PhpDig.net - View Single Post

Charter · 04-13-2004, 01:06 PM

Hi. There are several ways to authenticate users: cookie, session, database, or some combination of these. Each method has some plus or minus to it, but maybe for starters a cookie authentication might be helpful. For every page that you want to protect, just include the script below as the first thing in the page.

If you would rather use sessions, there are some examples here. When your skills improve, you might consider using a combination of methods along with SSL, depending on whether you are looking for more security. The below example offers a basic authentication, and there is a logout script too, both of which you should put to the test.

PHP Code:


			
<?php



// basic cookie authentication



@ini_set("magic_quotes_sybase","0");

$testaccess = 0;



if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['entrance'])) {



    $username = $_POST['username'];

    $password = $_POST['password'];



    if (!get_magic_quotes_gpc()) {

        $username = addslashes($username);

        $password = addslashes($password);

    }



    $query = mysql_query("SELECT 1 FROM users WHERE login='$username' and password='$password'");



    if (mysql_num_rows($query) == 1) {

        $testaccess = 1;

        $cookieinfo = $username.":".$password.":".rand();

        $cookievals = base64_encode($cookieinfo);

        setcookie("classmates", $cookievals, time()+3600);

    }

    else {

        header("Location: http://www.domain.com/login.html");

        exit;

    }



}

elseif (isset($_COOKIE['classmates'])) {



    $classmates = $_COOKIE['classmates'];



    $cookievals = base64_decode($classmates);

    $cookievals = explode(":", $cookievals);



    $username = addslashes(stripslashes($cookievals[0]));

    $password = addslashes(stripslashes($cookievals[1]));



    $query = mysql_query("SELECT 1 FROM users WHERE login='$username' and password='$password'");



    if(mysql_num_rows($query) == 1) {

        $testaccess = 1;

    }

    else {

        header("Location: http://www.domain.com/login.html");

        exit;

    }



}



if ($testaccess == 0) {

    header("Location: http://www.domain.com/login.html");

    exit;

}



// protected page content here



?>

PHP Code:


			
<?php



// basic cookie logout



setcookie("classmates", "", time()-3600);

header("Location: http://www.domain.com/logout.html");

exit;



?>

Remember to remove any "word" wrapping from the above code.

04-13-2004, 01:06 PM	#2
Charter Head Mole Join Date: May 2003 Posts: 2,539	Hi. There are several ways to authenticate users: cookie, session, database, or some combination of these. Each method has some plus or minus to it, but maybe for starters a cookie authentication might be helpful. For every page that you want to protect, just include the script below as the first thing in the page. If you would rather use sessions, there are some examples here. When your skills improve, you might consider using a combination of methods along with SSL, depending on whether you are looking for more security. The below example offers a basic authentication, and there is a logout script too, both of which you should put to the test. PHP Code: <?php // basic cookie authentication @ini_set("magic_quotes_sybase","0"); $testaccess = 0; if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['entrance'])) { $username = $_POST['username']; $password = $_POST['password']; if (!get_magic_quotes_gpc()) { $username = addslashes($username); $password = addslashes($password); } $query = mysql_query("SELECT 1 FROM users WHERE login='$username' and password='$password'"); if (mysql_num_rows($query) == 1) { $testaccess = 1; $cookieinfo = $username.":".$password.":".rand(); $cookievals = base64_encode($cookieinfo); setcookie("classmates", $cookievals, time()+3600); } else { header("Location: http://www.domain.com/login.html"); exit; } } elseif (isset($_COOKIE['classmates'])) { $classmates = $_COOKIE['classmates']; $cookievals = base64_decode($classmates); $cookievals = explode(":", $cookievals); $username = addslashes(stripslashes($cookievals[0])); $password = addslashes(stripslashes($cookievals[1])); $query = mysql_query("SELECT 1 FROM users WHERE login='$username' and password='$password'"); if(mysql_num_rows($query) == 1) { $testaccess = 1; } else { header("Location: http://www.domain.com/login.html"); exit; } } if ($testaccess == 0) { header("Location: http://www.domain.com/login.html"); exit; } // protected page content here ?> PHP Code: `<?php // basic cookie logout setcookie("classmates", "", time()-3600); header("Location: http://www.domain.com/logout.html"); exit; ?>` Remember to remove any "word" wrapping from the above code. __________________ Responses are offered on a voluntary if/as time is available basis, no guarantees. Double posting or bumping threads will not get your question answered any faster. No support via PM or email, responses not guaranteed. Thank you for your comprehension.