Log In Page
Moderator: General Moderators
Log In Page
What methods would I use for a simple log-in page.
- i don't need database action for multiple users, just one username and password.
- i understnad i may need to use a simple if statement for username/ password but is there any extra things i need for security?
- would I use session cookie or something to stop people from bypassing the login page?
Any help much appreciated.
Richo
- i don't need database action for multiple users, just one username and password.
- i understnad i may need to use a simple if statement for username/ password but is there any extra things i need for security?
- would I use session cookie or something to stop people from bypassing the login page?
Any help much appreciated.
Richo
I need to create the interface. I know the HTML for the form that's no problem, just a username and password text inputs.
I just don't the techniques involved with the security and the session action to stop people bypassing the login page.
Links to any useful tutorials would also be helpful. When i search i seem to always find ones that are based on databases which I don't need.
I just don't the techniques involved with the security and the session action to stop people bypassing the login page.
Links to any useful tutorials would also be helpful. When i search i seem to always find ones that are based on databases which I don't need.
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
We've already gone over that...wei wrote:If you using apache as web server, a .htaccess file will be very suitable in this case.
The Ninja Space Goat wrote:couldn't you use HTTP authentication or do you actually need to create the interface?
richo wrote:I need to create the interface. I know the HTML for the form that's no problem, just a username and password text inputs.
I just don't the techniques involved with the security and the session action to stop people bypassing the login page.
Links to any useful tutorials would also be helpful. When i search i seem to always find ones that are based on databases which I don't need.
-
d3ad1ysp0rk
- Forum Donator
- Posts: 1661
- Joined: Mon Oct 20, 2003 8:31 pm
- Location: Maine, USA
Technically, you can use HTTP Authentication WITH an html form..The Ninja Space Goat wrote:We've already gone over that...wei wrote:If you using apache as web server, a .htaccess file will be very suitable in this case.The Ninja Space Goat wrote:couldn't you use HTTP authentication or do you actually need to create the interface?richo wrote:I need to create the interface. I know the HTML for the form that's no problem, just a username and password text inputs.
I just don't the techniques involved with the security and the session action to stop people bypassing the login page.
Links to any useful tutorials would also be helpful. When i search i seem to always find ones that are based on databases which I don't need.
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
I posted the basics for a form controller here. We could expand that to do a login pretty easily with a few classes. If you see it step by step it will make sense.
(#10850)
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
Well at least some functionsWeirdan wrote:Or with no classes at all...
(#10850)
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
You can use OOP fine in PHP4. Here is the code from a previous post modified slightly for login:richo wrote:I can't use OOP if that involves PHP 5 as my server is only compatible with 4.3 or something similar.
I just need a simple login/ session methodology, i'm also interested in best practise security issues.
logintemplate.php
Code: Select all
<h1>Log-in</h1>
<p>Please enter your username and password and click Login.</p>
<span style="color:red"><?php echo implode('', $errors); ?></span>
<form action="myformpage.php" method="post">
<input type="hidden" name="submit" value="yes"/> <!-- use hidden so Enter works in IE -->
<input type="text" name="username" value=""/>
<br/>
<input type="text" name="password" value=""/>
<br/>
<input type="submit" name="login" value="Login"/>
<br/>
</form>login.php
Code: Select all
$errors = array();
// only do login check if form has been submitted
if (isset($_POST['submit'])) {
// filter the value from the form to only all letters and numbers (add any other characters you want to allow)
$username = preg_replace('/[^a-zA-Z0-9]/', '', $_POST['username']);
$password = preg_replace('/[^a-zA-Z0-9]/', '', $_POST['password']);
// check the name based on some rules and set errors if there are problems
if ($username == '') {
$errors[] = 'Please enter a username. ';
}
if ($password == '') {
$errors[] = 'Please enter a password. ';
}
if (! $errors) {
// check if username/password are valid here
// this could also easily be a database lookup
if ($username == 'abcdefg') && ($password == '1234567') {
session_start();
$_SESSION['User']['isvalid'] = 1;
$_SESSION['User']['username'] = $username;
// write and close the session before redirect
session_write_close();
// redirect to another page if all required fields are acceptable
header('Location: http://www.mysite.com/mynextpage.php');
exit(); // no more output
} else {
$errors[] = 'Invalid username and password. ';
}
}
}
// show the form if there are errors
include 'logintemplate.php';(#10850)
That looks fantastic arborint, many thanks. I guess i need to look up OOP, i didn't realise that kind of stuff was.
All the code makes sense to me other than the:
I can see what it's doing ,just don't really understand what's going in the syntax.
I'll try the page out and let you know if it works.
thanks.
All the code makes sense to me other than the:
Code: Select all
preg_replace('/[^a-zA-Z0-9]/', '',I'll try the page out and let you know if it works.
thanks.
