Planing Help

Vbabiy

Hello All I am very new to php. What i am looking for is a way that i can password protect a few pages. Would would i need to do. Would i have to do cookie? Well here how i want it setup:

There will be a few user the user will be given user name and password of my chioce.

So what i am try to find out what will i need to have setup For this to Work.

Sorry i am very New... So Please be Kinda 🙂
Thanks for all input..

robert_w_ark

Well you can always try this out to help you learn.. This is quite an advanced script for a person introduced to PHP. But - Maybe you can follow it 🙂

Heres the first way to only allow a certain user to login (predefined username & password)

<?php
session_start();

function clean($data)
{
  return htmlspecialchars(addslashes($data));
}

if($_SESSION['is_logged_in'] == false)
{
  if((!isset($_POST['username']) || empty($_POST['username'])) || (!isset($_POST['password']) || empty($_POST['password'])))
  {
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
Username: <input type="text" name="username"><br/>
Password: <input type="password" name="password"><br/>
<input type="submit" value="Login">
</form>
<?php
  }
  else
  {
    $allowedusername = "Member"; // Allowed username to login with
    $allowedpassword = "Password"; // Allowed password to login with
    $username = clean($_POST['username']);
    $password = clean($_POST['password']);
    if($username == $allowedusername && $password == $allowedpassword)
    {
      $_SESSION['is_logged_in'] = true;
      echo "You are now logged in.";
    }
    else
    {
      $_SESSION['is_logged_in'] = false;
      echo "Invalid Login.";
    }
  }
}
else
{
  echo "You are already logged in.";
}
?>

or you can use MySQL to keep track of multiple users without using large arrays..

<?php
session_start();

// Lets connect to mysql - You might want to read a few tutorials on how to connect and create databases.
$mysql_host = "localhost";
$mysql_user = "username";
$mysql_password = "password";
$mysql_database = "database";
$mysql_members_table = "members";

function clean($data)
{
  return htmlspecialchars(addslashes($data));
}

function draw_form()
{
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>?action=login">
Username: <input type="text" name="username"><br/>
Password: <input type="password" name="password"><br/>
<input type="submit" value="Login">
</form>
<?php
}

function login()
{
  if((!isset($_POST['username']) || empty($_POST['username'])) || (!isset($_POST['password']) || empty($_POST['password'])))
  {
    draw_form();
  }
  else
  {
    $username = clean($_POST['username']);
    $password = clean($_POST['password']); // or you can use $password = md5($_POST['password']) if you plan on using encryption.
    $query = mysql_query("SELECT * FROM $mysql_members_table WHERE username='".$username."' AND password = '".$password."'") or die(mysql_error());
    if(mysql_num_rows($query) == 1)
    {
      $_SESSION['username'] = $username;
      $_SESSION['password'] = $password;
      echo "You are now logged in.";
    }
    else
    {
      session_destroy();
      echo "Invalid username OR password.";
    }
  }
}

function logout()
{
  if(isset($_SESSION['username']) && isset($_SESSION['password']))
  {
    session_destroy();
    echo "You are now logged out.";
  }
  else
  {
    echo "You are not logged in.";
  }
}

switch(clean($_GET['action']))
{
  case "login":
    login();
    break;
  case "logout":
    logout();
    break;
  default:
    login();
    break;
}
?>

Have fun and good luck 🙂

Vbabiy

Hey robert_w_ark thanks so much for the code that is exactly what i need. Now i can wirte my own code comparing to yours. I really am thank full for your help.

Vbabiy

Hey i got another question... How would set this up. Well now that i can get a lgoin in going. How do it so that some cant just copy the url of the page they were try to lgoin in to and go there. So if they do try to do that they would have to login in all over again?

Thanks

Vbabiy

Ok. I got a few qestion when i am try to make a database connection. Would this be right?

function login() 
{ 

  if((!isset($_POST['username']) || empty($_POST['username'])) || (!isset($_POST['password']) || empty($_POST['password']))) 
  { 
    draw_form(); 
  } 
  else 
  { 
global $mysql_database; 
global $mysql_members_table;
$db = mysql_connect($mysql_host, $mysql_user, $mysql_password,$mysql_database);
mysql_select_db($mysql_database,$db); 

$username = clean($_POST['username']); 
$password = clean($_POST['password']); // or you can use $password = md5($_POST['password']) if you plan on using encryption. 


$query = mysql_query("SELECT * FROM $mysql_members_table WHERE username='".$username."' AND password = '".$password."'") or die(mysql_error()); 
//echo $query;
if(mysql_num_rows($query) == 1) 
{ 
  $_SESSION['username'] = $username; 
  $_SESSION['password'] = $password; 
  echo "You are now logged in."; 
} 
else 
{ 
  session_destroy(); 
  echo "Invalid username OR password."; 
} 
  } 
}

but it keeps on saying no database selected. ??
and ideas