Multiple Users

zah

Hello! I'm using a small PHP login script, but I was wondering if it's possible to create multiple users. These users would have their own different passwords as well. Thanks!

<?php
session_start();
header("Cache-control: private");

/*
SIMPLE LOGIN - Access Protection Script

This is a simple password protection script that requires very little setup.  This single file can protect multiple pages with just a small include at the top of each PHP file you want to protect.  It uses sessions so you only have to enter your password once each time you open your browser, and you can view any number of protected pages without having to login for each page.  THIS SCRIPT CAN ONLY PROTECT PHP FILES and is not compatible with pages that already use sessions.  The default login form is valid XHTML 1.0 Transitional.

I release this script in good faith, but no data stored online can be guaranteed 100% secure.  By using SimpleLogin, you agree to indemnify me from any liability that might arise during its use.  If you encounter any security problems with this script, please report them to me and I will fix or discontinue SimpleLogin as necessary.

SETUP
1. Set your username and password in the config below.
2. Upload this file to your site.
3. Put the following code at the ABSOLUTE VERY TOP of each page you want to password protect:

  <?php require('access.php'); ?>

Important!  Make sure the files you are protecting are in the same directory as this file.  You can still protect files in other directories, but you will need to adjust the include code to add the path to this file.

CUSTOMIZATION
You can customize the login form in the code below (scroll down, it's commented), but do not change any PHP code or the field names.  To make the login page match your site, DO NOT include access.php where you want the form to show up.  It must go at the top of the page you are protecting or the sessions will not work.  Instead, edit the login form below, to add your own header and footer.

*/


//CONFIG
// --------------------------------------------------

// set your username and password
$setusername = 'username';
$setpassword = 'password';


// don't edit below this line
// --------------------------------------------------

if ($_GET['action'] == 'logout') {
    $_SESSION = array();
    session_destroy();
}

$showform = true;

if ($_POST['action'] == 'login') {

   $replace = array('(' => '&#40;', ')' => '&#41;', '#' => '&#35;');
   $username = strtr(htmlspecialchars(strip_tags($_POST['username'])), $replace);
   $password = strtr(htmlspecialchars(strip_tags($_POST['password'])), $replace);

if (($username != $setusername) || ($password != $setpassword)) {
    $errormsg = true;
} else {    
    $showform = false;
    $_SESSION['username'] = $username;
    $_SESSION['password'] = md5($password);
}

} else {

if (($_SESSION['username'] == $setusername) && ($_SESSION['password'] == md5($setpassword))) {
  $showform = false;
}

}

if ($showform) {

// don't edit above this line
// --------------------------------------------------
?>


<!-- login page -->

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-Style-Type" content="text/css" />
<title>Login Required</title>
<style type="text/css">
body, input { color: #000000; font: 12px arial, sans serif; background-color: #ffffff; }
input { border: 1px solid #000000; }
a { color: #666666; text-decoration: none; }
a:hover { color: #333333; }
h1 { font-size: 16px; letter-spacing: 1px;}
p, h1 { margin: 10px 0px; }
.errormsg { color: #FF0000; }
</style>
</head>
<body>

<h1>Login Required</h1>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<input type="hidden" name="action" value="login" />

<?php
// don't edit this unless you know what you are doing
if ($errormsg) {
   echo '<p class="errormsg">Invalid login!  Try again.</p>';
}
?>

<p>
Username:<br />
<input type="text" name="username" />
</p>

<p>
Password:<br />
<input type="password" name="password" />
</p>

<p>
<input type="submit" value="Submit" />
</p>

</form>

</body>
</html>

<!-- login page ends -->


<?php
// don't edit below this line
// --------------------------------------------------

exit;
}
?>

BuzzPHP

The following line:

if (($username != $setusername) || ($password != $setpassword)) {

needs to be changed to some SQL statements which check the username / password against a database. How you populate this data is anyones guess.
A full user registration system would be many lines of code. But, some systems would not need this as registration is via some form of administration. ie: A university wouldn't allow just anyone to register for a course.

Or, you can just use the file system and each user would have a folder. The command file_exists() will allow you to test for a username. A inifile inside each folder can hold user profile details. The command parse_ini_file() can be used to extract data from such a file. You would basiclly write something like:

$profile = parse_ini_file("users/$username/profile.ini");

if ($profile && $profile["password"] == $password) { .....

http://php.net/manual/en/function.parse-ini-file.php

But again, it takes a lot of code to write a user registration system, but this would work on free hostings which dont support mysql.

Other methods in include using a XML file to store user data.

The simplest solution is to just use an array of usernames and passwords, but that would only suit a small group. ie: a band or a special interest club.

There is no one correct simple answer. You just have to code it.