Easy way of setting a user authentication system on your site, that does not limit you to just ONE page. With this system, you can have pages that requre usernames/passwords for any page you like. Requirements-MySQL and PHP 4 (uses sessions) (could be easily adopted to any database, etc) If you have any questions or find an error/security bug let me know. email-webmaster@reversedpolarity.com

By : ssc955s

//code by stuart coutchie
//reversed polarity webdesign
//www.revpolar.com
//special thanks to phpbuilder.com for help on one part

//Requires all files (7 required, 2 for your info (1 is minimum, unlimited maximum) and
//a table called 'users' with three fields:
//username
//password
//color
//
//put your info you want protected in the files named pageone.php and pagetwo.php
//and link from there to other pages, just add the include stuff and you are there
//****check out the cookie if you have an error with this, (set the domain to match yours)***

//if you are having problems, check out the line marked in includedb.php and comment the whole line out
//****************************************
//save this file as
//index.php

<?php
//this uses sessions - see the php manual if you are confused on this part
session_start(); //start session
//see the php manual for the reasons on the SID part
?>
<html>
<head>
</head>
<body>

<form method="POST" action="sendto.php?<?=SID?>">

<?
//setting the error messages to match the type of error

//this message is if no username/password pair is entered
if ($error==1){
echo "<font color=\"#FF0000\" face=\"arial\" size=\"2\">";
echo "Invalid Login - Please try again";
echo "</font>";
echo "<br>";
session_destroy();
}
//this message is if the wrong username/password pair is entered
if ($error==2){
echo "<font color=\"#FF0000\" face=\"arial\" size=\"2\">";
echo "Unauthorized Access - Please Login";
echo "</font>";
echo "<br>";
session_destroy();
}

//this message is if the cookie has expired
if ($error==3){
echo "<font color=\"#FF0000\" face=\"arial\" size=\"2\">";
echo "Session has expired - Please Login";
echo "</font>";
echo "<br>";
session_destroy();
}

//setting the form now for input
?>
name:<br>
<input type="text" name="username" size="20">
<br>
password:
<br>
<input type="password" name="password" size="20">
<br>
<input type="submit" value="Submit" name="B1">
<br>
<input type="reset" value="Reset" name="B2">
</form>
</body>
</html>

//end
//****************************************
//save this file as
//sendto.php

<?php
//this file is the gateway file. dont put anything to display here, because it is meant as a reroute

session_start(); //start the session
//i used an include file for all of my db stuff, makes it a LOT easier for creating new pages
include("includedb.php");

//added this part because if someone hits submit with the username/password boxes empty, you could get in
//so i set the string length to less than two, but you can use any number you wish - its dependent
//on how long your usernames and passwords must be

$loginstr="$username"."$password";
$loginstrlen=strlen($loginstr);

if ($loginstrlen<2){

//confused on headers? see the manual
//this means - go to index.php

Header("Location: index.php");
$error = 1;
session_register("error");
}


//this part is from phpbuilder.com
if (@$username && @$password) {
$res = @mysql_query("SELECT username,password FROM $connectdb1 WHERE username='$username' AND password='$password'");
if(@mysql_num_rows($res) != 0) {
Header("Location: pageone.php");
$verified_user = $username;
$verified_userpw = $password;
session_register("verified_user");
session_register("verified_userpw");
//setting a cookie to expire in 60 seconds (you can change it)
//this will not let someone do something after a certain amount(60 seconds) of inactivity
//
//change the domain to match yours
//or else you will have problems
//dont forget to use two .'s

setcookie("time",$PHPSESSID,time()+60,"/",".mydomain.com",0);
}
else {
//if you are bad, you go back and reenter your password, mister!
Header("Location: index.php");
$error = 1;
session_register("error");
}
}
?>

//****************************************
//save this file as
//header.php

<?
session_start();
//db stuff
$connection = mysql_connect("localhost","mydb","mydb") or die ("Could not connect to the MySQL Server");
$db = mysql_select_db("mydb", $connection) or die ("Unable to select database.");
$connectdb1="users";

$res = @mysql_query("SELECT username FROM $connectdb1 WHERE username='$verified_user' AND password='$verified_userpw'");

if(@mysql_num_rows($res) == 0) {
Header("Location: index.php");
$error = 2;
session_register("error");
}

//using our good friend cookie here
$time=$HTTP_COOKIE_VARS["time"];
$timesl=strlen($time);
if($timesl<1) {
Header("Location: index.php");
$error = 3;
session_register("error");
}
//if no problems, reset the cookie to expire 60 seconds from now
//see the above file about the domain thing here
setcookie("time",$PHPSESSID,time()+60,"/",".mydomain.com",0);
?>

//****************************************
//save this file as
//includedb.php

<?
//simple db connect
//used for sendto.php

//remove this next line if you are having problems - ssc955s 6/20/2001

session_start();


$connection = mysql_connect("localhost","mydb","mydb") or die ("Could not connect to the MySQL Server");
$db = mysql_select_db("mydb", $connection) or die ("Unable to select database.");
$connectdb1="users";
?>


//****************************************
//save this file as
//pageone.php

<?php
//add the db stuff
include("header.php");

//for testing purposes, you can see what the username/password is, and i added the
//this is page one part so you can reference the page
//all of this part is unecessary
echo "this is page one";
echo "<br>Your username is: ";
echo $verified_user;
echo "<br>Your password is: ";
echo $verified_userpw;

//add your database query here
$sql1 = "SELECT color FROM $connectdb1 WHERE username=\"$verified_user\"";
$sql_result1 = mysql_query($sql1,$connection) or die ("Cant do sql1");

while ($row = mysql_fetch_object($sql_result1))
{
$color=$row->color;
}
//you can add whatever you like from this point on
?>
<br>
You did good. this is pageone.php. now go to <a href="pagetwo.php">pagetwo.php</a>
<hr>
<?
//i added a variable to output
echo $color;
?>
<hr>
<?
//adds the logout button
include ("logoutform.php");
?>




//****************************************
//save this file as
//pagetwo.php

<?php
//add the db stuff
include("header.php");

echo "i knew you could do it!";
echo "<br>";

//add your database query here
$sql1 = "SELECT color FROM $connectdb1 WHERE username=\"$verified_user\"";
$sql_result1 = mysql_query($sql1,$connection) or die ("Cant do sql1");

while ($row = mysql_fetch_object($sql_result1))
{
$color=$row->color;
}
//you can add whatever you like from this point on
?>
<br>
You did good. this is pagetwo.php. now go to <a href="pageone.php">pageone.php</a>
<hr>
<?
//i added a variable to output
echo $color;
?>
<hr>
<?
//adds the logout button
include ("logoutform.php");
?>

//****************************************
//save this file as
//logout.php

<?php
//pretty easy, you are done
//and kill all the variables
//aka hiding the evidence

session_start();
//sending you to a custom 'buh-bye' page
Header("Location: bye.php");
$verified_user = " ";
$verified_userpw = " ";
session_register("verified_user");
session_register("verified_userpw");
session_destroy();
?>




//****************************************
//save this file as
//logoutform.php

<?php
echo "
<form method=\"POST\" action=\"logout.php\">
<input type=\"submit\" value=\"Logout\">
</form>
";
?>


//****************************************
//save this file as
//bye.php

<?php
//custom 'buh-bye' page
echo "thanks for visiting";
echo "<br>";
echo "<a href=\"index.php\">Login Again</a>";
echo "<hr>";
echo "bet you would like to try to get back into page one without logging in, huh?";
echo "<br>";
echo "go ahead and try, but don't say I didn't warn you!!";
echo "<br>";
echo "<a href=\"pageone.php\">pageone.php";

?>

//thats it.
//not terribly sophisticated, but it does work
//you can combine this with other things on this site
//to develop a cool system

DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

More User Management Code Articles
More By Codewalkers

 

developerWorks - FREE Tools!

NEW! Build Web services with transport-level security using Rational Application Developer V7, Part 1: Build Web services and Web services clients Build secure Web services with transport-level security using IBM Rational Application Developer V7 and IBM WebSphere Application Server V6.1. Follow this three-part series for step-by-step instructions about how to develop Web services and clients, configure HTTP basic authentication, and configure HTTP over SSL (HTTPS). This first part of the series walks you through building a Web service for a simple calculator application. You generate and test two different types of Web services clients: a Java Platform, Enterprise Edition (Java EE) client and a stand-alone Java client. You also handle user-defined exceptions in Web services. FREE! Go There Now!

NEW! Evaluate Rational Business Developer V7.1 Visit IBM developerWorks to download a free trial version of IBM Rational Business Developer V7.1. Rational Business Developer offers rapid and simplified development of business applications and services through Enterprise Generation Language (EGL) tools, generating Java or mainframe solutions while shielding developers from technical complexities. FREE! Go There Now!

NEW! Hello World: Learn how to install and use the Rational Asset Manager Eclipse client In this tutorial, you can learn how to install and configure the IBM Rational Asset Manager Eclipse client, explore the different views in the Asset Management perspective, learn various search techniques, work with existing assets, and submit a new asset. FREE! Go There Now!

NEW! Hello World: Monitor a simple business process using WebSphere Business Monitor V6.0.2 This tutorial shows new users of IBM WebSphere Business Monitor Version 6.0.2 how to perform the "Hello World" equivalent for monitoring business process applications. It is intended to help you get familiar with the capabilities of the product. FREE! Go There Now!

NEW! IBM Rational Systems Development e-Kit As systems increase in complexity, communication between systems and software teams becomes more and more difficult. Now, there’s a way to improve product quality and communication.<br />Read the “Model Driven Systems Development” white paper to see how. Also included in this kit are more educational white papers, customer examples, tutorials, informative Webcasts, and best practices for designing, building and managing systems.<br /> FREE! Go There Now!

NEW! Info 2.0: Harnessing the power of Web 2.0 and Enterprise Mashups Listen to this webcast to get an overview of Info 2.0 and a technical demo of how to quickly build an enterprise mashup. IBM's Info 2.0 technology leverages emerging Web 2.0 technologies such as mashups, feeds, AJAX, and JSON in order to simplify assembly of information using feeds and services. Come learn about the technical elements of Info 2.0 including the Feed Generation framework, Mashup Engine, and mashup assembly components. Learn how to pull information from databases, departmental information, and the Web to create mashups critical to your company’s success. We will also discuss best practices to help you get started. FREE! Go There Now!

NEW! Project and Portfolio Management Executive Resource Kit Portfolio Management is about effectively managing portfolio value by aligning portfolio investments with business goals. This complimentary e-kit provides a collection of materials that can help you understand how IBM Rational enables and automates best practices for improved governance and clear visibility into portfolio and project performance across the entire IT project lifecycle. FREE! Go There Now!

NEW! Rational Talks to You: Scott Ambler on being agile in a global development environment Join this Rational Talks to You teleconference on December 6 at 1:00 pm ET to participate in an agile application development discussion and get your questions answered on using IBM Rational Method Composer in a distributed environment.Get your questions answered! FREE! Go There Now!

NEW! Section 508 of the U.S. Rehabilitation Act: Web accessibility compliance Because access to government information continues to be an area of concern for many U.S. citizens with disabilities, the U.S. government enacted Section 508 of the Rehabilitation Act in 2001 to ensure that government agencies create accessible Web content, enabling all citizens to access the information they need. A fully accessible Web site makes Web content accessible to all individuals, including those with disabilities, who may be accessing Web content via a variety of user agents. Common user agents include standard Web browsers, text-only browsers, assistive devices and mobile devices such as cell phones or personal digital assistants (PDAs). FREE! Go There Now!

NEW! Webcast: Eclipse: Empowering the universal platform The Eclipse community is constantly working to extend Eclipse's functionality. In this webcast, learn about some of the most important and feature-rich projects under development. From multi-language support to plug-in development, tune in to see what Eclipse is capable of now. FREE! Go There Now!

All FREE IBM® developerWorks Tools!