PHP Authentication

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
nashyboy
Forum Newbie
Posts: 14
Joined: Thu May 02, 2002 8:46 am

PHP Authentication

Post by nashyboy »

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Hi guys,

im using this script i've come across which is working nicely. However there is something that im trying to add.

The login script is this...

Code: Select all

<html>
<head>
<title>Login</title>
</head>
<body>

<div align="center"> <br>
  <strong><font color="#999999" size="7" face="Courier New, Courier, mono">A D 
  M I N I S T R A T I O N</font></strong><br>
  <br>
  <br>
  <font color="#FF8000" face="Arial, Helvetica, sans-serif"><strong>This Is A 
  Restricted Area. Please Login ...</strong></font> <br>
  <br>
  <form method="post" action="<? echo ($PHP_SELF); ?>">
    <table border=0 cols=2 width=200 cellpadding=3 cellspacing=3>
      <tr> 
        <td width=100><font color="#000080" size="2" face="Arial, Helvetica, sans-serif"> 
          User ID: </font></td>
        <td width=100> <input type="text" name="uid" size="8"> </td>
      </tr>
      <tr> 
        <td width=100><font color="#000080" size="2" face="Arial, Helvetica, sans-serif"> 
          Password: </font></td>
        <td width=100> <input type="password" name="pwd" SIZE="8"> </td>
      </tr>
     
    </table>
    <br>
    <input type="submit" name="submitlogin" value="Login">
  </form>
</div>

</body>
</htML>
which obviously redirects to the index page which has the following include file <?php include ("access_control.php"); ?>

This include file contains...


Code: Select all

<?
include ("config.php");
include ("errors.php");
include ("common.php");
include ("connect.php");


while (list($var, $val) = each ($_REQUEST))
{
IF ($var == "cookieid" AND !isset($_COOKIE[cookieid]))
{
echo ("You can not pass login parameters via GET operations.");
exit();
}
}

reset($_REQUEST);





IF (isset($_REQUEST[uid]) AND !isset($_COOKIE[cookieid]))
{
$grabuser = "SELECT recID FROM user WHERE username = '$_REQUEST[uid]' AND password = '$_REQUEST[pwd]'";
$result = @mysql_query($grabuser);
sql_query($result, "$errors[03]");

IF (@mysql_num_rows($result) == 0)
{
error ("$errors[04]");
include ("login_form.php");
exit();
}

ELSE
{
$userid = @mysql_result($result,0,"recID");
$processing_login = true;

$cookie_setter = @setcookie ("cookieid", $userid, time()+$maxlifetime);

IF (!$cookie_setter)
{
error ("$errors[05]");
}

ELSE
{
?>
<META HTTP-EQUIV=Refresh CONTENT="2; URL=index.php">
 <font color="#000080" size="2" face="Arial, Helvetica, sans-serif">Please hold one second while we process 
your login...<br>
If this page does not refresh in 3 seconds, <A HREF="index.php">click here</a>. 
<?
exit();
}

}

}


ELSE IF (!isset($_REQUEST[uid]) AND !isset($_COOKIE[cookieid]))
{
include ("login_form.php");
exit();
}



IF ($_REQUEST[action] == "logout")
{
$cookie_setter = @setcookie ("cookieid", $userid, time()-$maxlifetime);

IF (!$cookie_setter)
{
error ("$errors[05]");
}

ELSE
{
?>
</font>
<META HTTP-EQUIV=Refresh CONTENT="2; URL=index.php">
<font color="#000080" size="2" face="Arial, Helvetica, sans-serif"> Please hold one second while we log 
you out...<br>
If this page does not refresh in 3 seconds, <A HREF="index.php">click here</a>. 
</font><BR>
<BR><BR><BR>
<?
exit();
}

}

?>
Basically what im trying to do is parse the username value though to the index page, so i can say hello user: $username etc etc.

However i can't work out what code to put in on the index page.

Can someone help, it would be appreciated.

Thanks.


feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
Z3RO21
Forum Contributor
Posts: 130
Joined: Thu Aug 17, 2006 8:59 am

Post by Z3RO21 »

Well just a heads up this login script has a bunch of errors. The most prominent error would be the over use of error suppressing operates. You should also validate your inputs.
User avatar
infolock
DevNet Resident
Posts: 1708
Joined: Wed Sep 25, 2002 7:47 pm

Post by infolock »

You will want to look into Sessions

It will take a little more work, but it works nicely.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

You are also relying on register_globals being on, which you shouldn't do (and it shouldn't be).
Post Reply