.

 

i also am currently using  <directory/my/directory/here></directory> style of authentication in apache config for my secure directory. this works and is secure, but is not very pleasing to the eye.

 

thanks mike.....

 

Link to comment
Share on other sites
phpdragon Member

phpdragon

Posted
Posted

use sessions for authentication,

1 - Create a form to accept user name value and password value

2 - POST this form to your authentication script similar to the following, in this instance i am authenticating using users in a database, from a table called users.

<?php session_start();
include("data_connect.php");

$sql = "SELECT * FROM users WHERE user='" . $_POST['user'] . "' AND pass='" . $_POST['pass'] . "' AND status='active'";
$result = mysql_query($sql);

if ($result_row = mysql_fetch_array($result)) {
$_SESSION['user'] = $result_row["user"];
$_SESSION['type'] = $result_row["type"];
$_SESSION['userID'] = $result_row["userID"];
}

mysql_close($link);

if ( ! in_array ( $_SESSION['type'], array ( 'admin', 'reseller' )) )
{
header ( 'Location: login_error.php' );
exit ();
} else { header ( 'Location: user_control.php' ); }
?>

3. BE SURE to put

<?php if ( ! in_array ( $_SESSION['type'], array ( 'admin', 'reseller' )) )
{
header ( 'Location: login_error.php' );
exit ();
} ?>

at the top of every page you want these 2 authenticated type of users on.

 

This script relocates to login_error.php if user is not an admin or reseller user, and procedes to the first authenticated page if they are.

You can modify the user types to suit yourself as long as they match you DB

Link to comment
Share on other sites
phpdragon Member

phpdragon

Posted
Posted

actually i did make an error but the header redirect is in the right spot, what i did forget tho is the session_start() tag which must be before anything else so the top of the page you want authentication on should be:-

 

<?php session_start();
if ( ! in_array ( $_SESSION['type'], array ( 'admin', 'reseller' )) )
{
header ( 'Location: login_error.php' );
exit ();
} ?>

 

That will redirect you if you are not an authenticated user, the header tag needs to be before the html, hence why this is at the top of every page to be authenticated on, before any html output

 

Regarding the connecting to a database possibly because you are outputting html after the connection, if you see i am outputting global session variables which are not part of any html until requested.

 

Link to comment
Share on other sites
phpdragon Member

phpdragon

Posted
Posted

Also seeing I have implemented a login authentication system here I should note you also need a logout system aswell the following code will destroy the session and redirect you back to the main index.php page

 

<?php
session_start();
$_SESSION = array();
session_destroy(); 

header("Location: index.php");
?>

Link to comment
Share on other sites
meomike2000 Member

meomike2000

Posted
  • Author
Posted

i figured this out, you can use header as long as there is no other output before it. the input form and sql query have to be on separate pages with no out put till you either get to the correct page you are logging into or get to the error login page.

 

thanks a bunch mike......

Link to comment
Share on other sites
phpdragon Member

phpdragon

Posted
Posted

You can have it on the same page as the form, as I can see you have it down at line 129, what you do is you put it at the top of the page and only check it if submit button used, something like this,

 

<?php session_start();
if (isset($_POST['submit'])) {
include("data_connect.php");

$sql = "SELECT * FROM users WHERE user='" . $_POST['user'] . "' AND pass='" . $_POST['pass'] . "' AND status='active'";
$result = mysql_query($sql);

if ($result_row = mysql_fetch_array($result)) {
$_SESSION['user'] = $result_row["user"];
$_SESSION['type'] = $result_row["type"];
$_SESSION['userID'] = $result_row["userID"];
}

mysql_close($link);

if ( ! in_array ( $_SESSION['type'], array ( 'admin', 'reseller' )) )
{
header ( 'Location: login_error.php' );
exit ();
} else { header ( 'Location: user_control.php' ); }
}
?>
// add page and form here

 

and then as the action of the form action='<?php $_SERVER['PHP_SELF']?>'

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.