PhpDig.net

Go Back   PhpDig.net > General Forums > Coding & Tutorials

Reply
 
Thread Tools
Old 04-12-2004, 09:56 PM   #1
tanbou1
Green Mole
 
Join Date: Apr 2004
Posts: 1
Session Newbie

I am completely new to PHP. I am trying to create a project for myself in which to learn. I have modified a free authentication script to create a small site where my old high school classmates can get contact information and current events. I have everything working but cannot figure out how and where to place the PHP to make session handling work. I want it so that people aren't having to log over and over during the same visit. i've tried every concievable means i can think of to get this to work and it's not happening. any assistance would be much appreciated.

The way my scripts work are this:

User logs in here in this html page:

<HTML>
<HEAD>
<TITLE>UNTITLED</TITLE>
</HEAD>
<LINK href="authorize.css" type=text/css rel=stylesheet>
<script src=scripts.js></script>
<BODY>
<br><br><br>
Entrance for registered users, they will be refered to page haha.htm<br>
<form action=login.php method=post>
<input type=hidden name=entrance>
Login<input type=text name=username>
Password<input type=password name=password>
<input type=submit value=Enter class=button1>
</form>
<tr>
<td>
</BODY>
</HTML>



The user is then sent to this php login page. This page handles many functions of the site updating user data, adding users ect...this particular function being signed into is to display all entries in the database:



<LINK href="authorize.css" type=text/css rel=stylesheet>
<script src=scripts.js></script>
<?
require("setup.php");

$link=mysql_connect("", "$dblog", "$dbpass");
if (!$link) die ("Couldn't connect to MySQL");
mysql_select_db("$admin_db",$link) or die (mysql_error(). " : ".mysql_errno());



$referer=getenv("HTTP_REFERER");
if (!ereg("^$admin_url_tmp",$referer))
{
echo "<br><br><br><blockquote><p>Please, enter from <a href=$admin_url>$admin_url</a></p></blockquote>";
exit;
}


mt_srand(time()); //obiazatel'no, inache ne rabotaet r****mally
$result = mt_rand(1, 10000)/7; // disable cache



// to update user data
if (isset($enter))
{
include ('header.inc');
include("enter.php");
}

//to enter to display database page
if (isset($entrance))
{
include("entrance.php");
}


//to add user
if (isset($adduser))
{
include ('header.inc');
include ("adduser.php");
}



if (isset($show)) //show or remove users
{
if (($admin_login !=$admin_login_compare) || ($admin_password !=$admin_password_compare))
{ print "<br><br><br><blockquote><p>You are not authorized for this action. You must first make a username and password.</p></blockquote>" ; exit; }
else
include("showusers.php");
}


if (isset($forgotlogin))
{
include ('header.inc');
include ("forgotlogin.php");
}

?>



They are in turn sent to this script:



<?

$sql = "SELECT *FROM users WHERE login='$username' and password='$password'";
$result = mysql_query($sql) or die("Couldn't execute query.");
$num = mysql_numrows($result);

if ($num == 1) {

$day1=date(d);
$month1=date(m);
$year1=date(Y);
$last_date1=$year1."-".$month1."-".$day1;


$lstdate = "update users set last_date='$last_date1' where login='$username'";
$tmp = mysql_query($lstdate) or die("Couldn't execute query");


echo "Hello, $username<br>";
include ("$admin_page");

}

else if ($num == 0) {

echo "You are not authorized!"; // if user not exist

}
// exit;


?>
tanbou1 is offline   Reply With Quote
Old 04-13-2004, 02:06 PM   #2
Charter
Head Mole
 
Charter's Avatar
 
Join Date: May 2003
Posts: 2,539
Hi. There are several ways to authenticate users: cookie, session, database, or some combination of these. Each method has some plus or minus to it, but maybe for starters a cookie authentication might be helpful. For every page that you want to protect, just include the script below as the first thing in the page.

If you would rather use sessions, there are some examples here. When your skills improve, you might consider using a combination of methods along with SSL, depending on whether you are looking for more security. The below example offers a basic authentication, and there is a logout script too, both of which you should put to the test.
PHP Code:
<?php

// basic cookie authentication

@ini_set("magic_quotes_sybase","0");
$testaccess 0;

if (isset(
$_POST['username']) && isset($_POST['password']) && isset($_POST['entrance'])) {

    
$username $_POST['username'];
    
$password $_POST['password'];

    if (!
get_magic_quotes_gpc()) {
        
$username addslashes($username);
        
$password addslashes($password);
    }

    
$query mysql_query("SELECT 1 FROM users WHERE login='$username' and password='$password'");

    if (
mysql_num_rows($query) == 1) {
        
$testaccess 1;
        
$cookieinfo $username.":".$password.":".rand();
        
$cookievals base64_encode($cookieinfo);
        
setcookie("classmates"$cookievalstime()+3600);
    }
    else {
        
header("Location: http://www.domain.com/login.html");
        exit;
    }

}
elseif (isset(
$_COOKIE['classmates'])) {

    
$classmates $_COOKIE['classmates'];

    
$cookievals base64_decode($classmates);
    
$cookievals explode(":"$cookievals);

    
$username addslashes(stripslashes($cookievals[0]));
    
$password addslashes(stripslashes($cookievals[1]));

    
$query mysql_query("SELECT 1 FROM users WHERE login='$username' and password='$password'");

    if(
mysql_num_rows($query) == 1) {
        
$testaccess 1;
    }
    else {
        
header("Location: http://www.domain.com/login.html");
        exit;
    }

}

if (
$testaccess == 0) {
    
header("Location: http://www.domain.com/login.html");
    exit;
}

// protected page content here

?>
PHP Code:
<?php

// basic cookie logout

setcookie("classmates"""time()-3600);
header("Location: http://www.domain.com/logout.html");
exit;

?>
Remember to remove any "word" wrapping from the above code.
__________________
Responses are offered on a voluntary if/as time is available basis, no guarantees. Double posting or bumping threads will not get your question answered any faster. No support via PM or email, responses not guaranteed. Thank you for your comprehension.
Charter is offline   Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Indexing Password Protected pages (using session variables) apetersen How-to Forum 1 03-27-2007 05:18 AM
Indexing cookie/session authenticated pages tester Troubleshooting 10 08-18-2004 10:57 AM
Version 1.8.0 and session IDs & links Charter Mod Submissions 0 01-21-2004 04:04 PM
getting past session protected pages theverychap How-to Forum 4 12-03-2003 06:18 AM


All times are GMT -8. The time now is 02:21 AM.


Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright © 2001 - 2005, ThinkDing LLC. All Rights Reserved.