Jump to content

Archived

This topic is now archived and is closed to further replies.

liefwin

Secured area how to ?

Recommended Posts

Hi,
I'm having a secured area where the username and pasw are stored in a MySql Db.
As i'm complete new i found this on the net and after a while i got it working :-)

How can i get a message or store details of users access (who, when, which page,...) to the protected area ?
Any help is more than welcome !
thx



this is the code i use in the connect.php
*********************************************************************************************************************
<?php
define ('DB_USER', '*************'); // Database User Name
define ('DB_PASSWORD', '***********'); // Database User Password
define ('DB_HOST', '**********'); // Host Name (mostly localhost)
$dbc = mysql_connect (DB_HOST, DB_USER, DB_PASSWORD); // Establishes connection
mysql_select_db(**************'); // database name to connect to

define(TABLE_NAME,'user'); // Table Name
define(USER_NAME,'username'); // Username Field Name
define(PASS_NAME,'password'); // Password Field Name
?>
**********************************************************************************************************************************

This is the code i use in the index.php page
**********************************************************************************************************************************
<?php
session_start();

//site_defines
$SECURED_PAGE = 'index2.php';

// If the form was submited check if the username and password match
if($_POST['submitid'] == 1){
//Call the database file
require_once("connect.php");
$username = $_POST['username'];
$password = $_POST['password'];
$user_query = @mysql_query("SELECT * FROM " . TABLE_NAME . " WHERE `" . USER_NAME . "`='$username' AND `" . PASS_NAME . "`='$password'");

if(@mysql_num_rows($user_query) > 0){
//Make sessions
$_SESSION['isloged'] = 'yes';
$_SESSION['username'] = $_POST[username];

// Redirect to the page
header("Location: $SECURED_PAGE");
exit();
} else {
$message = 'Uw username en/of password is niet correct !';
}
}
?>
<?php

//Check if we are displaying a message to the user:
if($message != NULL){?>
<table width="500" border="0" cellpadding="3" cellspacing="0" bgcolor="#CCCCCC" align="center">
<tr>
<td><div align="center"><strong><font color="#FF0000"><?=$message;?></font></strong></div></td>
</tr>
</table>
<?php } ?>
<form action="<? echo $_SERVER['PHP_SELF'];?>" method="post" name="adminlogin" id="adminlogin" style="display:inline;">
<br><br><br><br><table width="500" border="1" align="center" cellpadding="5" cellspacing="0" bordercolor="#336699">
<tr bgcolor="#99CCFF">
<td colspan="2"><div align="center"><strong>Please Login</strong></div></td>
</tr>
<tr>
<td width="47%"><strong>Username:</strong></td>
<td width="53%"><input name="username" type="text" id="username"></td>
</tr>
<tr>
<td><strong>Password:</strong></td>
<td><input name="password" type="password" id="password"></td>
</tr>
<tr>
<td colspan="2"><div align="center"><font face="Georgia, Times New Roman, Times, serif"><strong>
<input name="Submit" type="submit" id="Submit" value="Inloggen">
<input name="submitid" type="hidden" id="submitid" value="1">
</strong></font> </div></td>
</tr>
</table>
<p>&nbsp;</p>
</form>

Share this post


Link to post
Share on other sites
It sounds like you just want logging.. Based on the $_SESSION object, you can take the username and create a log entry each time a page is accessed by an authenticated user. Something like this :

[code]
session_start();

// Check to see if the user is logged in
if (! $_SESSION['islogged']) {
   header('/login.php');
   exit;
}

// Open the log file and write a log entry to it
fopen($logfile, 'a');
fwrite($logfile, $_SESSION['username'] . ' accessed page mypage.php');
fclose($logfile);

// Continue with the rest of what mypage.php should do
[/code]

I'm definitely no expert with file access as I don't use it very heavily, so there may be a better way to do the file handling bit. But, the above code should get your foot in the door...

Also note, the mere use of session_start() does not mean that you have a secure site. It's fairly easy to steal sessions. I use a SQL database to store additional information such as session ID, ip address, etc. to ensure that the session doesn't migrate somewhere else.

Share this post


Link to post
Share on other sites
Thx for your reply,

could you tell me how you do it as it seems a lot more secure as what i do ?

Share this post


Link to post
Share on other sites
Here's a link to the code I use : [a href=\"http://www.godshell.com/oss/secure-login.tar.gz\" target=\"_blank\"]http://www.godshell.com/oss/secure-login.tar.gz[/a]

Note : This is not for drop-in usage. It was written for a specific app. However, it should be relatively easy to change.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.