jse2n36e Posted October 12, 2007 Share Posted October 12, 2007 Heya, So I just finished my first shopping cart complete with it's own basic CMS so my client can add, edit & remove products. Only problem is, that page isn't protected, so I need to do two things as far as I can see: 1. Create an encryped user authentication page that requires a simple username and password. 2. And a snippet that denies access to the page unless you're logged in. From my experience, I don't think this should be much more than a page or two of code at worst, I'm intent upon writing it myself too, so I guess I'm looking for someone who can reference me to a solid PHP & MySQL tutorial for this? Thanks! Spence Quote Link to comment Share on other sites More sharing options...
slushpuppie Posted October 12, 2007 Share Posted October 12, 2007 authenticateUser(); // put at the top of page that requires authentication //include a function like this: function authenticateUser(){ ## check if user session has been set if($_SESSION['valid_user'] == true){ ## check if user session ip equals current ip if ($_SESSION['user_ip'] != $_SERVER['REMOTE_ADDR']){ exit("Your session has been hijacked"); } return true; }else{ ## page to redirect to if user session not set header('location: login.php'); } } a function i've used a few times. Quote Link to comment Share on other sites More sharing options...
slushpuppie Posted October 12, 2007 Share Posted October 12, 2007 as far as loggin in, compare the input of username and password by comparing against the database, something like this: while($row = mysql_fetch_array($result)) { unset($_SESSION['loginErrorMessage']); if($user_name == $row['user_name']){ if(md5($password) == $row['user_pass']){ ## if login is successful set all the session variables $loginID = $row['id']; $_SESSION['valid_user'] = true; $_SESSION['user_name'] = $row[1]; $_SESSION['user_ip'] = $_SERVER['REMOTE_ADDR']; unset($_SESSION['loginErrorMessage']); unset($_SESSION['timeoutErrorMessage']); unset($_SESSION['failedAttempts']); unset($_SESSION['timeoutRetryTime']); ## record date last login date $sql_last_login = "UPDATE $db_name SET $db_lastlogin=NOW() WHERE $db_id='$loginID'"; mysql_query($sql_last_login) or die("Select Failed P-002<br />"); ## page to redirect to when login is successful header('location: index.php'); }else{ ## login failed: bad password // record in database ## display error message $_SESSION['loginErrorMessage'] = $loginErrorMessage; } }else{ ## login failed: username not found ## display error message $_SESSION['loginErrorMessage'] = $loginErrorMessage; } } Quote Link to comment Share on other sites More sharing options...
alexander007 Posted October 12, 2007 Share Posted October 12, 2007 Something very simple... <?php include"../include/config.php"; $tbl_name="login"; // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // username and password sent from signup form $username=$_POST['username']; $password=$_POST['password']; $encrypted_password=md5($password); $sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$encrypted_password'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $username and $password, table row must be 1 row if($count==1){ // Register $username, $password and redirect to file "menu.php" session_register("username"); session_register("password"); header("location:sistema.html"); } else { echo "Wrong Username or Password"; } ?> At top of every page <?php session_start(); if(!session_is_registered(username)){ header("location:../admin/"); } Logout <?php session_start(); session_destroy(); header("location:../admin"); ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.