login feature

matt669

Hi,
I am developing a login feature using php code. I have developed a working login feature which checks a users username and password but it is not linked to a database. Idealy i would like to have a Microsoft Access database linked to it, with my users details in. I can get the databse to link up, but i could figure out the code which checks the password is correct.

Cheers,

Matt

thorpe

post what you have.

rincewind456

You can build the sql query in access then execute it with odbc_exec

matt669

<body>
<h2>Log In</h2>
<form action="login.php" method="post" name="form1">
Username: <input name="txtUsername" type="text" size="16" maxlength="16">
<br>
Password: <input name="txtPassword" type="password" size="16" maxlength="16">
<br>
<input name="btnLogin" type="submit" value="Log In">
</form>
</body>
</html>

<?php

// allows session info to be used on this page
session_start();

// if this script isn't receiving form data, exit fast
if(!isset($_POST['btnLogin']))
{	header("Location: login.htm");
	session_write_close();
	exit();
}

// gets username and password as typed into the login form
$user = $_POST['txtUsername'];
$pass = $_POST['txtPassword'];

// three users and their encrypted passwords ('fred' => 'orange', 'kiki' => 'apple', 'nic' => 'banana')
// NB this info should really be grabbed from a DB
// this example code cheats by defining the values below
$aValidUsers = array(
	'test' => '$1$j9/.w5/.$3sF1oiio7R02xgQxKO/Oq0',
);

// only checks the password if the user exists
if(isset($aValidUsers[$user]))
{	// checks to see if the username/password pair is valid
	// by encrypting the password and comparing against the real encrypted password
	$sEncryptedPassword = $aValidUsers[$user];
	if(crypt($pass, $sEncryptedPassword) == $sEncryptedPassword)
	{	// if we have logged on successfully, remembers the user's name as a session variable
		$_SESSION['user'] = $user;
		header("Location: protected.php");
		session_write_close();
		exit();
	}
}

header("Location: login.htm");
session_write_close();

// closes the recordset, frees up resources, kills all traces
$rsMain->Close();
$rsMain->Release();
$rsMain = null;

// closes the connection, frees up resources, kills all traces
$adoCon->Close();
$adoCon = null;

protected.php - where protected information will be kept

<?php
// allows session info to be used on this page
session_start();

// if there is no user session info, exit fast
if(!isset($_SESSION['user']))
{	header("Location: login.htm");
	session_write_close();
	exit();
}

<html>
<head>
<title>Password Protected Content</title>
</head>

<body>
<h2>Password Protected Content</h2>

<?php
// reports session info
echo "Hello " . $_SESSION['user'];
echo "<br>[Session ID is " . session_id() . "]";

// closes down session activity for the rest of this script
session_write_close();

// ... any more PHP code here ...

</body>
</html>

Logout.php - log out feature

<?php
// allows session info to be used on this page
session_start();

// if there is no user session info, exit fast
if(!isset($_SESSION['user']))
{	header("Location: login.htm");
	session_write_close();
	exit();
}

$user = $_SESSION['user'];
unset($_SESSION['user']);
session_write_close();

<body>
<h2>You have logged out</h2>

<?php
// reports session info
echo "Good bye " . $user;
?>

</body>
</html>

This could works as a simple log on screen, but i really want to connect a database and do the system that way.

Cheers.

matt