PHP form authentication

[depojones]

Hi guys,

 

what am trying to achieve is this: Whenever a user tries to login to my website, an error should be displayed for the first time notifying them to try again. Every time they open the website, for the very first time they try to login, it shouldn't be successful. Can I achieve this without using a database?

 

Thanks in advance

[monkeytooth]

So you want someone whos never been to your site to tempt to login.. but fail regardless of it being a valid login or not? But only if they have never been to the site before?

 

Ok? Dont know about that all to well, but why not try cookies/sessions (cookie would be the best bet all considered. Have the site look for a cookie upon load if the cookie doesnt exist have it create it. if it does then don't.. if the cookie isnt there also make the login form goto to just an error page, if they have been there before set the form to handle correctly.

 

Draw backs its a cookie.. Someone with multiple computers that goes to the site from each computer will deal with the same issue each time if its the first time for that computer..

Cookies can be deleted on the user end. Cookies Expire, Browsers store and use cookies differently the list goes on..

 

You can try to use a DB to take IPs caught via a script and store them then compare them to soemone coming to the site. Drawbacks.. Most IP's are dynamic they will eventually change. Most IP's are shared via a hub or gateway of some sort..

[depojones]

@Monkeytooth

 

Thanks for your prompt response, I do have a general understanding about what you driving at. I think the best would be to use the cookies/session. Can you show me a how i can do that; I mean creating the cookie and checking for it existing. I can i should be able to handle the redirection and output of the error.

 

Thanks

[monkeytooth]

Sorry for the lack of response... I forgot to set "notify" on this post

This is a very crude example but the concept does apply, I would follow it up with if the session is there and set, double check it to make sure its what you want it to be. then move on to the next step. The same concept applies to cookies, just replace $_SESSION with $_COOKIE

 

if(!isset($_SESSION['session.name.you.choose'])){ echo "No Session"; } else { /*do what ya gotta do*/ }

 

to set a session you must above all HTML in your site above any HTML tag even use

<?php session_start(); ?>

 

then to set the variable in a session

$_SESSION['session.name.you.choose'] = "blah"; 

 

then to read the variable in a session

$thesession = $_SESSION['session.name.you.choose']; 

 

if your running more then one session on your site and want to see them all output as an array

print_r($_SESSION);