jmr3460 Posted April 12, 2009 Share Posted April 12, 2009 I am looking for a way to password protect my admin pages for multiple users. I was thinking that I can use a DB table with username and password as values. I think that if a form is not set then echo a form that is a username and password. I think that it would need to set a cookie to authorize the same pages as long as they are in the same browser session. Can anyone help? Link to comment https://forums.phpfreaks.com/topic/153791-password-protect-my-admin-pages/ Share on other sites More sharing options...
lewisstevens1 Posted April 13, 2009 Share Posted April 13, 2009 Well im not sure if this will help you. but i done something like that. I first added a file called connect2.php where i had like my connection functions to connect then i created simple html doc called main_login.php where i just used input fields for the data <input name="myusername" type="text" id="myusername"><input name="mypassword" type="text" id="mypassword"> then created a new file called checklogin.php <?php require_once 'connect2.php'; // username and password sent from form $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" session_register("myusername"); session_register("mypassword"); header("location:login_success.php"); } else { echo "Invalid Username or Password"; } ?> then created a doc called login_success.php <? session_start(); if(!session_is_registered(myusername)){ header("location:http://www.whatever.com ?> then for the logout i used <? session_start(); session_destroy(); header("location:http://www.whatever.com"); ?> something like that i think. Link to comment https://forums.phpfreaks.com/topic/153791-password-protect-my-admin-pages/#findComment-808265 Share on other sites More sharing options...
lewisstevens1 Posted April 13, 2009 Share Posted April 13, 2009 Did it work? Link to comment https://forums.phpfreaks.com/topic/153791-password-protect-my-admin-pages/#findComment-808281 Share on other sites More sharing options...
jmr3460 Posted April 13, 2009 Author Share Posted April 13, 2009 I am still working on it I seem to be getting an error with the $count: $count=mysql_num_rows($result); Can you help? Then it says that user and password not valid. Could it also be the fact that I have not created my login_success.php or my logout yet. Are these files the ones that redirect my to the actual page that I am protecting? Link to comment https://forums.phpfreaks.com/topic/153791-password-protect-my-admin-pages/#findComment-808309 Share on other sites More sharing options...
jmr3460 Posted April 13, 2009 Author Share Posted April 13, 2009 OK I am looking at another script. I have got it to where I redirects me back to my login page. I can't find out why it will not go though to my secret page. I think that it is not detecting the right password but I don't know to find that out. This is my codes: <?php //check for required fields from the form if ((!isset($_POST["username"])) || (!isset($_POST["password"]))) { header("Location: index.html"); exit; } //connect to server and select database $host = 'localhost'; $username = 'simplic5_jmr3460'; $password = 'freedom98714'; $database ='simplic5_users'; $mysql = mysql_connect($host, $username, $password); mysql_select_db($database); //$mysqli = mysql_connect("$host", "$username","$password","simplic5_users"); //create and issue the query $sql = "SELECT f_name, l_name FROM auth_users WHERE username = '".$_POST["username"]."' AND password = PASSWORD('".$_POST["password"]."')"; $result = mysql_query($sql) or die(mysql_error($mysql, $sql, $result)); //get the number of rows in the result set; should be 1 if a match if (mysql_num_rows($result) == 1) { //if authorized, get the values of f_name l_name while ($info = mysql_fetch_array($result)) { $f_name = stripslashes($info['f_name']); $l_name = stripslashes($info['l_name']); } //set authorization cookie setcookie("auth", "1", 0, "/", "localhost", 0); //create display string $display_block = " <p>".$f_name." ".$l_name." is authorized!</p> <p>Authorized Users' Menu:</p> <ul> <li><a href=\"secretpage.php\">secret page</a></li> </ul>"; } else { //redirect back to login form if not authorized header("Location: index.html"); exit; } ?> <html> <head> <title>User Login</title> </head> <body> <?php echo "$display_block"; ?> </body> </html> This code will always take me back to my index.html page which is my original login page. Can anyone help. Link to comment https://forums.phpfreaks.com/topic/153791-password-protect-my-admin-pages/#findComment-808354 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.