Php login script needed

21

done

22

the warning message is new by the way

23

Doesn’t matter, at least I know that the filling in isn’t the problem. Replace again with this one.

24

uploaded the new file

25

Still not working :-\ I’ll leave this to Jubba … :sleep::hair:

26

thanks for all your help m8!

27

Well, I didn’t help much :-:stuck_out_tongue:

28

but you tried really hard and that’s what counts :wink:

29

Here is a file that I created to help someone else with their login stuff… it might help you.

edit the file “include.php”

The first array is the usernames, the second array is the passwords.

If you can understand how that works and everything, then we’ll work on the redirect.

30

hi jubba,

thanks alot for the files. i edited the include.php. i think i figured it pretty much out: it looks up the user and pass if its in the array you get access, if not you’re screwed :wink:

although i have to admit that i do not know what

$arrayLength = sizeof($userArray);

is for.

i’m really curious how the redirect works.

ff

31

Ok, now that just gets the length so I know how many users to check for.

Then the for loop checks to see if the user is in the array and if their password has the same array position.

for redirection I would add another array to “include.php”


// Name these pages whatever they need to be to match
// the user that the page belongs to.
$redirect = array("page1.htm", "page2.htm", "page3.htm", "page4.htm");

then in the file “login.php”

replace this:


print "Login Acceptable. Proceed.";

with this:


header("Location: ".$redirect[$x]);

that should work.

32

it works like a charm. great! you should see the smile on my face :slight_smile: can i ask you one more thing:

actually its possible to call the pages directly from the browser because they are not protected. i mean there is the login, but if you skip that you can still view the pages that are supposed to be protected. know what i mean? so if user 1 finds out user 2’s site he can just type it in the adress field and voila. but if i protect them with .htaccess files the login site will not work anymore.

ff

33

yeah. I would do this:

when the login is correct, before the redirect, set a cookie and then at the top of each page, check to see if the cookie is set. If its not, then redirect them to an error page…

if you need help with that I can give you a hand, but I can’t until Monday morning or so…

34

hi jubba,

would be great if you could help me with that. i get back to you tomorrow. thanks!

ff

35

Ok here’s the deal. Since we’re going to be using PHP, we’re going to want to do it the correct way. So all those files that you are redirecting people have to be PHP files. All your HTML will work correctly, but just change the extention to PHP so we can get this security to work. Now we can have mid-level security and use cookies, or we can have a bit higher level and use sessions. I’m going to show you how to use cookies because, well I don’t think that this needs to be super secure. There are going to be ways around this, but not without creating a cookie and editing its properties.

What you’re going to want to do is, when the login and password are correct, before you send them to another location with your header() code, is set a cookie. So now our code on the login.php page should look like this:


<?
/* Catch the variables with $_POST[]; Since the new versions of PHP have
global variables turned off due to safety features, its best to use this 
with your script so that you can be sure the script will work on all 
servers (global vars off or not)*/
$user = $_POST['user'];
$pass = $_POST['pass'];

include("include.php");

$failure = array();

for($x=0; $x<$arrayLength; $x++)
{
	if($user == $userArray[$x] && $pass == $passArray[$x])
	{
		setcookie("user", $userArray[$x]);
		setcookie("page", $redirect[$x]);
		header("Location: " . $redirect[$x]);
	}
	else
	{
		array_push($failure, $x);
		if(sizeof($failure) >= $arrayLength)
		{
			print "Login not acceptable. User does not exist, or invalid password entered. Please try again.";
		}
	}
}
?>

ok that will set our cookies.

now, on each of your pages that you send people to place this code, and it will perform a check for the user name, and make sure that the user’s cookie matches the name of the page…


<?
include("include.php");

$page = $PHP_SELF;
$page = split("/", $page);
$num = sizeof($page) - 1;
$page = $page[$num];

for($x=0;$x<sizeof($userArray); $x++)
{
	if($user == $userArray[$x])
	{
		if($page != $location)
		{
			header("Location: error.php");
		}	
	}
}
if(!$user || !$location)
{
	header("Location: error.php");
}

?>

Ok, now that code will redirect them to the page “error.php” if:

The $user cookie is not set, the $lcoation cookies is not set, or if the cookie that is set does not match the page that they are trying to view. Just place that at the top of each page that is in your redirect array. Make sure that it goes before any HTML.