Jump to content

Need to create a Login Form


laflair13

Recommended Posts

Hey all,

 

I am trying to put a login form on the front pages (index, contact us, about us) of my site. I want the members to put in username and pass, and when they click submit, it takes them to the /members/ area of the site.

 

Right now this is how I have the form.

 

<form method="POST" action="login.php">
<input type="text" name="username">
<input type="password" name="password">
<input type="submit" value="Login">
</form>

 

I have this, but the members area consist of several pages and not just on location.

 

if ($_SESSION['authorized'] != true) 
{
    header("Location: login_form.php");	
    exit;
}

 

Finally, I am going to create a login.php page that has this in it.

 

$select_user = 
mysql_query('select * from users where username = "' . 
	$_POST['username'] . '" and password = "' . 
	md5($_POST['password'] . '"'));

if (mysql_num_rows($select_user) != 0) 
{
    session_start();
    session_register('authorized');
    $_SESSION['authorized'] = true;

    header("Location: protected_content.php");
    exit;
} 
else 
{
    header("Location: login_form.php");
    exit;	
}

 

 

So My questions are, How can I make it so they can access the entire /members/ area (directory)

 

and what would I put in the database 'members' when I create it. All members are going to use the same username and pass. So there is only need for 1 query for username and 1 for password.

 

I appreciate anyone help in advance.

Link to comment
Share on other sites

In regards to your first question on determining the pages that allow the users access, you will need to call your $_SESSION on those pages with the session key that identifies the user ELSE the user would be redirected to the login page so probably something like:

 

if (!$_SESSION['loggedIn']) {
     header: loginpage.php;
}

 

My script is written poorly above!, but this is the general idea to think with. Each page that is member only should start the session, then check if the session the user created on login is in fact a match and valid else the user would be sent to the login page.

 

Hope this helps!

Link to comment
Share on other sites

You're checking the database incorrectly in regards to the password, and aren't escaping the values you're selecting.

 

try this:

session_start();

$_POST['username'] = mysql_real_escape_string($_POST['username']);
$_POST['password'] = mysql_real_escape_string($_POST['password']);

$select_user = 
mysql_query('select `password` from users where username = "' . 
	$_POST['username'] . '" LIMIT 1'));

if (mysql_num_rows($select_user) == 1) 
{
    $r = mysql_fetch_assoc($select_user);
    if($r['password'] == md5($_POST['password'])) {
    session_register('authorized');
    $_SESSION['authorized'] = true;

    header("Location: protected_content.php");
    exit;
    } else
          die('Password does not match!');
} 
else 
{
    header("Location: login_form.php");
    exit;	
}

 

personally I'd scrap all the code and start over differently.

Link to comment
Share on other sites

So I would have to put that code on all the pages inside the /members/ directory?

 

Not exactly the code I posted, but yes, you would post the code in each page that was restricted to a specific session value.

 

Something like this should do the trick:

 

1) Pass a hidden field in the login form type="hidden" name="auth" value="yes" within a script - create the session etc..

 

2) On the member only pages, you will need to check along these lines:

 

session_start();
if ($_SESSION['auth'] != 'yes') {
      header("Location: login.php");
      exit();
}

 

Then on each page check if the session is actually set based on the above criteria...

 

By no means is my code complete or accurate for your needs, but should help with some ideas to decide on the best direction for your app..

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.