Help Needed With PHP Login Process/Redirect Script

[ypkumar]

Hi people!

I am working on a login script. But i cannot figure out my issue with cookies and sessions.

the more i struggle, the more my brain gets heated up making me lost my time :-(

I've searched till the far end of the internet (lol, its just a phrase. Not Literally!) but i couldnt extract the login present in the thousands and millions of tutorials and free scripts present on the internet.

 

Its like this

I have 1 front end (login page, which collects login details, viz. user id and pass)

i already have a user id and pass separated by a pipe "|" and encoded in md5 which are stored in a file.

The problem begins in 2nd page. The page accepts the values (user id and pass) from front end.

checks and compares with those of present in my file.

 

Everything was fine until i began thinking or sessions and cookies. thats when i lost my focus on the project. the main problem is i dont even know what to do and how to do it.

 

here is my code:

 

login.html

<html>
<head>
<title>login test</title>
</head>
<body onload="javascript: document.form.user.focus();">
<form name="form" method="POST" action="process.php">
<div style="margin:250px auto auto 400px;">
<table><tr><td>username:</td><td><input type="text" name="user" /></td></tr>
<tr><td>password:</td><td><input type="password" name="pass" /><td></tr>
<tr><td><input type="submit" value="submit" /><td></tr>
</div>
</form>
</body>
</html>

 

process.php

<?php
// collect user id
$usr = $_POST["user"];
// collect user password
$pas = $_POST["pass"];
// are they really there?
if ((trim($usr) == '')) && ((trim($pas) == ''))
{
echo "<br />Enter Something!";
exit;
} 
else
{
// encrypt both
$enc_usr = md5($usr);
$enc_pas = md5($pas);
$filename = "pass.dat";
if($fp = @fopen($filename,"r"))
{
	$new = fread($fp, filesize($filename));
	$data = explode("|", $new);
                // pass is first in my file and user name comes 2nd in my file
	if ((data[0]==$enc_pass) && (data[1])==$enc_usr))
	{
		// valid login
                       echo "valid login";


/*                       [b]PHP CODE
                        Here Lies The Problem:
                        I dont know how to set a cookie or start a session
                        So i couldnt code it.
                        [/b]*/
	}
	else
                {
                         echo "stop it you thief!, invalid login";
                         exit;
                }

}

}

 

- all i want is to make the user login properly (and not by "host/process.php" [i.e, directly accessing script] (i think i achieved this goal)

- i want the user to login and logout

- i want redirection based on POST status (e.g: if($_POST['id']="home") {header(Location: "index.php");}

 

Ive tried some examples using "$_server['php_self']" to make the login and process on same page.

i couldnt do it properly.

 

Can anyone kindly assist me on this one? and tell me what i have to do. what wrong have i done and what i mustnt do.

 

thanks in advance.

 

with best regards,

kumar.

[flashmonkey]

Hey YP! Howz it goin? Anyways here are the completed script:

 

1) Save the following code in 'login.php':

 

<?php
#rahul chatterjee, bilaspur, chattisgarh, india
session_start();

if(isset($_POST['submit']) && !empty($_POST['nm']) && !empty($_POST['pw'])){
$nm=md5(trim($_POST['nm']));
$pw=md5(trim($_POST['pw']));
$filename = "pass.txt";
if($fp = @fopen($filename,"r")){
$new = fread($fp, filesize($filename));
$data = explode("|", $new);
if ($data[0]==$pw && $data[1]==$nm){
$_SESSION['id']=$nm.rand(1000,9999);
$_SESSION['real']=$_POST['nm'];
$_SESSION['login']=true;
$goto=header("Location: home.php");
	} else {
$error="Invalid login attempt. Please try again!";	
	}
} 
} else {
$error="Invalid login attempt. Please try again!";	
}
?>
<html>
<head>
<title>Login</title>
<style type="text/css">
.error {
color: #FF0000;
}
</style>
</head>
<body>
<form action="login.php" method="post" enctype="application/x-www-form-urlencoded" name="login" target="_self" id="login">
  <table border="0">
<?php
if(isset($_POST['submit']) && isset($error)){
echo "<div class='error'>$error</div>";
} else {
echo "Hello Guest! Please login now...";
} 
?>
    <tr>
      <td>username:</td>
      <td><input type="text" name="nm" id="nm" /></td>
    </tr>
    <tr>
      <td>password:</td>
      <td><input type="text" name="pw" id="pw" /></td>
    </tr>
    <tr>
      <td> </td>
      <td><input type="submit" name="submit" id="submit" value="login now" /></td>
    </tr>
  </table>
</form>
</body>
</html>

 

2) Now its time for the homepage a.k.a 'home.php':

 

<?php
#rahul chatterjee, bilaspur, chattisgarh, india
header("Cache-control: private, no-cache");
header("Expires: Mon, 26 Jun 1997 05:00:00 GMT");
header("Pragma: no-cache");
session_start();
if(!isset($_SESSION['login'])){
$goto=header("Location: login.php");
}
//put this code on the top of the pages which you want to restrict
?>
<html>
<head>
<title>Home</title>
</head>
<body>
<?php
echo "Hello ".$_SESSION['real']."! Welcome to our site<br>";
echo "<a href='logout.php'>Logout Now!</a>";
?>
</body>
</html>

 

3) Now the logout a.k.a 'logout.php'

 

<?php
#rahul chatterjee, bilaspur, chattisgarh, india
header("Cache-control: private, no-cache");
header("Expires: Mon, 26 Jun 1997 05:00:00 GMT");
header("Pragma: no-cache");
session_start();
session_destroy();
$goto=header("Location: login.php");
?>

 

Rename the 'pass.txt' in login.php to ur storage file name and use the earmarked code on top of the homepage on pages that u wnat to restrict. And ofcourse provide logout link on all the restricted pages. Congrats now u have a complete session based login system. Enjoy!

 

Rahul Chatterjee