User Management Code

  Home arrow User Management Code arrow Authentication the Easy Way
USER MANAGEMENT CODE

Authentication the Easy Way
By: Codewalkers
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 4 stars4 stars4 stars4 stars4 stars / 5
    2002-01-18

    Table of Contents:

     
     

    SEARCH CODEWALKERS

    Easy way of setting a user authentication system on your site, that does not limit you to just ONE page. With this system, you can have pages that requre usernames/passwords for any page you like. Requirements-MySQL and PHP 4 (uses sessions) (could be easily adopted to any database, etc) If you have any questions or find an error/security bug let me know. email-webmaster@reversedpolarity.com

    By : ssc955s

    //code by stuart coutchie
    //reversed polarity webdesign
    //www.revpolar.com
    //special thanks to phpbuilder.com for help on one part

    //Requires all files (7 required, 2 for your info (1 is minimum, unlimited maximum) and
    //a table called 'users' with three fields:
    //username
    //password
    //color
    //
    //put your info you want protected in the files named pageone.php and pagetwo.php
    //and link from there to other pages, just add the include stuff and you are there
    //****check out the cookie if you have an error with this, (set the domain to match yours)***

    //if you are having problems, check out the line marked in includedb.php and comment the whole line out
    //****************************************
    //save this file as
    //index.php

    <?php
    //this uses sessions - see the php manual if you are confused on this part
    session_start(); //start session
    //see the php manual for the reasons on the SID part
    ?>
    <html>
    <head>
    </head>
    <body>

    <form method="POST" action="sendto.php?<?=SID?>">

    <?
    //setting the error messages to match the type of error

    //this message is if no username/password pair is entered
    if ($error==1){
    echo "<font color=\"#FF0000\" face=\"arial\" size=\"2\">";
    echo "Invalid Login - Please try again";
    echo "</font>";
    echo "<br>";
    session_destroy();
    }
    //this message is if the wrong username/password pair is entered
    if ($error==2){
    echo "<font color=\"#FF0000\" face=\"arial\" size=\"2\">";
    echo "Unauthorized Access - Please Login";
    echo "</font>";
    echo "<br>";
    session_destroy();
    }

    //this message is if the cookie has expired
    if ($error==3){
    echo "<font color=\"#FF0000\" face=\"arial\" size=\"2\">";
    echo "Session has expired - Please Login";
    echo "</font>";
    echo "<br>";
    session_destroy();
    }

    //setting the form now for input
    ?>
    name:<br>
    <input type="text" name="username" size="20">
    <br>
    password:
    <br>
    <input type="password" name="password" size="20">
    <br>
    <input type="submit" value="Submit" name="B1">
    <br>
    <input type="reset" value="Reset" name="B2">
    </form>
    </body>
    </html>

    //end
    //****************************************
    //save this file as
    //sendto.php

    <?php
    //this file is the gateway file. dont put anything to display here, because it is meant as a reroute

    session_start(); //start the session
    //i used an include file for all of my db stuff, makes it a LOT easier for creating new pages
    include("includedb.php");

    //added this part because if someone hits submit with the username/password boxes empty, you could get in
    //so i set the string length to less than two, but you can use any number you wish - its dependent
    //on how long your usernames and passwords must be

    $loginstr="$username"."$password";
    $loginstrlen=strlen($loginstr);

    if ($loginstrlen<2){

    //confused on headers? see the manual
    //this means - go to index.php

    Header("Location: index.php");
    $error = 1;
    session_register("error");
    }


    //this part is from phpbuilder.com
    if (@$username && @$password) {
    $res = @mysql_query("SELECT username,password FROM $connectdb1 WHERE username='$username' AND password='$password'");
    if(@mysql_num_rows($res) != 0) {
    Header("Location: pageone.php");
    $verified_user = $username;
    $verified_userpw = $password;
    session_register("verified_user");
    session_register("verified_userpw");
    //setting a cookie to expire in 60 seconds (you can change it)
    //this will not let someone do something after a certain amount(60 seconds) of inactivity
    //
    //change the domain to match yours
    //or else you will have problems
    //dont forget to use two .'s

    setcookie("time",$PHPSESSID,time()+60,"/",".mydomain.com",0);
    }
    else {
    //if you are bad, you go back and reenter your password, mister!
    Header("Location: index.php");
    $error = 1;
    session_register("error");
    }
    }
    ?>

    //****************************************
    //save this file as
    //header.php

    <?
    session_start();
    //db stuff
    $connection = mysql_connect("localhost","mydb","mydb") or die ("Could not connect to the MySQL Server");
    $db = mysql_select_db("mydb", $connection) or die ("Unable to select database.");
    $connectdb1="users";

    $res = @mysql_query("SELECT username FROM $connectdb1 WHERE username='$verified_user' AND password='$verified_userpw'");

    if(@mysql_num_rows($res) == 0) {
    Header("Location: index.php");
    $error = 2;
    session_register("error");
    }

    //using our good friend cookie here
    $time=$HTTP_COOKIE_VARS["time"];
    $timesl=strlen($time);
    if($timesl<1) {
    Header("Location: index.php");
    $error = 3;
    session_register("error");
    }
    //if no problems, reset the cookie to expire 60 seconds from now
    //see the above file about the domain thing here
    setcookie("time",$PHPSESSID,time()+60,"/",".mydomain.com",0);
    ?>

    //****************************************
    //save this file as
    //includedb.php

    <?
    //simple db connect
    //used for sendto.php

    //remove this next line if you are having problems - ssc955s 6/20/2001

    session_start();


    $connection = mysql_connect("localhost","mydb","mydb") or die ("Could not connect to the MySQL Server");
    $db = mysql_select_db("mydb", $connection) or die ("Unable to select database.");
    $connectdb1="users";
    ?>


    //****************************************
    //save this file as
    //pageone.php

    <?php
    //add the db stuff
    include("header.php");

    //for testing purposes, you can see what the username/password is, and i added the
    //this is page one part so you can reference the page
    //all of this part is unecessary
    echo "this is page one";
    echo "<br>Your username is: ";
    echo $verified_user;
    echo "<br>Your password is: ";
    echo $verified_userpw;

    //add your database query here
    $sql1 = "SELECT color FROM $connectdb1 WHERE username=\"$verified_user\"";
    $sql_result1 = mysql_query($sql1,$connection) or die ("Cant do sql1");

    while ($row = mysql_fetch_object($sql_result1))
    {
    $color=$row->color;
    }
    //you can add whatever you like from this point on
    ?>
    <br>
    You did good. this is pageone.php. now go to <a href="pagetwo.php">pagetwo.php</a>
    <hr>
    <?
    //i added a variable to output
    echo $color;
    ?>
    <hr>
    <?
    //adds the logout button
    include ("logoutform.php");
    ?>




    //****************************************
    //save this file as
    //pagetwo.php

    <?php
    //add the db stuff
    include("header.php");

    echo "i knew you could do it!";
    echo "<br>";

    //add your database query here
    $sql1 = "SELECT color FROM $connectdb1 WHERE username=\"$verified_user\"";
    $sql_result1 = mysql_query($sql1,$connection) or die ("Cant do sql1");

    while ($row = mysql_fetch_object($sql_result1))
    {
    $color=$row->color;
    }
    //you can add whatever you like from this point on
    ?>
    <br>
    You did good. this is pagetwo.php. now go to <a href="pageone.php">pageone.php</a>
    <hr>
    <?
    //i added a variable to output
    echo $color;
    ?>
    <hr>
    <?
    //adds the logout button
    include ("logoutform.php");
    ?>

    //****************************************
    //save this file as
    //logout.php

    <?php
    //pretty easy, you are done
    //and kill all the variables
    //aka hiding the evidence

    session_start();
    //sending you to a custom 'buh-bye' page
    Header("Location: bye.php");
    $verified_user = " ";
    $verified_userpw = " ";
    session_register("verified_user");
    session_register("verified_userpw");
    session_destroy();
    ?>




    //****************************************
    //save this file as
    //logoutform.php

    <?php
    echo "
    <form method=\"POST\" action=\"logout.php\">
    <input type=\"submit\" value=\"Logout\">
    </form>
    ";
    ?>


    //****************************************
    //save this file as
    //bye.php

    <?php
    //custom 'buh-bye' page
    echo "thanks for visiting";
    echo "<br>";
    echo "<a href=\"index.php\">Login Again</a>";
    echo "<hr>";
    echo "bet you would like to try to get back into page one without logging in, huh?";
    echo "<br>";
    echo "go ahead and try, but don't say I didn't warn you!!";
    echo "<br>";
    echo "<a href=\"pageone.php\">pageone.php";

    ?>

    //thats it.
    //not terribly sophisticated, but it does work
    //you can combine this with other things on this site
    //to develop a cool system
    DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

    More User Management Code Articles
    More By Codewalkers

    blog comments powered by Disqus

    USER MANAGEMENT CODE ARTICLES

    - XCRYPT v1.0b
    - DB_eSession class stores sessions in a MySQL...
    - Ever Changing Dynamic Passcode Code
    - phpAutoMembersArea - create own members area
    - Azura Signup 2.5
    - Azura Signup 2.0
    - Azura Signup
    - Flexcustomer
    - PHP Quicksite 2.0
    - PHP Quicksite 1.0
    - random string generator (key generator)
    - Example Login system
    - Simple and Easy Security
    - Basic Security
    - UMA - User Management and Authentication

    Developer Shed Affiliates

     



    © 2003-2019 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap