[Tut] Simple Multi User Login

BenHughes · 16-07-2008, 02:17 PM

Nice tut.

With aloha,
Ben Hughes.

Tom-Brown · 22-07-2008, 07:11 PM

Looks great had a quick scim through, all seems right and is a very good flat file system

Tom-743 · 27-07-2008, 08:40 PM

As pointed out, if you use cookies they can easily be forged. I would use PHP sessions because they are server side so no one can edid/forge them. So the code for login.php would be;

PHP Code:


<?php
session_start()
if ($_SERVER['REQUEST_METHOD']=="POST"){

// Get UserNames and Passwords.
$Logi = file("users/log.txt");
// Work out how many there are
$size = sizeof($Logi);
// Break appart passwords and usernames
foreach($Logi as $Key => $Val)
{ $Data[$Key] = explode("||", $Val); }
// run threw list and see if any match
for($K = 0; $K<$size; $K++)
{
$user = $Data[$K][0];
$pass =  $Data[$K][1];
// If match set cookie and redirect.
if ($user == trim(addslashes($_POST["user"])) && $pass == trim(addslashes($_POST["pass"])) )
{
$_SESSION['username'] = addslashes ( $user );
$_SESSION['password'] = addslashes ( md5 ( $pass ) );
 // Start hidden page
 header("Location: http://website.com/hidden.php");
}
}
 echo "Login Failed.";

// If you didnt log in show login form
} else { ?>
<div style="width:250px">
<div><strong>Simple Login</strong></div>
<div><form name="Login" method="post" action="<?=$_SERVER['PHP_SELF'];?>">
Username:
<input name="user" type="text" >
<br>
Password:
<input name="pass" type="password" >
<br>
<input type="submit" name="Submit" value="Submit">
</form>
</div></div>
<?php
}
?>

Then for any pages you want to be protected add this to the top;

PHP Code:


<?php
session_start();
if ( !isset ( $_SESSION['username'] ) || !isset ( $_SESSION['username'] ) ) {
die ( "You need to login to view this page" );
}
?>

Excellent1 · 27-07-2008, 09:24 PM

For pages that only users can view once logged in why not just do.

PHP Code:


<?php
session_start();
include 'config.php';
if($logged[id] {
echo 'blah blah blah';
} else {
echo 'You need to log in to view that sir!';
}
}
?>

Invent · 27-07-2008, 09:28 PM

Excellent, where is $logged defined? As its not in any part of the tutorial..? Do you know what that code actually does? lol.

Excellent1 · 27-07-2008, 09:32 PM

Originally Posted by Invent

Excellent, where is $logged defined? As its not in any part of the tutorial..? Do you know what that code actually does? lol.

Edit the file, define it, would be much easier as new people to coding don't usually know how to use sessions.

Invent · 27-07-2008, 09:33 PM

But they'd know how to set up MySQL queries, get the results of the query, etc? :S (Which is what I assumed $logged would be - the result of a mysql query).

Excellent1 · 27-07-2008, 09:36 PM

Originally Posted by Invent

But they'd know how to set up MySQL queries, get the results of the query, etc? :S (Which is what I assumed $logged would be - the result of a mysql query).

For multi user login it would be much easier if they just zapped it from a query as you said.

PHP Code:


$logged = mysql_query("SELECT * FROM `members` WHERE `id` = '$_SESSION[id]' AND `password` = '$_SESSION[password]'");
$fetchA = mysql_fetch_array($logged);

Then all they have to do is grab it from a config file and use $logged[id] and can pretty much use that for everything.

Invent · 27-07-2008, 10:37 PM

But this tutorial is all about flat-files and the code you posted would use $fetchA not $logged for the if statement in your previous post -.-

~~iTech~~ · 27-07-2008, 10:54 PM

Originally Posted by Invent

But this tutorial is all about flat-files and the code you posted would use $fetchA not $logged for the if statement in your previous post -.-

You're such a great mod! (assisting)
Bumping a 2 year old thread.

Thread: [Tut] Simple Multi User Login

Thread Tools

Posting Permissions