Jump to content

Protected page script | MYSQL & PHP | Username and Pass Database

farnoise

By farnoise
in PHP Coding Help

 Share

Recommended Posts

farnoise Member

farnoise

Posted
Posted

Hi everyone,

 

Here is my problem, and hope someone can help me.

I found a pretty awesome and simple script to protect my pages it works PERFECTLY FINE, but as you can see in the script its kind pre-assigned username/pass system I want to know if any of you can help me with removing that part and connect the form to MYSQL then whenever form wants to load username/pass it connects to database and check the usrename/pass from there or.

I dont think it should be an issue

 

 

 

<?php
$LOGIN_INFORMATION = array(
  'user1' => 'user1pass',
  'admin' => 'adminpass'  
   'user2' => 'user2pass',
  'admin2' => 'adminpass2'
);

// request login? true - show login and password boxes, false - password box only
define('USE_USERNAME', true);

// User will be redirected to this page after logout
define('LOGOUT_URL', 'http://www.example.com/');

// time out after NN minutes of inactivity. Set to 0 to not timeout
define('TIMEOUT_MINUTES', 10);

// This parameter is only useful when TIMEOUT_MINUTES is not zero
// true - timeout time from last activity, false - timeout time from login
define('TIMEOUT_CHECK_ACTIVITY', true);

#  SETTINGS END


if(isset($_GET['help'])) {
  die('Include following code into every page you would like to protect, at the very beginning (first line): <br>Arad Gharagozli<?php include("' . str_replace('\\','\\\\',__FILE__) . '"); ?>');
}

// timeout in seconds
$timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60);

// logout?
if(isset($_GET['logout'])) {
  setcookie("verify", '', $timeout, '/'); // clear password;
  header('Location: ' . LOGOUT_URL);
  exit();
}

if(!function_exists('showLoginPasswordProtect')) {

// show login form
function showLoginPasswordProtect($error_msg) {
?>
<html>

******** SOME HTML CODES HERE FOR LOGIN FORM AND STUFF ******** 

</body>
</html>

<?php
  // stop at this point
  die();
}
}

// user provided password
if (isset($_POST['access_password'])) {

  $login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
  $pass = $_POST['access_password'];
  if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION)
  || (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass ) ) 
  ) {
    showLoginPasswordProtect("ERROR 500<br><br>Access denied.<br> Please check Username and (or) Password and try again.<br> ");
  }
  else {
    // set cookie if password was validated
    setcookie("verify", md5($login.'%'.$pass), $timeout, '/');
    
    // Some programs (like Form1 Bilder) check $_POST array to see if parameters passed
    // So need to clear password protector variables
    unset($_POST['access_login']);
    unset($_POST['access_password']);
    unset($_POST['Submit']);
  }

}

else {

  // check if password cookie is set
  if (!isset($_COOKIE['verify'])) {
    showLoginPasswordProtect("");
  }

  // check if cookie is good
  $found = false;
  foreach($LOGIN_INFORMATION as $key=>$val) {
    $lp = (USE_USERNAME ? $key : '') .'%'.$val;
    if ($_COOKIE['verify'] == md5($lp)) {
      $found = true;
      // prolong timeout
      if (TIMEOUT_CHECK_ACTIVITY) {
        setcookie("verify", md5($lp), $timeout, '/');
      }
      break;
    }
  }
  if (!$found) {
    showLoginPasswordProtect("");
  }

}

?>

 

 

THANKS A LOT :rtfm: :rtfm:

Link to comment
Share on other sites
garethhall Regular Member

garethhall

Posted
Posted

Hi there, I agree getting the information from the DB won't be a problem but ......... I am not sure on how wise that would be. If the system you are working on is small (only a couple of users) then I guess it's ok but if it has the potential to have hundreds or even thousands of users then I would say no. I have a very large system having to do the same as yours.

 

Here is my code perhaps it will help you out.

 

<?php
//******************************** User and session authentication **************************************
function auth(){
	/*** If remeber cookies are set validate them ***/
	if(isset($_COOKIE['ql_loginName']) && isset($_COOKIE['ql_loginPassword'])){
		$sql = "SELECT * FROM usr WHERE (usrName = ".cv($_COOKIE['ql_loginName'])." OR usrEmail = ".cv($_COOKIE['ql_loginName'])." ) AND usrPass = ".cv($_COOKIE['ql_loginPassword'])." LIMIT 1";
		$rs = mysql_query($sql);
		$rw = mysql_fetch_assoc($rs);
		/*** if user details is valid set sessions ***/
		if(mysql_num_rows($rs)){
			session_regenerate_id();
			$_SESSION['ql_login'] = 1;
			$_SESSION['ql_usrID'] = $rw['usrID'];
			$_SESSION['ql_compID'] = $rw['compId'];
			$_SESSION['ql_level'] = $rw['usrLevel'];
			$_SESSION['ql_master'] = comp($rw['compId'],'master');
			$_SESSION['ql_toDate'] = comp($rw['compId'],'compRenewDate');
			if(basename($_SERVER['PHP_SELF']) == "index.php"){// if user is already logged in then redirect to main.php
				mysql_query("UPDATE usr SET usrLastLog = NOW() WHERE usrID = ".cv($rw['usrID']));
				header("Location: main.php");
			}
		}else{// user details not valid
			// expire the cookies
			setcookie("ql_loginName","", time() - 3600, "/");
			setcookie("ql_loginPassword","", time() - 3600, "/");
			header("Location: index.php");
			exit();
		}
		mysql_free_result($rs);
		/*** If Sessions are not set ***/
	}else if(!isset($_SESSION['ql_login']) || !isset($_SESSION['ql_usrID']) || !isset($_SESSION['ql_compID']) || !isset($_SESSION['ql_level']) || !isset($_SESSION['ql_master']) || !isset($_SESSION['ql_toDate'])){
		unset($_SESSION['ql_login']);
		unset($_SESSION['ql_usrID']);
		unset($_SESSION['ql_compID']); 
		unset($_SESSION['ql_level']);
		unset($_SESSION['ql_master']);
		unset($_SESSION['ql_toDate']);
		session_destroy();
		if(basename($_SERVER['PHP_SELF']) != "index.php"){
			header("Location: index.php");
		}
	}else{
		/*** session are set so regenerate id and privileges ***/
		session_regenerate_id();
		$_SESSION['ql_level'] = usr($_SESSION['ql_usrID'],'usrLevel');
		$_SESSION['ql_master'] = comp($_SESSION['ql_compID'],'master');
		$_SESSION['ql_toDate'] = comp($_SESSION['ql_compID'],'compRenewDate');
		if(basename($_SERVER['PHP_SELF']) == "index.php"){
				header("Location: main.php");
		}
	}
}
auth();//Run User and session authentication
?>

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.