Hello.
I use PHP to deal with a login system, that allows staff members to login to a portal which has many pages which only allow certain groups to visit each one.
Each time someone successfully authenticates, it sets the $_SESSION['account'] ... all of my databases are done via flatfile, which works perfectly for us.
What I want to achieve is to add a :
Online staff: user1, user2, user3
of all the people who are logged in (and have the $_SESSION['account'] set...)
How can I do that based on the following?
Firstly, our /staff/index.php is the actual HTML login. It submits to a login.php which has:
<?php
session_start();
function output_error($text='')
{
include_once('/home/header.php');
echo "<p class=\"pagetitle\">There were some errors in your submission...</p>\n<div class=\"messagebox\">\n<p>Please correct the following:</p>\n<ul>\n" . $text . "\n</ul>\n</div>\n";
include_once('/home/footer.php');
exit();
}
if (!isset($_SESSION['correctcode'])) {
output_error('<li><span>Please enable cookies.</span></li>');
}
$correctcode = $_SESSION['correctcode'];
$securitycode = $_POST['securitycode'];
if ($securitycode != $correctcode) {
output_error('<li><span>The human validation check failed; please try again.</span></li>');
}
$user_data = file("/home/hidden/users.db");
foreach($user_data as $val)
{
list($user, $pwd) = explode(",", trim($val));
$users[$user] = $pwd;
}
$account = $_POST['account'];
$password = md5($_POST['password']);
if (array_key_exists($account, $users))
{
if ($password == $users[$account])
{
$_SESSION['logged'] = true;
$_SESSION['account'] = $account;
$_SESSION['password'] = $password;
$_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
setcookie('logindate', date('d/m/Y'));
setcookie('logintime', date('H:i:s'));
if (isset($_SESSION['location'])) {
header("Location: ". $_SESSION['location']);
$stuff_to_prepend = "STAFF PORTAL LOGIN: " . date('D M d H:i:s Y T') . ": " . $_SESSION['account'] . " using IP: " . $_SESSION['ip'] . ".";
$filename = "/home/hidden/logins.db";
$file_contents = file_get_contents($filename);
if($fp = fopen($filename, 'w+'))
{
fwrite($fp, $stuff_to_prepend."\n".$file_contents);
fclose($fp);
}
unset($_SESSION['location']);
exit();
}
header ("Location: http://us.net/staff/home.php");
$stuff_to_prepend = "STAFF PORTAL LOGIN: " . date('D M d H:i:s Y T') . ": " . $_SESSION['account'] . " using IP: " . $_SESSION['ip'] . ".";
$filename = "/home/hidden/logins.db";
$file_contents = file_get_contents($filename);
if($fp = fopen($filename, 'w+'))
{
fwrite($fp, $stuff_to_prepend."\n".$file_contents);
fclose($fp);
}
unset($_SESSION['location']);
exit();
}
else
{
output_error('<li><span>Sorry, your password has been entered incorrectly. <a href="/staff/index.php">Please login again</a>.</span></li>');
}
}
else
{
output_error('<li><span>Sorry, your account has not been recognised. <a href="/staff/index.php">Please login again</a>.</span></li>');
}
?>
Our users.db looks like:
user,md5hash
user2,md5hash
Our logout.php:
<?php
ob_start();
require_once('/home/staff/protect.php');
setcookie('logindate', '', time()-60);
setcookie('logintime', '', time()-60);
unset($_SESSION['logged']);
header("Location: http://us.net/staff/index.php");
ob_end_flush();
?>
Our protect.php which is included by all files that are protected to check if the user is logged in:
<?php
$back = "<form method=\"post\" action=\"/staff/index.php\"><div><input type=\"submit\" name=\"login\" class=\"bg\" value=\"Log in\" /></div></form>\n";
$acc_denied = "<p class=\"pagetitle\">Sorry, you must be logged into your Staff Portal account in order to access this page.</p>\n".$back;
session_start();
if (!isset($_SESSION['logged'])) {
$location = $_SERVER['PHP_SELF'];
$_SESSION['location'] = $location;
header("Location: /staff/index.php");
exit();
}
?>
Many thanks!
