adding user authentication

msimonds

I hope this post makes sense and I apologize if I try and confuse anyone!

I am writing a small CMS for a preschool that my wife teaches at and have so far created the backend (admin) area. I never took into consideration that they would acutally like to start a website, I thought that they were just going to use this on localhost.

What I want to know if anyone knows of any good tutorials on how to add a user authentication via sessions. I have searched Google and found some, even here, but they are either outdated or incomplete.

So far the best example that I can find is this script for the login:

<?php
// we must never forget to start the session
session_start();

$errorMessage = '';
if (isset($_POST['user']) && isset($_POST['password'])) {
    include 'include/config.php';
    include 'include/opendb.php';

$user   = $_POST['user'];
$password = $_POST['password'];

// check if the user id and password combination exist in database
$sql = "SELECT id
        FROM users
        WHERE id = '$user' AND password = md5('$password')";
//echo $sql;
$result = mysql_query($sql) or die('Query failed. ' . mysql_error());

if (mysql_num_rows($result) == 1) {
    // the user id and password match,
    // set the session
    $_SESSION['db_is_logged_in'] = true;

    // after login we move to the main page
    header("Location: main.php");
    exit;

} else {
    $errorMessage = 'Sorry, wrong user id / password';
}

include 'include/closedb.php';
}
?>
<html>
<head>
<title>Basic Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<?php
if ($errorMessage != '') {
?>
<p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p>
<?php
}
?>
<form action="login.php" method="post" name="frmLogin" id="frmLogin">
 <table width="400" border="1" align="center" cellpadding="2" cellspacing="2">
  <tr>
   <td width="150">User Id</td>
   <td><input name="user" type="text" id="user"></td>
  </tr>
  <tr>
   <td width="150">Password</td>
   <td><input name="password" type="password" id="password"></td>
  </tr>
  <tr>
   <td width="150">&nbsp;</td>
   <td><input name="btnLogin" type="submit" id="btnLogin" value="Login"></td>
  </tr>
 </table>
</form>
</body>
</html>

but when use this on localhost, it does not redirect to the main.php:

<?php
// like i said, we must never forget to start the session
session_start();

// is the one accessing this page logged in or not?
if (!isset($_SESSION['db_is_logged_in']) || $_SESSION['db_is_logged_in'] !== true) {
    // not logged in, move to login page
    header('Location: login.php');
    exit;
}

?>
<html>
<head>
<title>Main User Page</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<p>This is the main application page. You are free to play around here since you
 are an autenthicated user :-) </p>
<p>&nbsp;</p>
<p><a href="logout.php">Logout</a> </p>
</body>
</html>

this testing is on localhost

that is why I am looking for either guidance or better tutorials

Again, I hope that this does not confuse anyone, Sorry if this sounds stupid

Regards
Mike

notaloser

try

<?php 
ob_start();
session_start();

...

msimonds

Thanks notaloser that works just fine!!! I appreciate that

I am also looking for some updated tutorials on user authentication, table structure, etc...