Page 1 of 1

Sessions!

Posted: Wed Jun 18, 2003 7:31 pm
by Drachlen
Okay, ive been messing around with jason's session tutorial thing, and i wanted to make multiple accounts.. Here is what i came up with:

Code: Select all

<?php

session_start(); 


if ( $_POST['username'] == '1' && $_POST['password'] == '1'
	 or
   $_POST['username'] == '2' && $_POST['password'] == '2'
	 or
   $_POST['username'] == '3' && $_POST['password'] == '3' ) { 



   $_SESSION['auth'] = true; 
   $_SESSION['username'] = $_POST['username']; 
   header("Location: page5.php"); 
} else { 
   $_SESSION['auth'] = false; 
   $_SESSION['username'] = ''; 
   header("Location: page3.php"); 
} 
?>
Is there a better way of doing it? I was thinking i could just include that on each document and it will check for one, but lets say it gets to 100 or so accounts, is there any more effecient way?

Posted: Wed Jun 18, 2003 8:26 pm
by rokamortis
The way I would do it would be to use a database to store the usernames and encrypted passwords. You can use a PHP function like md5(). This solution will oneway encrypt the password.

Then instead of your if() statement with the usernames and passwords statically entered you can do something like this (assuming using MySQL)

[I was typing a small tutorial and then realized someone else already had :) ]
http://www.phpcomplete.com/tutorials.ph ... adTutorial
Note that the passwords in the tutorial are not encrypted. You would need only to change the code to be something similar to the below:
(Note - I use ... as a placekeeper as the text it replaces doesn't change)

Code: Select all

$encrypPassword = md5($password);
$query="... AND password='$encrypPassword '";
I haven't actually tested this - but I have used similar code in the past. Also note that you will need to encrypt the password when first entering the user's information into the database.

Posted: Wed Jun 18, 2003 8:35 pm
by Drachlen
I dont have access to a mysql database... I just wanted to know if it would be better to use an array rather than a bunch of 'or' statements, but i dont know how to do an array, so if it is more effective could anyone direct me?

Posted: Wed Jun 18, 2003 9:59 pm
by ayron
use a text file for look-up. make sure you encrypt the passwords!

Posted: Wed Jun 18, 2003 10:05 pm
by Drachlen
for look up? huh? That really didnt make much sense. If you mean for creating accounts, i already have that planned, i just want to know if i should use an array or not. what is so hard to understand?

Posted: Thu Jun 19, 2003 12:51 am
by corlando
i understand i think... try this script...
I would also put the php script in a seprate file and use the require_once() function so that you only have to edit one file when altering the users or script

require_once() http://us3.php.net/require_once

note: this is works but there are many other ways

Code: Select all

<?php

$user["usr1"] = "pass1";
$user["usr2"] = "pass2";
$user["usr3"] = "pass3";

if ( isset($_POST["username"]) ) {

	if ( isset($user[$_POST["username"]]) && $user[$_POST["username"]] == $_POST["password"] ) {
		echo $_POST["username"]. " is authorized ";	
	}
	else {
		echo "Yeah Right!! Keep on trying!!";
	}

}


?><html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<form name="form1" method="post" action="">
<p>
    username:
    <input name="username" type="text" id="username">
</p>
<p>password:    
  <input name="password" type="text" id="password">
</p>
<p>
  <input type="submit" name="Submit" value="Submit">
</p>
</form>
</body>
</html>