Easy way of setting a user authentication system on your site, that does not limit you to just ONE page. With this system, you can have pages that requre usernames/passwords for any page you like. Requirements-MySQL and PHP 4 (uses sessions) (could be easily adopted to any database, etc) If you have any questions or find an error/security bug let me know. email-webmaster@reversedpolarity.com
By : ssc955s
//code by stuart coutchie
//reversed polarity webdesign
//www.revpolar.com
//special thanks to phpbuilder.com for help on one part
//Requires all files (7 required, 2 for your info (1 is minimum, unlimited maximum) and
//a table called 'users' with three fields:
//username
//password
//color
//
//put your info you want protected in the files named pageone.php and pagetwo.php
//and link from there to other pages, just add the include stuff and you are there
//****check out the cookie if you have an error with this, (set the domain to match yours)***
//if you are having problems, check out the line marked in includedb.php and comment the whole line out
//****************************************
//save this file as
//index.php
<?php
//this uses sessions - see the php manual if you are confused on this part
session_start(); //start session
//see the php manual for the reasons on the SID part
?>
<html>
<head>
</head>
<body>
<form method="POST" action="sendto.php?<?=SID?>">
<?
//setting the error messages to match the type of error
//this message is if no username/password pair is entered
if ($error==1){
echo "<font color=\"#FF0000\" face=\"arial\" size=\"2\">";
echo "Invalid Login - Please try again";
echo "</font>";
echo "<br>";
session_destroy();
}
//this message is if the wrong username/password pair is entered
if ($error==2){
echo "<font color=\"#FF0000\" face=\"arial\" size=\"2\">";
echo "Unauthorized Access - Please Login";
echo "</font>";
echo "<br>";
session_destroy();
}
//this message is if the cookie has expired
if ($error==3){
echo "<font color=\"#FF0000\" face=\"arial\" size=\"2\">";
echo "Session has expired - Please Login";
echo "</font>";
echo "<br>";
session_destroy();
}
//setting the form now for input
?>
name:<br>
<input type="text" name="username" size="20">
<br>
password:
<br>
<input type="password" name="password" size="20">
<br>
<input type="submit" value="Submit" name="B1">
<br>
<input type="reset" value="Reset" name="B2">
</form>
</body>
</html>
//end
//****************************************
//save this file as
//sendto.php
<?php
//this file is the gateway file. dont put anything to display here, because it is meant as a reroute
session_start(); //start the session
//i used an include file for all of my db stuff, makes it a LOT easier for creating new pages
include("includedb.php");
//added this part because if someone hits submit with the username/password boxes empty, you could get in
//so i set the string length to less than two, but you can use any number you wish - its dependent
//on how long your usernames and passwords must be
$loginstr="$username"."$password";
$loginstrlen=strlen($loginstr);
if ($loginstrlen<2){
//confused on headers? see the manual
//this means - go to index.php
Header("Location: index.php");
$error = 1;
session_register("error");
}
//this part is from phpbuilder.com
if (@$username && @$password) {
$res = @mysql_query("SELECT username,password FROM $connectdb1 WHERE username='$username' AND password='$password'");
if(@mysql_num_rows($res) != 0) {
Header("Location: pageone.php");
$verified_user = $username;
$verified_userpw = $password;
session_register("verified_user");
session_register("verified_userpw");
//setting a cookie to expire in 60 seconds (you can change it)
//this will not let someone do something after a certain amount(60 seconds) of inactivity
//
//change the domain to match yours
//or else you will have problems
//dont forget to use two .'s
setcookie("time",$PHPSESSID,time()+60,"/",".mydomain.com",0);
}
else {
//if you are bad, you go back and reenter your password, mister!
Header("Location: index.php");
$error = 1;
session_register("error");
}
}
?>
//****************************************
//save this file as
//header.php
<?
session_start();
//db stuff
$connection = mysql_connect("localhost","mydb","mydb") or die ("Could not connect to the MySQL Server");
$db = mysql_select_db("mydb", $connection) or die ("Unable to select database.");
$connectdb1="users";
$res = @mysql_query("SELECT username FROM $connectdb1 WHERE username='$verified_user' AND password='$verified_userpw'");
if(@mysql_num_rows($res) == 0) {
Header("Location: index.php");
$error = 2;
session_register("error");
}
//using our good friend cookie here
$time=$HTTP_COOKIE_VARS["time"];
$timesl=strlen($time);
if($timesl<1) {
Header("Location: index.php");
$error = 3;
session_register("error");
}
//if no problems, reset the cookie to expire 60 seconds from now
//see the above file about the domain thing here
setcookie("time",$PHPSESSID,time()+60,"/",".mydomain.com",0);
?>
//****************************************
//save this file as
//includedb.php
<?
//simple db connect
//used for sendto.php
//remove this next line if you are having problems - ssc955s 6/20/2001
session_start();
$connection = mysql_connect("localhost","mydb","mydb") or die ("Could not connect to the MySQL Server");
$db = mysql_select_db("mydb", $connection) or die ("Unable to select database.");
$connectdb1="users";
?>
//****************************************
//save this file as
//pageone.php
<?php
//add the db stuff
include("header.php");
//for testing purposes, you can see what the username/password is, and i added the
//this is page one part so you can reference the page
//all of this part is unecessary
echo "this is page one";
echo "<br>Your username is: ";
echo $verified_user;
echo "<br>Your password is: ";
echo $verified_userpw;
//add your database query here
$sql1 = "SELECT color FROM $connectdb1 WHERE username=\"$verified_user\"";
$sql_result1 = mysql_query($sql1,$connection) or die ("Cant do sql1");
while ($row = mysql_fetch_object($sql_result1))
{
$color=$row->color;
}
//you can add whatever you like from this point on
?>
<br>
You did good. this is pageone.php. now go to <a href="pagetwo.php">pagetwo.php</a>
<hr>
<?
//i added a variable to output
echo $color;
?>
<hr>
<?
//adds the logout button
include ("logoutform.php");
?>
//****************************************
//save this file as
//pagetwo.php
<?php
//add the db stuff
include("header.php");
echo "i knew you could do it!";
echo "<br>";
//add your database query here
$sql1 = "SELECT color FROM $connectdb1 WHERE username=\"$verified_user\"";
$sql_result1 = mysql_query($sql1,$connection) or die ("Cant do sql1");
while ($row = mysql_fetch_object($sql_result1))
{
$color=$row->color;
}
//you can add whatever you like from this point on
?>
<br>
You did good. this is pagetwo.php. now go to <a href="pageone.php">pageone.php</a>
<hr>
<?
//i added a variable to output
echo $color;
?>
<hr>
<?
//adds the logout button
include ("logoutform.php");
?>
//****************************************
//save this file as
//logout.php
<?php
//pretty easy, you are done
//and kill all the variables
//aka hiding the evidence
session_start();
//sending you to a custom 'buh-bye' page
Header("Location: bye.php");
$verified_user = " ";
$verified_userpw = " ";
session_register("verified_user");
session_register("verified_userpw");
session_destroy();
?>
//****************************************
//save this file as
//logoutform.php
<?php
echo "
<form method=\"POST\" action=\"logout.php\">
<input type=\"submit\" value=\"Logout\">
</form>
";
?>
//****************************************
//save this file as
//bye.php
<?php
//custom 'buh-bye' page
echo "thanks for visiting";
echo "<br>";
echo "<a href=\"index.php\">Login Again</a>";
echo "<hr>";
echo "bet you would like to try to get back into page one without logging in, huh?";
echo "<br>";
echo "go ahead and try, but don't say I didn't warn you!!";
echo "<br>";
echo "<a href=\"pageone.php\">pageone.php";
?>
//thats it.
//not terribly sophisticated, but it does work
//you can combine this with other things on this site
//to develop a cool system
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
More User Management Code Articles
More By Codewalkers
 developerWorks - FREE Tools!
|
Hear how IBM Rational Project and Portfolio Management integrated solutions help teams put the right tools and processes in place to maximize the effectiveness and efficiency of project teams and ensure that the business vision is being executed correctly. Learn how to automate and integrate requirements prioritization, top-down project planning, communications and controls, and methodology deployment to keep your scope, costs, and schedules under control. Tackle with an end-to-end approach the management of scope and scope changes, usage of methodology to control and empower project teams, and optimization of resources to align activity costs with the overall project plan.
FREE! Go There Now!
|
|
|
|
David Barnes, Lead Evangelist for IBM Emerging Internet Technologies will discuss aspects of Web 2.0 that bring value to corporations, academia, and government. He'll also discuss IBM's vision around Web 2.0, including the importance of remixability and consumability. The discussion will culminate with examples of various IBM Software Group solutions you can use to get ahead of the Web 2.0 adoption curve.
FREE! Go There Now!
|
|
|
|
Download a free trial version of IBM Rational Software Analyzer Developer Edition V7.0 to identify bug defects earlier in the software development cycle. Rational Software Analyzer is an extensible software development solution that reduces the expense of bug-fixes by enabling static analysis code reviews and bug identification very early in the development cycle.
FREE! Go There Now!
|
|
|
|
In this tutorial, you can learn how to install and configure the IBM Rational Asset Manager Eclipse client, explore the different views in the Asset Management perspective, learn various search techniques, work with existing assets, and submit a new asset.
FREE! Go There Now!
|
|
|
|
This whitepaper provides areas to consider when evaluating any software configuration management solution. It addresses how the IBM solutions (Rational ClearCase and Rational ClearQuest) meet the needs and requirements of both project leaders and developers to provide successful Software Change and Configuration Management.
FREE! Go There Now!
|
|
|
|
Regression testing -- in which code is thoroughly tested to ensure that changes have not produced unexpected results -- is an important part of any development process. But many testing environments neglect the terminal-based applications that still form the backbone of many industries. In this tutorial, you'll learn how the Rational Functional Tester Extension for Terminal-Based Applications works with other Rational Functional Tester to help test terminal-based applications quickly and easily.
FREE! Go There Now!
|
|
|
|
Get a free trial download of IBM Lotus Forms V3.0 (formerly Workplace Forms), which provides a zero-footprint eForms solution to help you automate and move forms-based business processes off the desktop and onto the Web. With Lotus Forms, you can extend applications beyond the firewall by creating a single electronic form document ready for use in both thick and Web 2.0 thin client format.
FREE! Go There Now!
|
|
|
|
Visit IBM developerWorks to try the IBM SOA Sandbox for process. The SOA Sandbox for process focuses on providing a trial environment with the necessary tooling and components required to gain a better understanding of business processes and how to best improve existing business processes to derive value quickly.
FREE! Go There Now!
|
|
|
|
Attend this launch webcast with Scott Hebner, Vice President of IBM Rational Marketing and Strategy, where he will overview Rational’s new offerings and programs to help customers accelerate software innovation on System z. He will discuss how these solutions help organizations extend their core business processes toward modern architectures such as SOA and web technologies to deliver business improvements that stand the test of time.
FREE! Go There Now!
|
|
|
|
Join the IBM Watchfire team for an informative discussion on techniques and best practices to proactively manage Web application security and how to effectively build application security testing into the software development lifecycle (SDLC). In this Software Delivery Platform webcast you will learn: How to better understand potential web application security vulnerabilities, best practices and how to effectively integrate application security testing into the software development lifecycle, the importance of detecting and removing software vulnerabilities during application development.
FREE! Go There Now!
|
|
|
|
All FREE IBM® developerWorks Tools!
|
/ 2 
