miesnerd Posted July 9, 2009 Share Posted July 9, 2009 So I'm being forced to learn a little about PHP (which I wanted to learn) on a much more condensed timeframe in order to do a project for school. I'd like to restrict the ability to register for the website to only people from a certain school (so they'd have to use their school email) so it would only allow joeblow@school.edu as opposed to joe blow's hotmail, gmail, yahoo, etc account. At this point, I've downloaded this Micro Login Sytem to use, and my best option seems to be to tweak the code to restrict the login ahttp://www.phpfreaks.com/forums/index.php?action=post;board=1.0s described above. Micro Login System http://www.hotscripts.com/listing/micro-login-system-file-based/ Also, instead of something such as MySQL it uses a file based login. Any security issues with that (since its not using a database)? Thanks Miesnerd Quote Link to comment Share on other sites More sharing options...
shergold Posted July 9, 2009 Share Posted July 9, 2009 to check if they are using the school email you could use: strstr($email,"@school.edu"); that will check the string for @school.edu, with the $email being the email address that you want checked. Shergold. Quote Link to comment Share on other sites More sharing options...
shergold Posted July 9, 2009 Share Posted July 9, 2009 if you want to post your code i can implement it if you like, also you shouldnt have any issues with a flat file database. shergold. Quote Link to comment Share on other sites More sharing options...
Andy-H Posted July 9, 2009 Share Posted July 9, 2009 First of all, I would store the file of email/passwords in a .txt file under the public directory (under public_html) If you store the emails and the password, comma seperated, for each student on a newline for each record you could use file() to pull the data into an array, restrict the username input to the part of the email before the @ and add the scheme yourself in the script. Also look into the explode() and md5() functions.. Quote Link to comment Share on other sites More sharing options...
miesnerd Posted July 9, 2009 Author Share Posted July 9, 2009 if you want to post your code i can implement it if you like, also you shouldnt have any issues with a flat file database. shergold. Shergold- Below is the code, just as I downloaded it and extracted it. Obviously, this is from the register.php file. There is one hitch though. At some point, our university (who is setting this up as an intervention for a high school) might require some logins from our domain .edu (of the university, not the HS). There should only be a few of those, though. Can I go in somehow and just add those manually? Is there a way to override it so you can register with either their login or ours? Thanks. Miesnerd (Code below) <?php require_once('common.php'); if (isset($_POST['submitBtn'])){ // Get user input $username = isset($_POST['username']) ? $_POST['username'] : ''; $password1 = isset($_POST['password1']) ? $_POST['password1'] : ''; $password2 = isset($_POST['password2']) ? $_POST['password2'] : ''; // Try to register the user $error = registerUser($username,$password1,$password2); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd"> <html> <head> <title>Micro Login System</title> <link href="style/style.css" rel="stylesheet" type="text/css" /> </head> <body> <div id="main"> <?php if ((!isset($_POST['submitBtn'])) || ($error != '')) {?> <div class="caption">Register user</div> <div id="icon"> </div> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="registerform"> <table width="100%"> <tr><td>Username:</td><td> <input class="text" name="username" type="text" /></td></tr> <tr><td>Password:</td><td> <input class="text" name="password1" type="password" /></td></tr> <tr><td>Confirm password:</td><td> <input class="text" name="password2" type="password" /></td></tr> <tr><td colspan="2" align="center"><input class="text" type="submit" name="submitBtn" value="Register" /></td></tr> </table> </form> <?php } if (isset($_POST['submitBtn'])){ ?> <div class="caption">Registration result:</div> <div id="icon2"> </div> <div id="result"> <table width="100%"><tr><td><br/> <?php if ($error == '') { echo " User: $username was registered successfully!<br/><br/>"; echo ' <a href="login.php">You can login here</a>'; } else echo $error; ?> <br/><br/><br/></td></tr></table> </div> <?php } ?> <div id="source">Micro Login System v 1.0</div> </div> </body> Quote Link to comment Share on other sites More sharing options...
miesnerd Posted July 9, 2009 Author Share Posted July 9, 2009 I just realized something. It doesnt have a field for an email address yet. Also, it needs to work by sending them a confirmation email, and requiring that they log into their email and click it to verify their email address. This is extremely important given the purpose of the website. Miesnerd Quote Link to comment Share on other sites More sharing options...
miesnerd Posted July 9, 2009 Author Share Posted July 9, 2009 I just realized something else. A part of the login system is a file called login.php. It was preventing index.html from loading when you type the domain name in. I disabled this by now for renaming index.php to index2.php. Is this acceptable? Any problems I might run into? Quote Link to comment Share on other sites More sharing options...
ignace Posted July 9, 2009 Share Posted July 9, 2009 I disabled this by now for renaming index.php to index2.php. Is this acceptable? Any problems I might run into? No problem. However make sure that your files now point to index2.php instead of index.php Quote Link to comment Share on other sites More sharing options...
miesnerd Posted July 9, 2009 Author Share Posted July 9, 2009 I disabled this by now for renaming index.php to index2.php. Is this acceptable? Any problems I might run into? Great. Glad to know its that simple. I was hoping, but not expecting that it would be that way. No problem. However make sure that your files now point to index2.php instead of index.php Quote Link to comment Share on other sites More sharing options...
miesnerd Posted July 10, 2009 Author Share Posted July 10, 2009 thanks so much for your help thus far, but im bumping it for several reasons: 1. As sharagold mentioned, I dont know where to impliment the one line 2. I also dont know how to make the script auto-mail login info that needs to be validated. 3. I dont know how to make it so that a certain page cannot be accessed unless a person is logged in. (Ie: couldnt they just get the url and use that to access the page without logging in every time? Quote Link to comment Share on other sites More sharing options...
ignace Posted July 10, 2009 Share Posted July 10, 2009 1. As sharagold mentioned, I dont know where to impliment the one line Implement this line where your validation starts and should come as: if (strstr($email, '@school.edu')) { // valid } 2. I also dont know how to make the script auto-mail login info that needs to be validated. You usually send this kind of information after they registered at your website. $mailBody = ""; $username = $_POST['username']; $password = $_POST['password']; $mailBody .= "Username: $username\n"; $mailBody .= "Password: $password\n"; mail($to, $subject, $mailBody, $headers); 3. I dont know how to make it so that a certain page cannot be accessed unless a person is logged in. You mean that only one user (John Doe) can access a specific page? Or a group (Authenticated Users) of people? (Ie: couldnt they just get the url and use that to access the page without logging in every time?) No they can't because if i would know your url i could be able to see your page and your system had nothing to defend itself to keep me away from that page. Quote Link to comment Share on other sites More sharing options...
Andy-H Posted July 11, 2009 Share Posted July 11, 2009 Show code for common.php ?? Quote Link to comment Share on other sites More sharing options...
miesnerd Posted July 11, 2009 Author Share Posted July 11, 2009 Show code for common.php ?? <?php session_start(); function registerUser($user,$pass1,$pass2){ $errorText = ''; // Check passwords if ($pass1 != $pass2) $errorText = "Passwords are not identical!"; elseif (strlen($pass1) < 6) $errorText = "Password is to short!"; // Check user existance $pfile = fopen("userpwd.txt","a+"); rewind($pfile); while (!feof($pfile)) { $line = fgets($pfile); $tmp = explode(':', $line); if ($tmp[0] == $user) { $errorText = "The selected user name is taken!"; break; } } // If everything is OK -> store user data if ($errorText == ''){ // Secure password string $userpass = md5($pass1); fwrite($pfile, "\r\n$user:$userpass"); } fclose($pfile); return $errorText; } function loginUser($user,$pass){ $errorText = ''; $validUser = false; // Check user existance $pfile = fopen("userpwd.txt","r"); rewind($pfile); while (!feof($pfile)) { $line = fgets($pfile); $tmp = explode(':', $line); if ($tmp[0] == $user) { // User exists, check password if (trim($tmp[1]) == trim(md5($pass))){ $validUser= true; $_SESSION['userName'] = $user; } break; } } fclose($pfile); if ($validUser != true) $errorText = "Invalid username or password!"; if ($validUser == true) $_SESSION['validUser'] = true; else $_SESSION['validUser'] = false; return $errorText; } function logoutUser(){ unset($_SESSION['validUser']); unset($_SESSION['userName']); } function checkUser(){ if ((!isset($_SESSION['validUser'])) || ($_SESSION['validUser'] != true)){ header('Location: login.php'); } } ?> Thanks so much for your help guys. Per what you've given me, I'll add it and play on Sunday when I get to work on this project again. I'm rather bogged down with my other academic duties right now. Quote Link to comment Share on other sites More sharing options...
miesnerd Posted July 11, 2009 Author Share Posted July 11, 2009 1. As sharagold mentioned, I dont know where to impliment the one line Implement this line where your validation starts and should come as: if (strstr($email, '@school.edu')) { // valid } 2. I also dont know how to make the script auto-mail login info that needs to be validated. You usually send this kind of information after they registered at your website. $mailBody = ""; $username = $_POST['username']; $password = $_POST['password']; $mailBody .= "Username: $username\n"; $mailBody .= "Password: $password\n"; mail($to, $subject, $mailBody, $headers); 3. I dont know how to make it so that a certain page cannot be accessed unless a person is logged in. You mean that only one user (John Doe) can access a specific page? Or a group (Authenticated Users) of people? (Ie: couldnt they just get the url and use that to access the page without logging in every time?) No they can't because if i would know your url i could be able to see your page and your system had nothing to defend itself to keep me away from that page. Thanks for #'s 1 and 2. Per three, sorry to be a little dense, but I'm still confused. Let's say kid A logs in, and after they login, they click on a link which gives them access to a restricted page (in real life, that page will be something like "askanexpert.html") Couldnt kid B see that kid A got redirected to askanexpert.html and then just go and type in the domain name and add "askanexpert.html" on to the end and get to the same page? Quote Link to comment Share on other sites More sharing options...
Andy-H Posted July 11, 2009 Share Posted July 11, 2009 <?php session_start(); // make the username the students email address function registerUser($user,$pass1,$pass2, $mail, $mail2){ $errorText = ''; // check username for *:* if ( trim($user, ':') != $user ) $errorText = "Username cannot contain character ':'"; // Check passwords if ($pass1 != $pass2) $errorText = "Passwords are not identical!"; if (strlen($pass1) < 6) $errorText = "Password is to short!"; //Check for valid email if ($mail != $mail2) $errorText = "Email addresses do not match!"; if ( !filter_var($mail, FILTER_VALIDATE_EMAIL) || strpos($mail, ':') !== False ) $errorText = "You entered an invalid email address!"; $validMail = array('@school.edu', '@other.ac.uk'); foreach($validMail As $check) { if ( stristr($mail, $check) !== False ) break; $errorText = "You must use your student email address (e.g. " . implode(", ", $validMail) . ")."; } // Check user existance $pfile = fopen("userpwd.txt","a+"); rewind($pfile); while (!feof($pfile)) { $line = fgets($pfile); $tmp = explode(':', $line); if ($tmp[0] == $user) { $errorText = "The selected user name is taken!"; break; } } // If everything is OK -> store user data if ($errorText == ''){ // Secure password string $userpass = md5($pass1); fwrite($pfile, "\r\n" . $user . ':' . $userpass . ':' . $mail); $subject = $user . '<' . $mail . '> - account details!'; $message = "Hello " . $user . ",\r\n\r\n"; $message.= "Your account details are as follows: " . "\r\n"; $message.= "Username: " . $user . "\r\n" . "Password: " . $pass1 . "\r\n\r\n"; $message.= "Please remember these details as they cannot be re-sent."; $headers = 'From: webmaster@example.com' . "\r\n" . 'Reply-To: no-one@example.com' . "\r\n" . 'X-Mailer: PHP/' . phpversion(); mail($mail, $subject, $message, $headers); } fclose($pfile); return $errorText; } function loginUser($user,$pass){ $errorText = ''; $validUser = false; // Check user existance $pfile = fopen("userpwd.txt","r"); rewind($pfile); while (!feof($pfile)) { $line = fgets($pfile); $tmp = explode(':', $line); if ($tmp[0] == $user) { // User exists, check password if (trim($tmp[1]) == trim(md5($pass))){ $validUser= true; $_SESSION['userName'] = $user; } break; } } fclose($pfile); if ($validUser != true) $errorText = "Invalid username or password!"; if ($validUser == true) $_SESSION['validUser'] = true; else $_SESSION['validUser'] = false; return $errorText; } function logoutUser(){ unset($_SESSION['validUser']); unset($_SESSION['userName']); } function checkUser(){ if ((!isset($_SESSION['validUser'])) || ($_SESSION['validUser'] != true)){ header('Location: login.php'); } } ?> For the access restrictions you could make them all PHP files with an accesslevel and add it to the registration script or something? Quote Link to comment Share on other sites More sharing options...
miesnerd Posted July 13, 2009 Author Share Posted July 13, 2009 Andy at this point, they only need to login to get to one page. Ideally, all other pages are accessed by everyone. One page is needed so they can login and ask a question (and we can know who they are as they ask a question). Quote Link to comment Share on other sites More sharing options...
Andy-H Posted July 13, 2009 Share Posted July 13, 2009 so use the session that is set when the user logs in... // If user isnt logged in and tries to access this page, redirect them to the login page... if ( !isSet($_SESSION['userName']) || $_SESSION['validUser'] !== True ) { Header("Location: login.php"); exit; } Quote Link to comment Share on other sites More sharing options...
miesnerd Posted July 16, 2009 Author Share Posted July 16, 2009 Hey guys! I'm back. Thanks again for your help so much. I know andy edited the common.php file for me, and in doing so, like I needed, added email confirmation funcitonality. But doesnt the register.php file need to be edited as well? If not, please explain to me how php accomplishes this. Miesnerd Quote Link to comment Share on other sites More sharing options...
Andy-H Posted July 16, 2009 Share Posted July 16, 2009 Using the mail function, I just updated the register function to send an email to the users email address using the built in function. When you call the register function I added a couple of variables that need to be passed in addition. Quote Link to comment Share on other sites More sharing options...
miesnerd Posted July 16, 2009 Author Share Posted July 16, 2009 Using the mail function, I just updated the register function to send an email to the users email address using the built in function. When you call the register function I added a couple of variables that need to be passed in addition. thanks man. I just discovered I must have royally F'd something up. I think I'm gonna download the unedited code, put it up, and then all I should have to do is put in your edited version of common.php, right? Quote Link to comment Share on other sites More sharing options...
Andy-H Posted July 16, 2009 Share Posted July 16, 2009 Depends what you edited before you showed us your code, whats the problem at the moment? You getting any errors or just the functionality is not correct? Quote Link to comment Share on other sites More sharing options...
miesnerd Posted July 16, 2009 Author Share Posted July 16, 2009 Depends what you edited before you showed us your code, whats the problem at the moment? You getting any errors or just the functionality is not correct? eh, no worries. I hadnt done that much, and most of it was superficial stuff. So now I'm back to the generic cookie cutter version + your common.php edited file. At the registration, there is no place where you need to enter your email, so I guess i lost that. Quote Link to comment Share on other sites More sharing options...
Andy-H Posted July 16, 2009 Share Posted July 16, 2009 You need to change like this. Unless the labels mess up the design, I just added them to make it a tiny bit more user friendly. Just get rid of them if they mess up the layout. <?php require_once('common.php'); if (isset($_POST['submitBtn'])){ // Get user input $username = isset($_POST['username']) ? $_POST['username'] : ''; $password1 = isset($_POST['password1']) ? $_POST['password1'] : ''; $password2 = isset($_POST['password2']) ? $_POST['password2'] : ''; $email = isset($_POST['email']) ? $_POST['email'] : ''; $email2 = isset($_POST['email2']) ? $_POST['email2'] : ''; // Try to register the user $error = registerUser($username, $password1, $password2, $email, $email2); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd"> <html> <head> <title>Micro Login System</title> <link href="style/style.css" rel="stylesheet" type="text/css" /> </head> <body> <div id="main"> <?php if ((!isset($_POST['submitBtn'])) || ($error != '')) {?> <div class="caption">Register user</div> <div id="icon"> </div> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="registerform"> <table width="100%"> <tr><td><label for="user">Username:</label></td><td> <input class="text" name="username" type="text" id="user" /></td></tr> <tr><td><label for="pass">Password:</label></td><td> <input class="text" name="password1" type="password" id="pass" /></td></tr> <tr><td><label for="pass2">Confirm password:</label></td><td> <input class="text" name="password2" type="password" id="pass2" /></td></tr> <tr><td><label for="email">Email:</label></td><td> <input class="text" name="email" type="text" id="email" /></td></tr> <tr><td><label for="email2">Confirm email:</label></td><td> <input class="text" name="email2" type="text" id="email2" /></td></tr> <tr><td colspan="2" align="center"><input class="text" type="submit" name="submitBtn" value="Register" /></td></tr> </table> </form> <?php } if (isset($_POST['submitBtn'])){ ?> <div class="caption">Registration result:</div> <div id="icon2"> </div> <div id="result"> <table width="100%"><tr><td><br/> <?php if ($error == '') { echo " User: $username was registered successfully!<br/><br/>"; echo ' <a href="login.php">You can login here</a>'; } else { echo $error; } ?> <br/><br/><br/></td></tr></table> </div> <?php } ?> <div id="source">Micro Login System v 1.0</div> </div> </body> Quote Link to comment Share on other sites More sharing options...
miesnerd Posted July 16, 2009 Author Share Posted July 16, 2009 You need to change like this. Unless the labels mess up the design, I just added them to make it a tiny bit more user friendly. Just get rid of them if they mess up the layout. <?php require_once('common.php'); if (isset($_POST['submitBtn'])){ // Get user input $username = isset($_POST['username']) ? $_POST['username'] : ''; $password1 = isset($_POST['password1']) ? $_POST['password1'] : ''; $password2 = isset($_POST['password2']) ? $_POST['password2'] : ''; $email = isset($_POST['email']) ? $_POST['email'] ? ''; $email2 = isset($_POST['email2']) ? $_POST['email2'] ? ''; // Try to register the user $error = registerUser($username, $password1, $password2, $email, $email2); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd"> <html> <head> <title>Micro Login System</title> <link href="style/style.css" rel="stylesheet" type="text/css" /> </head> <body> <div id="main"> <?php if ((!isset($_POST['submitBtn'])) || ($error != '')) {?> <div class="caption">Register user</div> <div id="icon"> </div> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="registerform"> <table width="100%"> <tr><td><label for="user">Username:</label></td><td> <input class="text" name="username" type="text" id="user" /></td></tr> <tr><td><label for="pass">Password:</label></td><td> <input class="text" name="password1" type="password" id="pass" /></td></tr> <tr><td><label for="pass2">Confirm password:</label></td><td> <input class="text" name="password2" type="password" id="pass2" /></td></tr> <tr><td><label for="email">Email:</label></td><td> <input class="text" name="email" type="text" id="email" /></td></tr> <tr><td><label for="email2">Confirm email:</label></td><td> <input class="text" name="email2" type="text" id="email2" /></td></tr> <tr><td colspan="2" align="center"><input class="text" type="submit" name="submitBtn" value="Register" /></td></tr> </table> </form> <?php } if (isset($_POST['submitBtn'])){ ?> <div class="caption">Registration result:</div> <div id="icon2"> </div> <div id="result"> <table width="100%"><tr><td><br/> <?php if ($error == '') { echo " User: $username was registered successfully!<br/><br/>"; echo ' <a href="login.php">You can login here</a>'; } else { echo $error; } ?> <br/><br/><br/></td></tr></table> </div> <?php } ?> <div id="source">Micro Login System v 1.0</div> </div> </body> awesome. I had added that and from looking at the code, figured that's all I needed, but you beat me to it. Seriously, thanks a ton man. Quote Link to comment Share on other sites More sharing options...
miesnerd Posted July 16, 2009 Author Share Posted July 16, 2009 acutally I got an error when trying to register on line 9. Parse error: syntax error, unexpected ';' in /home/www/healthytnteens.net/register.php on line 9 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.