liefwin Posted February 28, 2006 Share Posted February 28, 2006 Hi,I'm having a secured area where the username and pasw are stored in a MySql Db.As i'm complete new i found this on the net and after a while i got it working :-) How can i get a message or store details of users access (who, when, which page,...) to the protected area ?Any help is more than welcome !thxthis is the code i use in the connect.php*********************************************************************************************************************<?phpdefine ('DB_USER', '*************'); // Database User Namedefine ('DB_PASSWORD', '***********'); // Database User Passworddefine ('DB_HOST', '**********'); // Host Name (mostly localhost)$dbc = mysql_connect (DB_HOST, DB_USER, DB_PASSWORD); // Establishes connectionmysql_select_db(**************'); // database name to connect todefine(TABLE_NAME,'user'); // Table Namedefine(USER_NAME,'username'); // Username Field Namedefine(PASS_NAME,'password'); // Password Field Name?>**********************************************************************************************************************************This is the code i use in the index.php page**********************************************************************************************************************************<?phpsession_start();//site_defines$SECURED_PAGE = 'index2.php';// If the form was submited check if the username and password matchif($_POST['submitid'] == 1){//Call the database filerequire_once("connect.php");$username = $_POST['username'];$password = $_POST['password'];$user_query = @mysql_query("SELECT * FROM " . TABLE_NAME . " WHERE `" . USER_NAME . "`='$username' AND `" . PASS_NAME . "`='$password'");if(@mysql_num_rows($user_query) > 0){//Make sessions$_SESSION['isloged'] = 'yes';$_SESSION['username'] = $_POST[username];// Redirect to the pageheader("Location: $SECURED_PAGE");exit();} else {$message = 'Uw username en/of password is niet correct !';}}?><?php//Check if we are displaying a message to the user:if($message != NULL){?><table width="500" border="0" cellpadding="3" cellspacing="0" bgcolor="#CCCCCC" align="center"><tr><td><div align="center"><strong><font color="#FF0000"><?=$message;?></font></strong></div></td></tr></table><?php } ?><form action="<? echo $_SERVER['PHP_SELF'];?>" method="post" name="adminlogin" id="adminlogin" style="display:inline;"><br><br><br><br><table width="500" border="1" align="center" cellpadding="5" cellspacing="0" bordercolor="#336699"><tr bgcolor="#99CCFF"> <td colspan="2"><div align="center"><strong>Please Login</strong></div></td></tr><tr> <td width="47%"><strong>Username:</strong></td><td width="53%"><input name="username" type="text" id="username"></td></tr><tr> <td><strong>Password:</strong></td><td><input name="password" type="password" id="password"></td></tr><tr> <td colspan="2"><div align="center"><font face="Georgia, Times New Roman, Times, serif"><strong><input name="Submit" type="submit" id="Submit" value="Inloggen"><input name="submitid" type="hidden" id="submitid" value="1"></strong></font> </div></td></tr></table><p> </p></form> Quote Link to comment https://forums.phpfreaks.com/topic/3778-secured-area-how-to/ Share on other sites More sharing options...
XenoPhage Posted February 28, 2006 Share Posted February 28, 2006 It sounds like you just want logging.. Based on the $_SESSION object, you can take the username and create a log entry each time a page is accessed by an authenticated user. Something like this :[code]session_start();// Check to see if the user is logged inif (! $_SESSION['islogged']) { header('/login.php'); exit;}// Open the log file and write a log entry to itfopen($logfile, 'a');fwrite($logfile, $_SESSION['username'] . ' accessed page mypage.php');fclose($logfile);// Continue with the rest of what mypage.php should do[/code]I'm definitely no expert with file access as I don't use it very heavily, so there may be a better way to do the file handling bit. But, the above code should get your foot in the door...Also note, the mere use of session_start() does not mean that you have a secure site. It's fairly easy to steal sessions. I use a SQL database to store additional information such as session ID, ip address, etc. to ensure that the session doesn't migrate somewhere else. Quote Link to comment https://forums.phpfreaks.com/topic/3778-secured-area-how-to/#findComment-13132 Share on other sites More sharing options...
liefwin Posted March 1, 2006 Author Share Posted March 1, 2006 Thx for your reply,could you tell me how you do it as it seems a lot more secure as what i do ? Quote Link to comment https://forums.phpfreaks.com/topic/3778-secured-area-how-to/#findComment-13226 Share on other sites More sharing options...
XenoPhage Posted March 1, 2006 Share Posted March 1, 2006 Here's a link to the code I use : [a href=\"http://www.godshell.com/oss/secure-login.tar.gz\" target=\"_blank\"]http://www.godshell.com/oss/secure-login.tar.gz[/a]Note : This is not for drop-in usage. It was written for a specific app. However, it should be relatively easy to change. Quote Link to comment https://forums.phpfreaks.com/topic/3778-secured-area-how-to/#findComment-13259 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.