php.ComLanka.com PHP Tutorial ,PHP source code, PHP online example

Algorithms Arrays Passwords Uncategorized
Commerce Uncategorized
Databases Abstraction Layers Informix LDAP MS SQL MySQL ODBC PostgreSQL Uncategorized
Date & Time Calculators Conversion Translation Uncategorized
Discussion Chat Forums Guestbooks Polls Uncategorized
Email Validation Uncategorized
External Uncategorized
Files and Directories Uncategorized
Games Uncategorized
Graphics 3-D Graphs Resizing Thumbnails Uncategorized
HTML Forms Menus & Navigation Source Viewers Tables Templates Uncategorized
HTTP Authentication Cookies File Uploading Uncategorized
I18N Uncategorized
Math Uncategorized
Miscellaneous Uncategorized
Searching and Trees Uncategorized
Security Uncategorized
Text Uncategorized
Utilities Calendars Counters Link Checkers Weather Uncategorized
XML Uncategorized

php sample source codes
This code will check for a cookie. If none is found it will verify User ID and Password and then give the user a cookie for next time (or other parts of the site). In addtion this code will automatically direct the users browser to a page of your choice after authenticating. This code uses MySQL. <?php //Put in your own info for username, password, DB, email@address, Cookiename, //the name of this page (currently login.php) and the name of your subscribe //or new user page (currently new.php). I went ahead and included all the HTML //so this page should work as is, with only the changes described above needed // - Lysander (Lysander@onlychildclub.com) $dblink = mysql_pconnect("localhost","username","password"); mysql_select_db("DB"); $headers=0; //Make Sure HTML Headers are in place before the form //after Authenticating the script automatically sends the browser to //the webpage of your choice (note if your page calls this //script with ?redirect="foobar.php" it will automatically //redirect to foobar.php after authenticating. Set the default //redirect page here if ( !isset($redirect)) { $redirect = "index.php"; } if (isset($UserID) && isset($Password)) { $query = "select * from members where UserID = \"$UserID\" and Password = \"$Password\""; if ( !($dbq = mysql_query($query, $dblink))) { echo "Unable to query database. Please Contact <a href=\"mailto:email@address\">email@address</a>.\n"; exit; } $lim = mysql_num_rows( $dbq ); if ($lim != 1) { $headers=1; //HTML headers in place echo "<HTML><HEAD><TITLE>Login Page</TITLE></HEAD><BODY>"; echo "<B>Invalid User ID or Password. Please Try again</B><BR>"; } if ($lim == 1) { //make unique session id and store it in Database $timer = md5(time()); $sid = $UserID . "+" . $timer; SetCookie("Cookiename",$sid,time()+2592000); //Set Cookie for 30 days $query = "update members set sid=\"$timer\" where UserID=\"$UserID\""; if( !($dbq = mysql_query( $query, $dblink))) { echo "Unable to update database. Please contact <a href=\"mailto:email@address\">email@address</a>.\n"; exit; } $headers=1; header("Location: $redirect"); exit; } } if (isset($Cookiename)) { $headers=1; //make sure HTML headers are in place before the form $sidarray = explode("+", "$Cookiename"); $query = "select * from members where UserID = \"$sidarray[0]\" and sid = \"$sidarray[1]\""; if ( !($dbq = mysql_query($query, $dblink))) { echo "Unable to find database. Please Contact <a href=\"mailto:email@address\">email@address</a>.\n"; exit; } if (mysql_num_rows( $dbq ) == 1) { echo "<HTML><HEAD><TITLE>Login Page</TITLE></HEAD><BODY>"; echo "You are already logged in as $sidarray[0].<BR>"; echo "You may logon as another user or simply begin using our services with your current session.<BR>"; echo "Click <A Href=\"http://www.mydomain.com/home.php\">Here</A> to return to our homepage."; } } if ($headers == 0) { echo "<HTML><HEAD><TITLE>Login Page</TITLE></HEAD><BODY>"; } echo "<Form Action=\"login.php\" METHOD=POST>"; echo "<H2>User Name</H2>"; echo "<Input TYPE=\"text\" Name=\"UserID\" Value=",$UserID,">"; echo "<BR>"; echo "<H2>Password</H2>"; echo "<Input TYPE=\"password\" Name=\"Password\">"; echo "<BR>"; echo "<Input Type=\"submit\" Value=\"Submit\">"; echo "<Input Type=\"hidden\" Name=\"redirect\" Value=\"$redirect\">"; echo "</FORM>"; ?> <A HREF=new.php>Create an Account</A> </BODY> </HTML>
Authentication using cookies and filebased password/login list. <br>It took me some time to understand, how cookies can be used properly. I think this might help you; at least to start with. <br> Instead of redirecting to a new file, you can use the whole as a function and return succeeded authentication. <br>Be aware of declaring all nescessary variables as global.<br>Of course, the login/passwd list can certainly be taken from within a database. <?php // -------------------------------------------------------------------------------- // Topic: Authentication using cookies and filebased password/login list // Author: Copyright (c) by Urs Gehrig <admin@circle.ch> // Version: 1.0.0 // Update: 19-7-2000 // Licence: ? // PHP: php-4.0.0-win32 // Browser: IE 5, Netscape 4.7 // // Handling: This might be your startup index.php file, where you check the // users. // // Enjoy! // -------------------------------------------------------------------------------- // -------------------------------------------------------------------------------- // functions // -------------------------------------------------------------------------------- function redirect($cmd){ ?> <SCRIPT language=JavaScript> window.location.href="<?php echo $cmd; ?>"; </SCRIPT> <?php } // -------------------------------------------------------------------------------- // main // -------------------------------------------------------------------------------- $header = '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"><HTML><HEAD><TITLE>login form</TITLE><link rel="stylesheet" href="style.php"></HEAD><BODY>'; $footer = '</BODY></HTML>'; if (!isset($login) and !isset($passwd) and !$valid): echo $header; ?> <form method="post" action="<?php echo basename($PHP_SELF); ?>" name=loginform> login: <input type="text" name="login" maxlength=50 size=10 style="width: 90px; font-size: 10px"> password: <input type="password" name="passwd" maxlength=50 size=10 style="width: 90px; font-size: 10px"> <input type=submit value="login" name="sent" style="width: 30px; heigth: 18px; font-size: 10px"> </form> <script language=JavaScript> <!-- if (document.loginform) { document.loginform.login.focus(); } // --> </script> <?php echo $footer; elseif(isset($sent)): $login_ok = 0; $fp = fopen("password.txt", "r"); while (feof($fp) == 0): $line = chop(fgets($fp,1000)); $arr = split(",", $line); if (($arr[0] == $login) and ($arr[1] == $passwd)): $login_ok = 1; $cookie_life = 1*24*3600; // cookie lifetime in seconds (e.g. here: 1 day) setcookie("valid",$login_ok,time()+$cookie_life); continue; endif; endwhile; if($login_ok): redirect("your_next_file.txt"); // for first-time users else: ?> You better choose a valid login/password!&nbsp;&nbsp;<a href="<?php echo basename($PHP_SELF); ?>">Try again</a> <?php endif; endif; if($valid and !$sent) redirect("your_next_file.txt"); // for continued use during cookie lifetime ?> ***************************** password.txt ************************* test,test
use this function to ask for a login for first time visitors and track their login/password information in cookies on the client's side. you will still need to inform the user about enabling cookies. further, there is only a a check of login/password against the contents of the cookie, once it is set for longer than just the session. <?php // ---------------------------------------------------------------------------------------- // topic: Track login vars and session_id with cookies and allow autologin // author: Copyright (c) by Urs Gehrig <admin@circle.ch> // version: 1.0.0 // update: 26-7-2000 // PHP: php-4.0.0-win32 // // handling: use this function to ask for a login for first time visitors and track their // login/password information in cookies on the client's side. you will still // need to inform the user about enabling cookies. further, there is only a // a check of login/password against the contents of the cookie, once it is set // for longer than just the session. // // Passwords: your_passwords.txt // your_login,your_password // my_login,my_password // // Browser: It has been tested and it worked with IE5 // // Enjoy! // ---------------------------------------------------------------------------------------- // ---------------------------------------------------------------------------------------- // functions // ---------------------------------------------------------------------------------------- function LoginForm(){ global $PHP_SELF; $header = '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"><HTML><HEAD><TITLE>login form</TITLE></HEAD><BODY>'; $footer = '</BODY></HTML>'; echo $header; ?> <form method="post" action="<?php echo basename($PHP_SELF); ?>" name=loginform> <table frame=void rules=none WIDTH="300"> <tr> <td align="left"> login: <td align="left"> <input type="text" name="login" maxlength=50 size=15 style="width: 120px; font-size: 12px"> <tr> <td align="left"> password: <td align="left"> <input type="password" name="passwd" maxlength=50 size=15 style="width: 120px; font-size: 12px"> <tr> <td align="left">&nbsp; <td align="left">&nbsp; <tr> <td align="left"> &nbsp; <td align="left"> <input type=submit value="login" name="sent" style="width: 50px; heigth: 18px; font-size: 12px"> </table> </form> <script type="text/javascript"> <!-- if (document.loginform) { document.loginform.login.focus(); } // --> </script> <?php echo $footer; } function getItem($item,$str){ $pairs = explode("&", $str); for($i=0;$i<count($pairs);$i++): $query[$i] = explode("=", $pairs[$i]); if($query[$i][0] == $item): return $query[$i][1]; break; endif; endfor; } function cke_auth(){ global $PHP_SELF, $sent, $ID, $mysession, $login, $passwd; // you may select a cookielifetime $cke_days = 1; $cke_secs = $cke_days * 24 * 3600; // cookie lifetime in seconds (e.g. here: 1 day) $cke_time = time()+ $cke_secs; //$cke_time = 0; // my cookielifetime is lasting the session if(isset($sent)): // from login form $login_ok = 0; if (isset($login) and isset($passwd)): $fp = fopen("your_passwords.txt", "r"); while (feof($fp) == 0): $line = chop(fgets($fp,1000)); $arr = explode(",", $line); if (($arr[0] == $login) and ($arr[1] == $passwd)): session_start(); setcookie("login", $login, $cke_time); setcookie("passwd", $passwd, $cke_time); setcookie("ID", session_id(), $cke_time); return 1; // authentication succeeded $login_ok = 1; break; endif; endwhile; endif; if(!$login_ok): return 0; // access denied endif; else: $fp = fopen("your_passwords.txt", "r"); while (feof($fp) == 0): $line = chop(fgets($fp,1000)); $arr = explode(",", $line); if (($arr[0] == $login) AND ($arr[1] == $passwd)): return 1; // authentication succeeded $login_ok = 1; break; endif; endwhile; if(!$login_ok): return 0; // access denied endif; endif; } // ---------------------------------------------------------------------------------------- // main // ---------------------------------------------------------------------------------------- //init vars; $uri = basename($PHP_SELF); $stamp = md5(srand(5)); if(!cke_auth()): // authentication failed LoginForm(); // display login form else: // authentication was successful //header ("Location: wherever.com"); if (isset($sent)): echo "logged in from <b>login form</b><br><br>"; echo "Your login name: <b>".$login."</b><br>"; echo "Your password: <b>".$passwd."</b><br>"; echo "<br><br><br><a href='$uri?SID=$ID'>load</a>"; else: echo "logged in from <b>cookie:</b> ".$ID."<br>"; echo "changing <b>stamp:</b> $stamp<br><br>"; echo "Your login name: <b>".$login."</b><br>"; echo "Your password: <b>".$passwd."</b><br>"; echo "<br><br><br><a href='$uri?SID=$ID&stamp=$stamp'>load</a>"; endif; endif; ?>
complete auth system in one file. Just include this file, after you have modified the definitions, in any pages you want protected and authentication will be enabled. <? /* complete auth system in one file. just include this file after you have modified the definitions and authentication will be enabled. Joel De Gan http://www.tenshimedia.com http://www.joihost.com */ define("REDIRECT",1); #redir to page, 0 = show form from here define("USEMYSQL",1); #0=no,1=yes define("USEFILE",0); #0=no,1=yes define("FILEPATH","~.users"); #0=no,1=yes define("USE_ENCRYPTION",0); #0=no,1=yes define("VAR_TYPE","session"); # session/cookie #define("VAR_TYPE","cookie"); define("SHOW_TOP_BAR",1); ####### define("SHOW_LOGIN_FORM"," <br><br><center><form method=post action=$PHP_SELF?show=login></td><table> <tr> <td>Username: </td> <td><input name=username type=text value=></td> </tr><tr> <td>Password: </td> <td><input name=password type=password value=></td> </tr><tr> <td colspan=2 align=center><input type=submit value=\" log in \"></td> </tr> </table> </form></center> "); #show login form define("REDIRECT_AFTER_LOGIN","$PHP_SELF"); #redirect to after login define("FAILED_LOGIN"," <br><br><center><h2>Login failed - <a href=\"$PHP_SELF?show=form\">go back</a></h2></center><br><br> "); #failed login page define("LOGOUT","$PHP_SELF?logout=true"); #logout page define("LOGIN_MYSQL_HOST", "localhost"); define("LOGIN_MYSQL_USER", "username"); define("LOGIN_MYSQL_PASS", "password"); define("LOGIN_MYSQL_DB", "any_database"); define("LOGIN_MYSQL_TABLE", "usertable"); define("LOGIN_MYSQL_USERFIELD", "name"); // whatever field you use for username define("LOGIN_MYSQL_PASSFIELD", "pass"); // whatever field you use for password define("ADMIN_FIELD","userlevel"); // this is for determining if admin or not define("ADMIN_FIELD_VALUE","admin"); // the value that determines if admin or not define ("DB_ERROR_PAGE", "<h3>Cannot connect to the database server.</h3>\n"); define ("DB_ERROR", "<h3>Cannot connect to the database selected.</h3>\n"); define("DEBUG","true"); // true=debug; false=no // loginDatabaseConnect(LOGIN_MYSQL_HOST,LOGIN_MYSQL_USER,LOGIN_MYSQL_PASS,LOGIN_MYSQL_DB); function loginDatabaseConnect($host, $user, $pass, $db) { if (!($mylink = mysql_connect($host, $user, $pass))){ print DB_ERROR_PAGE; print mysql_error(); exit; }//fi mysql_select_db($db) or die(DB_ERROR . mysql_error()); }// end function function object_to_cookie($obj){ $z = serialize($obj); $z = gzcompress($z); $z = base64_encode($z); $z = urlencode($z); return $z; } function cookie_to_object($cookie){ $z = urldecode($cookie); $z = base64_decode($z); $z = gzuncompress($z); $z = unserialize($z); return $z; } function array2cookie($arr){ while (list($key, $val)= each($arr)){ sec_setcookie($key, $val); $key = $val; global ${$key}; }//rof }//end function //main cookie function function sec_setcookie($var, $val, $modify=3600){ if (USE_ENCRYPTION == 1){ $val = object_to_cookie($val); } $exp = gmstrftime("%A, %d-%b-%Y %H:%M:%S", time()+$modify); $dom = $GLOBALS["HTTP_HOST"]; if (preg_match("/^(.*):(.*)$/",$dom,$arr)) { print_r($arr); $dom = $arr[1]; } $parts = explode(".",$dom); $dom = ".".$parts[count($parts)-2].".".$parts[count($parts)-1]; setcookie($var,$val, time()+$modify,"/",$dom, 0); ${$var} = $val; global ${$var}; }//end function function check_login(){ if ( (isset($_COOKIE["loggedin"])&&isset($_COOKIE["username"])&&isset($_COOKIE["password"])) || $loggedin){ return true; }else{ if (!headers_sent()){ # for if we want to redirect instead... //header("Location: ". SHOW_LOGIN_FORM); //echo SHOW_LOGIN_FORM; header("Location: http://www.yoursite.com/login.php"); //exit; }else{ //echo "\n<br><br><center><a href='".SHOW_LOGIN_FORM."'>CLICK HERE</a> to login</a></center><br><br>\n"; //echo SHOW_LOGIN_FORM; header("Location: http://www.yoursite.com/login.php"); //exit; }//fi }//fi }//end function function do_login($username, $password){ if (USE_ENCRYPTION == 1){ $password = cookie_to_object($password); }//fi loginDatabaseConnect(LOGIN_MYSQL_HOST, LOGIN_MYSQL_USER, LOGIN_MYSQL_PASS, LOGIN_MYSQL_DB); $sql = "SELECT * FROM ". LOGIN_MYSQL_TABLE ." WHERE ". LOGIN_MYSQL_USERFIELD ."='".$username ."' AND ". LOGIN_MYSQL_PASSFIELD ."='".$password."'"; $tmp = mysql_query($sql)or die(DB_ERROR . mysql_error()); if ( mysql_num_rows($tmp)>0 ){ if (USE_ENCRYPTION == 1){ $password = object_to_cookie($password); } sec_setcookie("username", $username); sec_setcookie("password", $password); sec_setcookie("loggedin", "true"); $row = mysql_fetch_array($tmp); if ($row[ADMIN_FIELD] == ADMIN_FIELD_VALUE){ sec_setcookie("admin", "true"); }//fi header("Location: ". REDIRECT_AFTER_LOGIN); exit; }else{ sec_setcookie("username", ""); sec_setcookie("password", ""); sec_setcookie("loggedin", ""); echo FAILED_LOGIN; //header("Location: http://www.yoursite.com/login.php") exit; }//fi }//end function function show_logout(){ return "<a href=\"".LOGOUT."\">logout</a>"; }//end function ############################################################################################ ########### below runs each time this file is accessed ########### ############################################################################################ if ($p <> "signup"){ switch ($show){ case "login": do_login($HTTP_POST_VARS["username"], $HTTP_POST_VARS["password"]); check_login(); break; case "form": check_login(); break; default: check_login(); break; }//switch }//fi ########### #echo "test"; if ($HTTP_POST_VARS["logout"] <> "" || $HTTP_GET_VARS["logout"] <> ""){ while(list($key, $val) = each($_COOKIE)){ sec_setcookie($key, ""); }//wend //header("Location: ". REDIRECT_AFTER_LOGIN); header("Location: http://www.yoursite.com/login.php"); }// ############################################################################################ if (SHOW_TOP_BAR == 1 && _disptop <> false){ ?><body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"> <table width="100%" border="0" cellspacing="0" cellpadding="0" bgcolor="#000000"> <tr> <td width"100%" bgcolor="#000000" align="right"> [ <span class=h2>Currently Logged in as:</span> <span class=highlit><? echo $username ?></span> | <? echo show_logout(); ?> ] </span> </td> </tr> </table> <? }//end function ?>
I received some e-mail asking what code should be placed on other pages of the website using my Authenticator with Cookies and Redirect. This code should appear before the HTML Tag on any page you want protected. <?php //Put in your own info for username, password, DB, email@address, Cookiename, //the name of this page (currently thispage.php), and the name of the login page (currently login.php). //Cookiename MUST be the same as Cookiename in the login page. $dblink = mysql_pconnect("localhost","username","password"); mysql_select_db("DB"); if( !(isset( $CookieName ))) { header("Location: http://www.yourdomain.com/login.php3?redirect=thispage.php"); exit; } $sidarray = explode("+","$CookieName"); $query = "select * from members where UserID = \"$sidarray[0]\" and sid = \"$sidarray[1]\""; if ( !($dbq = mysql_query( $query, $dblink))) { echo "Unable to find database. Please Contact <A HREF=\"mailto:email@address\">email@address</a>.\n"; exit; } if (mysql_num_rows( $dbq ) != 1) { header("Location: http://www.yourdomain.com/login.php3?redirect=thispage.php"); exit; } ?>
This selection of PHP files will allow you to implement a "member's only" area in your web site, complete with recognizing re-entering members and new member form. Uses MySQL back-end. Instructions: - copy the following source code into their respective files (i.e. File #1 into my_const.h, etc.) - run the queries thru MySQL to create the back-end database structure - Drop the correct values into my_const.h - Make sure that you have the following files/pages in your site: "header.txt" and "footer.txt" - take a customized HTML template and cut it in half with the top half in header.txt and the bottom half in footer.txt. "visitorarea.html" - this is where non-members are vectored. "memberarea.html" - this is where the authenticated members are vectored. - offer the following links in your site: <a href=authenticate.php3>Click here to enter the members only area</a> <a href=newmember.php3>Click here to enter a membership application</a> - drop the following line into any member-area page (near the top of the file) that you want fully secure: <? include("auth.h"); ?> - if you have any questions regarding implementation or bug reports, email me at woodystanford@yahoo.com ****** CREATION QUERIES: create database databasename; create table users (userid int auto_increment primary key, username char(25) not null, password char(255) not null, companyname char(255) not null, contactname char(255) not null, email char(255) not null, baddress1 char(255) not null, baddress2 char(255) not null, bcity char(255) not null, bstate char(50) not null, bzip char(50) not null, saddress1 char(255) not null, saddress2 char(255) not null, scity char(255) not null, sstate char(25) not null, szip char(50) not null, tel char(255) not null, fax char(255) not null, active tinyint, ccname char(255) not null, cctype tinyint not null, ccnum char(255) not null, expdate char(255) not null, scountry char(255) not null, bcountry char(255) not null, discount decimal(5,4), needsvalidation tinyint not null, taxexempt tinyint not null, terms int not null); create table sessions (sessionid int auto_increment primary key, userid int, ipaddress char(255) not null, created timestamp, returnpage char(255) not null); SOURCE CODE: ***** File #1: my_const.h <? if ($g_databasename=="") { // ********** ENTER CONSTANTS HERE! ************** $g_databasename="databasename"; $g_dbuid="mysqlusername"; $g_dbpwd="mysqlpassword"; $g_uservalidator_email="youremail@address.com"; // ************************************************ //Helper functions function mysql_escape_string($s) { $sl=strlen($s); for ($a=0;$a<$sl;$a++) { $c=substr($s,$a,1); switch(ord($c)) { case 0: $c = "\\0"; break; case 10: $c = "\\n"; break; case 9: $c = "\\t"; break; case 13: $c = "\\r"; break; case 8: $c = "\\b"; break; case 39: $c = "\\'"; break; case 34: $c = "\\\""; break; case 92: $c = "\\\\"; break; case 37: $c = "\\%"; break; case 95: $c = "\\_"; break; } $s2.=$c; } return $s2; } } ?> **** File #2: "newmember.php3" <? include("header.txt"); ?> <font face=arial> <font size=5><b>New Member Profile</font></b><br> To use this site to the fullest, you must enter in some basic information to establish your identity when you visit. Required fields are indicated with a <font color=red>*</font>. A username and password will be issued to you via email.<p> <small>(If you have already received a username and password, and have forgotten it, please do not re-submit your information, but rather contact us at via <a href="mailto:<? echo($g_uservalidator_email); ?>">email</a>.)</small><p> <form action=submitmember.php3 method=post> <font color=blue><b>Personal Information</b></font><br> <hr> <table> <tr><td><b>Company Name</td><Td><input type=text name=companyname size=50></td></tr> <tr><td><b>Your Name (first, last)<font color=red>*</font></td><Td><input type=text name=contactname size=50></td></tr> <tr><td><b>Email Address<font color=red>*</font></td><Td><input type=text name=email size=50></td></tr> <tr><td valign=top><b>Billing Address<font color=red>*</font></td><Td><input type=text name=baddress1 size=50><br><input type=text name=baddress2 size=50><br><input type=text name=bcity size=25>, <input type=text name=bstate size=2> <input type=text name=bzip size=10><br><input type=text name=bcountry size=10 value="USA"></td></tr> <tr><td valign=top><b>Shipping Address<font color=red>*</font></td><Td><input type=text name=saddress1 size=50><br><input type=text name=saddress2 size=50><br><input type=text name=scity size=25>, <input type=text name=sstate size=2> <input type=text name=szip size=10><br><input type=text name=scountry size=10 value="USA"></td></tr> <tr><td><b>Contact Telephone</font></td><Td><input type=text name=tel size=30></td></tr> <tr><td><b>FAX Telephone</font></td><Td><input type=text name=fax size=30></td></tr> </table><hr><p> I certify that the above information is correct. Please process this information an email me my username and password as soon as possible.<p> <input type=submit value="Process Request"> </form> <? include("footer.txt"); ?> **** File #3: "submitmember.php3" <? include("header.txt"); include("my_const.h"); //connect to database $con = mysql_connect(localhost,$g_dbuid,$g_dbpwd); if ($con==NULL) { echo("301 Couldn't connect to MySQL\n\n"); exit(-1); } $db = mysql_select_db($g_databasename,$con); $t="insert into users (companyname, contactname, email, baddress1, baddress2, bcity, bstate, bzip, saddress1, saddress2, scity, sstate, szip, tel, fax, active, bcountry, scountry, needsvalidation) values (\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",0,\"%s\",\"%s\",1)"; $sql=sprintf($t, mysql_escape_string($companyname), mysql_escape_string($contactname), mysql_escape_string($email), mysql_escape_string($baddress1), mysql_escape_string($baddress2), mysql_escape_string($bcity), mysql_escape_string($bstate), mysql_escape_string($bzip), mysql_escape_string($saddress1), mysql_escape_string($saddress2), mysql_escape_string($scity), mysql_escape_string($sstate), mysql_escape_string($szip), mysql_escape_string($tel), mysql_escape_string($fax), mysql_escape_string($bcountry), mysql_escape_string($scountry)); //insert user record into database (active OFF) //debug //echo($sql); mysql_query($sql,$con); //send email to user_validator to get them to validate new user. $msg = sprintf("A new customer has submitted their information. Log into back-end database and authorize userid ".strval(mysql_insert_id($con)).". \n\nThis can be accomplished by setting the \"active\" field (in the table \"users\") to 1. \n\n IMPORTANT: You must also set their username and password and send it to their email address. The username must be unique, and both the username and password should be less than 15 alphanumeric characters. Their entered email address is ".$email."\n"); mail($g_uservalidator_email,"New Customer Submission - Validate",$msg); //autoresponder to visitor //******PHP4 ERROR: mail will crash the process HARD if the email address is bogus. Filter it! ****** mail($email,"Welcome to our Member Area!","Thank You for submiting your information. We'll be emailing you your username and password to enter the customer area of our site by the next business day."); ?> <font face=arial> <font color=blue> <h1>Request Entered!</h1> </font> A representative should contact you shortly via email to give you your username and password.<p> Thank you for your interest!<p> <a href=visitorarea.html>Click here to return to the visitor area.</a> <? include("footer.txt"); ?> ***** File # 4: "authenticate.php3" <? include("my_const.h"); //allow reentry without re-authentication $con = mysql_connect(localhost,$g_dbuid,$g_dbpwd); if ($con==NULL) { echo("301 Couldn't connect to MySQL\n\n"); exit(-1); } $db = mysql_select_db($g_databasename,$con); $sql=sprintf("select userid from sessions where ipaddress=\"$REMOTE_ADDR\"",$con); $res=mysql_query($sql,$con); if (mysql_num_rows($res)!=0) { echo("<html><head><META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=memberarea.php3\"></head></html>"); } else { include("header.txt"); ?> <font face=arial> <font size=5><b>Are you an Existing Member?</b></font><br> If you already have an account, please enter your username and password:<p> <center> <form action=authenticate2.php3 method=post> <table border=1 cellpadding=3> <tr><Td><b>UserName</b><td><input type=text name=uid size=15></td></tr> <tr><Td><b>Password</b><td><input type=password name=pwd size=15></td></tr> </table> <br> <input type=submit value="Enter Customer Area"> </center><p> If you are not already a member, please fill out our <a href=newmember.php3>account request form</a> . Click here to link to our <a href="visitorarea.html"> Visitor's area</a>...<p> <? include("footer.txt"); } ?> FILE #5: "authenticate2.php3" <html> <? include("my_const.h"); //authenticate vistor $con = mysql_connect(localhost,$g_dbuid,$g_dbpwd); if ($con==NULL) { echo("301 Couldn't connect to MySQL\n\n"); exit(-1); } $db = mysql_select_db($g_databasename,$con); $sql=sprintf("select userid from users where username=\"%s\" and password=\"%s\" and active=1",mysql_escape_string($uid),mysql_escape_string($pwd)); $res=mysql_query($sql,$con); if ((mysql_num_rows($res)!=0)&&($uid!="")) { $row=mysql_fetch_row($res); //cleanup $sql=sprintf("delete from sessions where ipaddress=\"%s\"",$REMOTE_ADDR); mysql_query($sql,$con); //make a new session $sql=sprintf("insert into sessions (userid, ipaddress) values (%s,\"%s\")",$row[0],$REMOTE_ADDR); mysql_query($sql,$con); ?> <head> <META HTTP-EQUIV="refresh" CONTENT="2;url=memberarea.php3"> </head> <? } else { ?> <font face=arial> <h1>Access Denied!</h1> If you have reached this page in error, <a href="javascript:history.go(-1)">click here to try again.</a><br> If you do not have a username and password, <a href="newmember.html">click here to fill out an application.</a> <? } mysql_free_result($res); ?> </html> ***** FILE #6 : "auth.h" <? //authenticate vistor if ($g_databasename=="") { include("my_const.h"); } $con2 = mysql_connect(localhost,$g_dbuid,$g_dbpwd); if ($con2==0) { echo("303 Problem connecting to MySQL\n"); exit(0); } $db2 = mysql_select_db($g_databasename,$con2); $sql2=sprintf("select userid from sessions where ipaddress=\"%s\"",$REMOTE_ADDR); $res2=mysql_query($sql2,$con2); $nr=mysql_num_rows($res2); mysql_free_result($res2); if ($nr==0) { echo("<font face=arial><h1>Access Denied!</h1>\n"); echo("If you have reached this page in error, <a href=\"javascript:history.go(-1);\">click here to try again.</a><br> If you do not have a username and password, <a href=\"newcustomer.html\">click here to fill out an application.</a>\n"); exit(); } ?>
simple and easy, and effective way to enable password authentification on your php form scripts. <? if (!empty($addtolog)) { $connection = mysql_pconnect($dbhost,$dbuser,$dbpass); $verify = "SELECT * FROM tablename WHERE username='$admin' and password='$password'"; $verres = mysql_db_query($dbname,$verify,$connection); $num = mysql_numrows($verres); if ($num != "0") { $query = "INSERT INTO adminlog (id,admin,entry,date) VALUES ('0000','".$admin."','".$entry."','".$date."')"; $result = mysql_db_query($dbname,$query,$connection); mysql_close($connection); exit; } else { echo "username and password are either incorrect or not in the database"; exit; } } ?> <form method="post"> name: <input type="text" name="admin"><br> passwd <input type="password" name="password"><br> entry: <textarea cols="30" rows="4" wrap="virtual" name="entry"></textarea> <br><input type="submit" name="addtolog"> </form>
This authentication class is highly configurable, very secure, and works with any relational database. <?php /** * @author Lucas Carlson <lucas@rufy.com> * @pacakge Auth * */ class Auth { var $inactiveLogout; var $database; var $user; var $properties; var $userIP; var $loggedIn; var $adminEmail; ################################################################################## /* Edit the following four functions if you like */ ################################################################################## function hash($password) { // the following code returns plain text passwords # return $password; // the following code returns md5 hashed passwords return md5($password); } function apology($error) { # error_log("PHP Auth\n\nError in file: $_SERVER[SCRIPT_FILENAME]\nFrom site: $_SERVER[HTTP_HOST]\nFrom page:http://$_SERVER[HTTP_HOST]/$_SERVER[REQUEST_URI]\n\n" . $error,1,$this->adminEmail); die ("<b>Error:</b> An error has occurred and a message has been sent to the administrator. Sorry for the inconvenience.<br><br>$error"); } function validateUsername($username) { // the following code allows any unique username # return true; // the following code checks to see if the username field is a real e-mail address if( (preg_match('/(@.*@)|(\.\.)|(@\.)|(\.@)|(^\.)/', $username)) || (preg_match('/^.+\@(\[?)[a-zA-Z0-9\-\.]+\.([a-zA-Z]{2,3}|[0-9]{1,3})(\]?)$/',$username)) ) { $host = explode('@', $username); if(checkdnsrr($host[1].'.', 'MX') ) return true; if(checkdnsrr($host[1].'.', 'A') ) return true; if(checkdnsrr($host[1].'.', 'CNAME') ) return true; } return false; } // How to choose new IDs function getNewID(&$db) { // the following code chooses a unique random ID mt_srand(); $id = mt_rand(100000,999999); while($db->getOne("SELECT count(`id`) FROM `auth_users` WHERE `id` = '$id'") == 1){ $id = rand(100000,999999); } // the following code increments userIDs # $id = $this->numUsers()+1; # while($db->getOne("SELECT count(`id`) FROM `auth_users` WHERE `id` = '$id'") == 1){ # $id++; # } return $id; } function Auth($dsn = null) { ################################################################################## /* Edit the following variables */ ################################################################################## $this->adminEmail = "lucas@rufy.com"; // set the e-mail of the person receiving errors, you may want to set this to $_SERVER["SERVER_ADMIN"] $this->inactiveLogout = 24 * 60 * 60; // seconds of inactivity before automatically logging someone out (set to 0 to never auto logout) $theDB = "mysql://root:da1abas3@localhost/auth"; // if you don't want to set it every time you call new Auth(), set it here. The $dsn value overwrites this value. // The following are all the user preferences except userid, username, password, created, and loggedIn // A visible preference is one which the user can see and change $this->properties = array( "firstname" => array( "description" => "First name", "defaultvalue" => "", "visible" => true, "mutable" => true, "unique" => false, "indexed" => false, "required" => false, ), "lastname" => array( "description" => "Last name", "defaultvalue" => "", "visible" => true, "mutable" => true, "unique" => false, "indexed" => false, "required" => false, ), "url" => array( "description" => "URL", "defaultvalue" => "", "visible" => true, "mutable" => true, "unique" => false, "indexed" => false, "required" => false, ), "active" => array( "description" => "Active", "defaultvalue" => 0, "type" => "tinyint(1)", "visible" => false, "mutable" => true, "unique" => false, "indexed" => true, "required" => false, ) ); ################################################################################## /* Do not touch the rest of the code unless you know what you are doing */ ################################################################################## // NEVER change any of the array names (eg. id, session, username, password), // You CAN change their descriptions though. $properties_required = array( "id" => array( "description" => "ID", "type" => "mediumint", ), "session" => array( "description" => "Session ID", "type" => "varchar(40)", "indexed" => true, ), "username" => array( "description" => "E-mail", "type" => "varchar(40)", "visible" => true, "mutable" => false, "unique" => true ), "password" => array( "description" => "Password", "type" => "varchar(40)", "visible" => true, "mutable" => true, "required" => true, ), "loggedIn" => array( "description" => "Logged In", "type" => "tinyint(1)", "defaultvalue" => 0 ), "created" => array( "description" => "Time stamp of creation", "type" => "int" ) ); $this->properties = array_merge($properties_required,$this->properties); $this->database = (empty($dsn)) ? $theDB : $dsn; $this->userIP = $_SERVER['REMOTE_ADDR']; $this->inactiveLogout = ($this->inactiveLogout == 0) ? 31536000 : $this->inactiveLogout; $this->loggedIn = false; if (empty($this->database)) { $this->apology("Please specify a database."); } if (isset($_COOKIE['session'])) { $withsession = array("session" => $_COOKIE['session']); if ($this->numUsers($withsession) == 1) { $this->login($withsession); setcookie('session', addslashes($_COOKIE['session']), time()+$this->inactiveLogout, "/"); $this->loggedIn = true; } } else { $this->newSession(); } header("Cache-control: private"); // to deal with IE6 oddity, see http://www.phpfreaks.com/tutorials/41/1.php } function newSession() { $sessionID = md5(uniqid(microtime()) . $_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT']); setcookie('session', $sessionID, time()+$this->inactiveLogout, "/"); return $sessionID; } function &dbInit() { require_once 'DB.php'; // contains database abstraction code $db =& DB::connect($this->database); if (DB::isError($db)){ $this->apology($db->getDebugInfo()); } return $db; } function numUsers($user = null) { // counts the number of users with the given data $sql = "SELECT count(`id`) FROM `auth_users` WHERE 1"; if ($user != null) { foreach ($user as $key => $value) { if ($key == "password") $value = $this->hash($value); $sql .= " AND `$key` = '" . addslashes($value) . "'"; } } $db =& $this->dbInit(); $result = $db->getOne($sql); if (DB::isError($result)) { if ($result->getMessage() == "DB Error: no such table") { $this->initializeDB(); } else { $this->apology($result->getDebugInfo()); } } $db->disconnect(); return $result; } function getUsers($user, $properties = null, $start = 0, $number = 0, $sortby = null, $order = 1) { $order = ($order == 2) ? "DESC" : "ASC"; if ($properties == null) { $properties = array(); foreach ($this->properties as $key => $value) { array_push($properties,$key); } } $db =& $this->dbInit(); // counts the number of users with the given data $sql = "SELECT COUNT(`id`) FROM `auth_users` WHERE 1"; foreach ($user as $key => $value) { if ($key == "password") $value = $this->hash($value); if (in_array($key,$properties)) $sql .= " AND `$key` like '%" . addslashes($value) . "%'"; } $numUsers = $db->getOne($sql); if (DB::isError($db)){ $this->apology($db->getDebugInfo()); } if ($numUsers > 0) { $number = ($number == 0) ? $numUsers : $number; $sql = "SELECT "; foreach ($properties as $key) { $sql .= "`$key`, "; } $sql .= "`id` FROM `auth_users` WHERE 1"; foreach ($user as $key => $value) { if ($key == "password") $value = $this->hash($value); if (in_array($key,$properties)) $sql .= " AND `$key` like '%" . addslashes($value) . "%'"; } if (!empty($sortby)) $sql .= " ORDER BY `" . addslashes($sortby) . "` " . addslashes($order); $sql .= " LIMIT " . addslashes($start) . ", " . addslashes($number); $result = $db->getAll($sql,DB_FETCHMODE_ASSOC); if (DB::isError($db)){ $this->apology($db->getDebugInfo()); } $db->disconnect(); } return $result; } function addUser($user) { if (is_array($user)) { $verified = $this->verifyRequiredFields($user); if (!is_array($verified)) { $db =& $this->dbInit(); $id = $this->getNewID($db); // Insert the user $sql = "INSERT INTO `auth_users` (`id`, `loggedIn`, `created`"; foreach ($user as $key => $value) { if ($key != "id" && $key != "loggedIn" && $key != "created") $sql .= ", `$key`"; } $currentTime = time(); $sql .= ") VALUES ( '$id', '0', '$currentTime'"; foreach ($user as $key => $value) { if ($key == "password") $value = $this->hash($value); if ($key != "id" && $key != "loggedIn" && $key != "created") $sql .= ", '" . addslashes($value) . "'"; } $sql .= ")"; $result = $db->query($sql); if (DB::isError($result)) $this->apology($result->getDebugInfo()); // Now log the event $sql = "INSERT INTO `auth_log` (`user_id`, `ip`, `timestamp`, `type`, `entry`) VALUES ( '$id', '$this->userIP', '$currentTime', '0', 'Added user " . addslashes($user['username']) . "' )"; $result = $db->query($sql); if (DB::isError($result)) $this->apology($result->getDebugInfo()); $db->disconnect(); return true; } else { return $verified; } } else { $this->apology("When calling addUser(), the argument must be an array."); } } function editUser($userID, $changes) { $userID = (int) $userID; $user = array(); $sql = "SELECT * FROM `auth_users` WHERE `id` = '$userID'"; $db =& $this->dbInit(); $result = $db->query($sql); if (DB::isError($result)) $this->apology($result->getDebugInfo()); $result->fetchInto($user,DB_FETCHMODE_ASSOC); // slightly faster than fetchRow $db->disconnect(); $userInfo = $user; if (empty($user)) { return false; } else if (is_array($changes)) { foreach ($changes as $key => $value) { if ($this->properties[$key]["mutable"] != false && !empty($this->properties[$key])) { $user[$key] = $value; } else { $user[$key] = null; } } $verified = $this->verifyRequiredFields($user); $realerror = 0; if (is_array($verified)) { foreach($verified as $key => $value) { if (!empty($changes[$value["name"]])) { $realerror++; } } } if ($realerror == 0) { $db =& $this->dbInit(); $id = $this->getNewID($db); // Insert the user $sql = "UPDATE `auth_users` SET "; foreach ($user as $key => $value) { if ($key == "password") { if (empty($value)) $value = $userInfo["password"]; else $value = $this->hash($value); } if ($this->properties[$key]["mutable"] != false && isset($changes[$key]) && $value != $userInfo[$key]) $sql .= "`$key` = '" . addslashes($value) . "' ,"; } $sql .= "`id` = '$userID' WHERE `id` = '$userID'"; $result = $db->query($sql); if (DB::isError($result)) $this->apology($result->getDebugInfo()); $currentTime = time(); // Now log the event $sql = "INSERT INTO `auth_log` (`user_id`, `ip`, `timestamp`, `type`, `entry`) VALUES ( '" . $this->user["id"] . "', '$this->userIP', '$currentTime', '4', 'Updated user " . addslashes($userInfo['username']) . " ($userID)' )"; $result = $db->query($sql); if (DB::isError($result)) $this->apology($result->getDebugInfo()); $db->disconnect(); if ($this->user['id'] == $userID){ foreach ($user as $key => $value) { if ($this->properties[$key]["mutable"] != false && isset($changes[$key]) && $value != $userInfo[$key]) $this->user[$key] = $value; } } return true; } else { return $verified; } } else { $this->apology("When calling editUser(), the argument must be an array."); } } function deleteUser($userID) { $userID = (int) $userID; $user = array(); $sql = "SELECT * FROM `auth_users` WHERE `id` = '$userID'"; $db =& $this->dbInit(); $result = $db->query($sql); if (DB::isError($result)) $this->apology($result->getDebugInfo()); $result->fetchInto($user,DB_FETCHMODE_ASSOC); // slightly faster than fetchRow if (!empty($user)) { $sql = "DELETE FROM `auth_users` WHERE `id` = '$userID'"; $result = $db->query($sql); if (DB::isError($result)) $this->apology($result->getDebugInfo()); $currentTime = time(); // Now log the event $sql = "INSERT INTO `auth_log` (`user_id`, `ip`, `timestamp`, `type`, `entry`) VALUES ( '$id', '$this->userIP', '$currentTime', '4', 'Deleted user " . addslashes($user['username']) . " ($userID)' )"; $result = $db->query($sql); if (DB::isError($result)) $this->apology($result->getDebugInfo()); } $db->disconnect(); } function verifyRequiredFields($user) { $emptyFields = array(); foreach ($this->properties as $key => $value) { if ($value['unique'] == true) { if (empty($user[$key])) { array_push($emptyFields,array("name"=>$key,"description"=>$value['description'],"problem"=>"required")); } else { $checkVariable = array($key=>$user[$key]); if ($this->numUsers($checkVariable) > 0) array_push($emptyFields,array("name"=>$key,"description"=>$value['description'],"problem"=>"unique")); } } else if ($value['required'] == true) { if (empty($user[$key])) array_push($emptyFields,array("name"=>$key,"description"=>$value['description'],"problem"=>"required")); } if ($key == "username") { if ($this->validateUsername($user[$key]) == false) array_push($emptyFields,array("name"=>$key,"description"=>$value['description'],"problem"=>"not valid")); } } if (sizeof($emptyFields) == 0) return true; else return $emptyFields; } function login($user) { if (is_array($user)) { if ($this->numUsers($user) == 1){ $theSession = $this->newSession(); $db =& $this->dbInit(); // update DB to show logged in status $sql = "UPDATE `auth_users` SET `loggedIn` = '1', `session` = '$theSession' WHERE 1"; foreach ($user as $key => $value) { if ($key == "password") $value = $this->hash($value); $sql .= " AND `$key` = '" . addslashes($value) . "'"; } $result = $db->query($sql); if (DB::isError($result)) $this->apology($result->getDebugInfo()); // fetch all information from the database $sql = "SELECT * FROM `auth_users` WHERE 1"; foreach ($user as $key => $value) { if ($key == "password") $value = $this->hash($value); $sql .= " AND `$key` = '" . addslashes($value) . "'"; } $result = $db->query($sql); if (DB::isError($result)) $this->apology($result->getDebugInfo()); $result->fetchInto($props,DB_FETCHMODE_ASSOC); foreach ($props as $key => $value) { $this->user[$key] = $value; } // Now log the event if (sizeof($user) > 1){ $id = $this->user['id']; $currentTime = time(); $sql = "INSERT INTO `auth_log` (`user_id`, `ip`, `timestamp`, `type`, `entry`) VALUES ( '$id', '$this->userIP', '$currentTime', '1', 'Logged in user " . addslashes($this->user['username']) . "' )"; $result = $db->query($sql); if (DB::isError($result)) $this->apology($result->getDebugInfo()); } $db->disconnect(); $this->loggedIn = true; } else { $db =& $this->dbInit(); $id = $this->user['id']; $currentTime = time(); $sql = "INSERT INTO `auth_log` (`user_id`, `ip`, `timestamp`, `type`, `entry`) VALUES ( '$id', '$this->userIP', '$currentTime', '3', 'Bad login attempt " . addslashes($user['username']) . "' )"; $result = $db->query($sql); if (DB::isError($result)) $this->apology($result->getDebugInfo()); $db->disconnect(); } } else { $this->apology("When calling login(), the argument must be an array."); } } function logout() { // update DB to show logged out $db =& $this->dbInit(); $sql = "UPDATE `auth_users` SET `loggedIn` = '0', `session` = '' WHERE `session` = '" . addslashes($_COOKIE['session']) . "';"; $result = $db->query($sql); if (DB::isError($result)) $this->apology($result->getDebugInfo()); // Now log the event $id = $this->user['id']; $currentTime = time(); $sql = "INSERT INTO `auth_log` (`user_id`, `ip`, `timestamp`, `type`, `entry`) VALUES ( '$id', '$this->userIP', '$currentTime', '2', 'Logged out user " . addslashes($this->user['username']) . "' )"; $result = $db->query($sql); if (DB::isError($result)) $this->apology($result->getDebugInfo()); $db->disconnect(); // create a new random session $this->newSession(); // clear the user info array $this->user = array(); } function loginRequired($exitPage) { if (!$this->loggedIn) { header('WWW-Authenticate: Basic realm="Login Required"'); header('HTTP/1.0 401 Unauthorized'); echo <<<EOF <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Sorry</title> </head> <body onLoad="location.href='$exitPage';"> Sorry, you are not allowed to see this page. Please go <a href="$exitPage">back</a>. </body> </html> EOF; exit; } else { $theUser = array("username" => $_SERVER['PHP_AUTH_USER'], "password" => $_SERVER['PHP_AUTH_PW'] ); $this->login($theUser); if (!$this->loggedIn){ $this->loginRequired($exitPage); } } } function showLoginForm() { $currentURL = $_SERVER['PHP_SELF']; $uname = $this->properties['username']['description']; $passwd = $this->properties['password']['description']; return <<<EOD <form action="$currentURL" method="post"> <input type="hidden" name="type" value="login"> $uname: <input type="text" name="username"><br> Password: <input type="password" name="password"><br><br> <input type="submit" value="Login"> </form> EOD; } function showRegistrationForm() { $currentURL = $_SERVER['PHP_SELF']; $text = <<<EOD <form action="$currentURL" method="post"> <input type="hidden" name="type" value="registration"> EOD; foreach ($this->properties as $key => $value) { $type = ($key == "password") ? "password" : "text"; $showValue = ($key == "password") ? "" : addslashes($_POST[$key]); if ($value["visible"] == true) $text .= $value["description"] . ": <input type=\"$type\" name=\"$key\" value=\"$showValue\"><br>\n"; } $text .= <<<EOD <br><input type="submit" value="Register"> </form> EOD; return $text; } function showEditUserForm($userID) { $userID = (int) $userID; $user = array(); $sql = "SELECT * FROM `auth_users` WHERE `id` = '$userID'"; $db =& $this->dbInit(); $result = $db->query($sql); if (DB::isError($result)) $this->apology($result->getDebugInfo()); $result->fetchInto($user,DB_FETCHMODE_ASSOC); // slightly faster than fetchRow $db->disconnect(); if (empty($user)) { return false; } $currentURL = $_SERVER['PHP_SELF']; $text = <<<EOD <form action="$currentURL" method="post"> <input type="hidden" name="type" value="edituser"> <input type="hidden" name="id" value="$user[id]"> EOD; foreach ($this->properties as $key => $value) { $showValue = ($key != "password") ? $user[$key] : ""; $type = ($key == "password") ? "password" : "text"; if ($value["visible"] == true && $value["mutable"] != false) $text .= $value["description"] . ": <input type=\"$type\" name=\"$key\" value=\"$showValue\"><br>\n"; else if ($value["visible"] == true) $text .= $value["description"] . ": <strong>$showValue</strong><br>\n"; } $text .= <<<EOD <br><input type="submit" value="Update"> </form> EOD; return $text; } function initializeDB() { $first = true; $sql = "CREATE TABLE `auth_users` ("; foreach ($this->properties as $key => $value) { $type = (empty($value["type"])) ? "longtext" : $value["type"]; $valuedefault = (empty($value["valuedefault"])) ? "NOT NULL" : "DEFAULT '" . $value["valuedefault"] . "' NOT NULL"; if ($value["indexed"]) $indexed .= "`$key` ,"; if ($first) $first = false; else $sql .= ", "; $sql .= "`$key` $type $valuedefault"; } if (!empty($indexed)) $sql .= ", INDEX(" . substr($indexed,0,strlen($indexed)-2) . ")"; $sql .= ", PRIMARY KEY (`id`));\n\n"; $first = true; $sql .= "CREATE TABLE `auth_log` (`id` mediumint NOT NULL AUTO_INCREMENT, `user_id` mediumint NOT NULL, `ip` varchar(15) NOT NULL, `timestamp` int NOT NULL, `type` tinyint(1) DEFAULT '-1' NOT NULL, `entry` longtext NOT NULL, INDEX(`user_id`,`ip`,`type`), PRIMARY KEY (`id`));"; $this->apology( "Execute the following SQL code on your database to initialize the authentication and logging table:\n\n$sql" ); } } ?>
<b>Problem:</b> PHP authentication doesn't protect whole directories, HTTP authentication isn't automated (you always have those inflexible txt files) <b>Solution:</b> Using this script lets you update your .htpasswd file taking usernames and passwords from a MySQL source Just execute this script everytime a password/username combination is newly entered or changed. It's maybe not the "perfect" way, but the only way I found to protect whole directories with MySQL data. <? /*************************************** ** Title.........: Updating .htpasswd with MySQL ** Version.......: 1.0 ** Author........: Oliver Kuster ** Last changed..: July, 16th 2004 ** Application...: Call this script whenever a ** username/password entry is ** made or changed. ***************************************/ /*************************************** ** Open the .htpasswd file, reading mood ** Close it ** Open it again, ready to overwrite ***************************************/ $fp=fopen("../../members/.htpasswd","r") or die ("Can't open file"); fclose($fp); $fp=fopen("../../members/.htpasswd","w"); /*************************************** ** Get the data out of mysql (don't forget ** to connect to your MySQL database! ***************************************/ $result_list = mysql_query("SELECT id,username,password FROM users"); while (list($ht_id,$ht_username,$ht_password) = mysql_fetch_row( $result_list )) { /*************************************** ** Encrypt passwords for .htpasswd use ** Servers might use a "salt" - check ** manual on how to implement a salt ** and check with your ISP what salt ** they use. ** Write every entry from MySQL into ** the .htpasswd file in the classical ** username:password way. ***************************************/ $password_enc = crypt ($ht_password); $content = "$ht_username:$password_enc\n"; fwrite($fp,$content); } fclose($fp); ?>
Secure User Authentication, Supports banning, deletion, adding, etc. Based on MySQL Backend. ALWAYS LATEST CODE! http://www.phpportalen.net/viewtopic.php?t=10568#56993 <?php /** * Basic authentication with MySQL backend. * * Connection to database and session must be * initilized before use of this class. * * @author Fredrik Haugbergsmyr <hagman@hotbrev.com> * @copyright Fredrik Haugbergsmyr 2003 * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @package User_Library */ /** * @access public * @author Fredrik Haugbergsmyr <hagman@hotbrev.com> * @package User_Library * @version 0.9.0 */ class usrlib { /** * @access public * @var bool If user is logged in. */ var $logged_in = false; /** * @access public * @var int days a user should be banned */ var $bantime = 14; /** * @access private * @var bool If user is admin user. */ var $_admin = false; /** * @access private * @var string username of logged in user. */ var $_username = ''; /** * @access private * @var int Id of logged in user. */ var $_id = 0; /** * Class constructor */ function usrlib() { if (!empty($_SESSION['_usrlib'])) { $this->_admin = @$_SESSION['_usrlib']['admin']; $this->_id = @$_SESSION['_usrlib']['id']; $this->_username = @$_SESSION['_usrlib']['username']; } if ($this->logged_in === true) return ($this->logged_in = true); if (@$_SESSION['_usrlib']['logged_in']) ($this->logged_in = true); return false; } /** * Try to login. * * Returns true if user is already logged in * otherwise does it tries to login. * * @access public * @param string plain text username * @param string plain text password * @return bool true if user is successfully logged in false otherwise * @uses _bantime_expired * @uses _create_password */ function login($username, $password) { if ($this->logged_in) return true; $password = $this->_create_password($password); $q = @mysql_query("SELECT * FROM users WHERE username = '$username' && password = '$password';"); if ($r = @mysql_fetch_assoc($q)) { if ($r['banned'] == 'Y' && !$this->_bantime_expired($r['id'])) return false; $this->logged_in = $_SESSION['_usrlib']['logged_in'] = true; $this->_admin = $_SESSION['_usrlib']['admin'] = ($r['admin'] == 'Y' ? true : false); $this->_id = $_SESSION['_usrlib']['id'] = $r['id']; $this->_username = $_SESSION['_usrlib']['username'] = $r['username']; return true; } sleep(6); return false; } /** * Logout and and unset session vars. * * @access public * @return bool false */ function logout() { unset($this->_username, $this->_id, $this->_admin); unset($_SESSION['_usrlib']); return ($this->logged_in = false); } /** * Checks if bantime has expired for user * * Revokes ban if bantime has expired. * * @access private * @param int user id * @return bool true on success, false other wise * @see _get_user */ function _bantime_expired($id) { if (!$this->logged_in && !$this->_admin) return false; $user = $this->_get_user($id); if (time() > $user['bantime']) return (bool)$this->unban_user($id); return false; } /** * Create hash from plain text password. * * Returns a modified MD5 hash. * * @access private * @param string plain text password * @return string hashed password */ function _create_password($password) { $password = md5($password); $replace = array( '0' => '58t', '1' => '#B ', '2' => '=)s', '3' => '`3Y', '4' => '{&4', '5' => 'GFO', '6' => ' -U', '7' => ';_.', '8' => ' qA', '9' => '21g', 'a' => 'f %', 'b' => '/}d', 'c' => ' ,a', 'd' => '*~P', 'e' => '?+]', 'f' => 'X<i'); $password = strtr($password, $replace); $password = strrev(md5($password)); $password = strrev(strtr($password, $replace)); $password = md5($password); return (string)strtoupper(md5(base_convert(strrev($password), 16, 20))); } /** * Returns all info assciated with user * * Gets user info by id * * @access private * @param int User id * @return array associative array with user info */ function _get_user($id) { if (!$this->logged_in) return false; $q = @mysql_query("SELECT * FROM users WHERE id = '$id';"); return @mysql_fetch_assoc($q); } /** * Performs a regexp on usernames and passwords. * * String may only contain A-Z, a-z and 0-9. * * @access private * @param string String to check. * @return bool True if string matched, false otherwise */ function _valid_value($string) { return (bool)preg_match('/(^[a-zA-Z0-9\_]{4,32}$)/i', $string); } /** * Changes users password * * Checks and creates a new password for user. * * @access public * @param string plain text password * @return bool true if new password was added to database, false otherwise * @uses login * @uses _valid_value * @uses _create_password */ function change_password($password, $verpassword, $oldpassword) { if (!$this->logged_in) return false; if (!$this->_valid_value($password)) return false; if (md5($password) != md5($verpassword)) return false; if (!($user = $this->_get_user($this->_id))) return false; if ($this->_create_password($oldpassword) != $user['password']) return false; $verpassword = $this->_create_password($verpassword); if (@mysql_query("UPDATE users SET password = '$verpassword' WHERE id = '{$this->_id}' LIMIT 1;")) { $this->logged_in = false; $this->login($this->_username, $password); return true; } return false; } /** * Adds admin flag to user * * Must be an admin to change this * * @access public * @param mixed user id * @return bool True if user was alterd, false otherwise */ function change_user($id, $admin = true) { if (!$this->logged_in || !$this->_admin) return false; if (is_array($id)) foreach ($id as $value) $this->change_user($value); $admin = ($admin == true ? 'Y' : 'N'); return (bool)@mysql_query("UPDATE users SET admin = '$admin' WHERE id != '{$id}' LIMIT 1;"); } /** * Bans user by id * * Bans users for a number of days * * @access public * @param mixed user id * @return bool true on success, false other wise */ function ban_user($id) { if (!$this->logged_in) return false; if (is_array($id)) foreach ($id as $value) $this->ban_user($value); $bantime = (time()+intval(60*60*24*$this->bantime)); return (bool)@mysql_query("UPDATE users SET bantime = '$bantime', banned = 'Y' WHERE id = '{$id}' && admin = 'N' LIMIT 1;"); } /** * Revokes Ban for user by id * * Removes ban * * @access public * @param mixed user id * @return bool true on success, false other wise */ function unban_user($id) { if (!$this->logged_in) return false; if (is_array($id)) foreach ($id as $value) $this->unban_user($value); return (bool)@mysql_query("UPDATE users SET bantime = '', banned = 'N' WHERE id = '{$id}' && admin = 'N' LIMIT 1;"); } /** * Add user to system. * * You can not add already added users. And you * has to be an admin. * * @access public * @param string plain text username * @param string plain text password * @param string plain text verify password * @param bool admin user * @return bool True if user is added, false if user already exists * @uses _create_password * @uses _valid_value */ function create_user($username, $password, $verpassword, $admin = false) { if (!$this->logged_in || !$this->_admin) return false; if (md5($password) != md5($verpassword)) return false; if (!$this->_valid_value($username) || !$this->_valid_value($password)) return false; $admin = ($admin == true ? 'Y' : 'N'); $password = $this->_create_password($password); return (bool)@mysql_query("INSERT INTO users (username, password, admin) VALUES ('$username', '$password', '$admin');"); } /** * Delete user from system. * * You can not delete admins or yourself. And you * has to be an admin. * * @access public * @param mixed user id * @return bool True if user is deleted, false otherwise */ function delete_user($id) { if (!$this->logged_in || !$this->_admin) return false; if (is_array($id)) foreach ($id as $value) $this->delete_user($value); return (bool)@mysql_query("DELETE FROM users WHERE id = '$id' && admin = 'N' && id != '{$this->_id}' LIMIT 1;"); } } ?>
I intentionally used this function auth() to authenticate users from a login form and keep their information within the session, while passing the SID by GET or an other method.<br><br> At least an introduction to sessions. :-b <?php // ---------------------------------------------------------------------------------------- // topic: Track login vars through a session // author: Copyright (c) by Urs Gehrig <admin@circle.ch> // version: 1.0.0 // update: 26-7-2000 // PHP: php-4.0.0-win32 // // handling: use this function to ask for a login for first time visitors and track their // login/password information in a session on your server. i made this routine // to workaround cookies. you may need it, if clients do not accept cookies to // be set on their system. at the end of your application, you should destroy // the session to minimize disk use. // // Passwords: your_passwords.txt // your_login,your_password // my_login,my_password // // Browser: It has been tested it worked with IE5 // // Enjoy! It took me a day. :-b // ---------------------------------------------------------------------------------------- // ---------------------------------------------------------------------------------------- // functions // ---------------------------------------------------------------------------------------- function auth(){ global $PHP_SELF, $sent, $mysession, $login, $passwd; if(isset($sent)): // from login form $login_ok = 0; if (isset($login) and isset($passwd)): $fp = fopen("your_passwords.txt", "r"); while (feof($fp) == 0): $line = chop(fgets($fp,1000)); $arr = explode(",", $line); if (($arr[0] == $login) and ($arr[1] == $passwd)): session_start(); $mysession = array ("login" => $login, "passwd" => $passwd, "ID" => session_id(), "valid" => 1); session_register("mysession"); return 1; // authentication succeeded $login_ok = 1; break; endif; endwhile; endif; if(!$login_ok): return 0; //access denied endif; else: $login_ok = 0; session_start(); foreach($GLOBALS["mysession"] as $elem): $ses_tmp[] = $elem; endforeach; $fp = fopen("your_passwords.txt", "r"); while (feof($fp) == 0): $line = chop(fgets($fp,1000)); $arr = explode(",", $line); if (($arr[0] == $ses_tmp[0]) AND ($arr[1] == $ses_tmp[1])): session_start(); $mysession = array ("login" => $login, "passwd" => $passwd, "ID" => session_id(), "valid" => 1); session_register("mysession"); return 1; // authentication succeeded $login_ok = 1; break; endif; endwhile; if(!$login_ok): return 0; // access denied endif; endif; } function LoginForm(){ global $PHP_SELF; $header = '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"><HTML><HEAD><TITLE>login form</TITLE></HEAD><BODY>'; $footer = '</BODY></HTML>'; echo $header; ?> <form method="post" action="<?php echo basename($PHP_SELF); ?>" name=loginform> <table frame=void rules=none WIDTH="300"> <tr> <td align="left"> login: <td align="left"> <input type="text" name="login" maxlength=50 size=15 style="width: 120px; font-size: 12px"> <tr> <td align="left"> password: <td align="left"> <input type="password" name="passwd" maxlength=50 size=15 style="width: 120px; font-size: 12px"> <tr> <td align="left">&nbsp; <td align="left">&nbsp; <tr> <td align="left"> &nbsp; <td align="left"> <input type=submit value="login" name="sent" style="width: 50px; heigth: 18px; font-size: 12px"> </table> </form> <script type="text/javascript"> <!-- if (document.loginform) { document.loginform.login.focus(); } // --> </script> <?php echo $footer; } // ---------------------------------------------------------------------------------------- // main // ---------------------------------------------------------------------------------------- //init vars; $mysession = array ("login"=>FALSE, "passwd"=>FALSE, "ID"=>FALSE, "valid"=>FALSE); $uri = basename($PHP_SELF); $stamp = md5(srand(5)); if(!auth()): // authentication failed LoginForm(); // display login form else: // authentication was successful if (isset($sent)): $tmp = session_id(); echo "logged in from <b>login form</b><br><br>"; echo "Your login name: <b>".$mysession["login"]."</b><br>"; echo "Your password: <b>".$mysession["passwd"]."</b><br>"; echo "<br><br><br><a href='$uri?SID=$tmp'>load</a>"; else: $tmp = session_id(); echo "logged in from <b>session:</b> $tmp<br>"; echo "changing <b>stamp:</b> $stamp<br><br>"; echo "Your login name: <b>".$mysession["login"]."</b><br>"; echo "Your password: <b>".$mysession["passwd"]."</b><br>"; echo "<br><br><br><a href='$uri?SID=$tmp&stamp=$stamp'>load</a>"; endif; endif; ?>
Simple UNIX SMB authentication. This script allows web site users to be managed by a Windows NT/2000 or SAMBA primary domain controller. *** Please note that this PHP script will not execute correctly if placed on a Windows web server. *** Requires the installation of Samba (http://samba.sourceforge.net/) to validate usernames/passwords. The actual Samba server software does not need to run at all. It only uses the small "smbclient" binary installed with Samba. The only other requirement is that a file named "phpauth" be placed in the SMB logon servers NETLOGON directory (\\SERVERNAME\NETLOGON\). The file must contain only the word 'allow'. This script basically works exactly the same way as Squid Proxy Cache's SMB authentication does. It has been tested on Mac OS X with Samba 2.2.2 and Windows NT 4 SP 6. If you have any problems, please email me and I'd be happy to help out. Please note that this PHP script will not execute correctly if placed on a Windows web server. <html> <body> <h1>PHP SMB Authentication</h1> <form method="POST"> <table> <tr><td>Username:</td><td><input type="text" name="USER" size="12"></td></tr> <tr><td>Password:</td><td><input type="password" name="PASS" size="12"></td></tr> <tr><td>&nbsp;</td><td><input type="submit" value="submit" name="submit"></td></tr> </table> </form> <p> <?php if ($REQUEST_METHOD=="POST") { global $USER; global $PASS; ### # Be sure to create a file in the '$NETLOGONfolder' share (Usually //SERVER/NETLOGON/) # of the SMB PDC named '$filename', containing only the word 'allow'. # # This script requires the installation of Samba, http://samba.sourceforge.net/ # # Example terminal line executed using defaults below. The contents of the '$filename' should be returned, ie 'allow' # /usr/local/samba/bin/smbclient "//SERVER/NETLOGON" -I 192.168.27.1 -d 0 -E -U administrator%****** -W "DOMAIN" -c "get proxyauth -" ### # PDC Variables Below:- $SambaPath="/usr/local/samba/"; $ServerNetBIOS="SERVER"; $NETLOGONfolder="NETLOGON"; $ServerIP="192.168.27.1"; $DomainName="DOMAIN"; $filename="phpauth"; # Execute at UNIX command line:- $smbauth = exec($SambaPath."bin/smbclient \"//".$ServerNetBIOS."/".$NETLOGONfolder."\" -I ".$ServerIP." -d 0 -E -U ".$USER."%".$PASS." -W \"".$DomainName."\" -c \"get ".$filename." -\""); # Check to see if 'allow' is returned:- if ($smbauth=="allow" || $smbauth=="allow\n") { echo "Username and Password Accepted!"; } else { echo "Bad Username/Password!"; } } ?> </p> </body> </html>
Test if site is online with customer error message. <?php //onlineCheck("www.google.com", "This site is online", "This site is NOT online"); function onlineCheck($url, $good, $bad) { $url = str_replace("http://", "", $url); $url = str_replace("https://", "", $url); $fp = @fsockopen($url, 80); if (!$fp) { return $bad; } else { fclose($fp); return $good; } ?>
I've found the need to password protect a few webpages and didn't feel like setting up a "real" authentication scheme. This is pretty cheesy, but good for someone who has a webpage and wants to make the information only available to a select few. <HTML> <HEAD> <TITLE>Some Title</TITLE> </HEAD> <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#800080"> <center><img src="somecoolimage.jpg"></center> <?php $login = foo; $password = bar; if (isset($form[login]) && isset($form[password])){ if (($login == $form[login]) && ($password == $form[password])){ print("Put all the HTML here"); }else{ print("<h3>Invalid Login</h3><br><br><FORM method=post>"); print("<table> <tr> <td><b>Login</b></td> <td><b>Password</b></td> </tr> <tr> <td><input type=text name='form[login]'></td> <td><input type=password name='form[password]'></td> </tr> </table> <br><br><input type=submit value=Login></form>"); } }else{ print("<h3>&nbsp</h3><br><br> <FORM method=post><table> <tr> <td><b>Login</b></td> <td><b>Password</b></td> </tr> <tr> <td><input type=text name='form[login]'></td> <td><input type=password name='form[password]'></td> </tr> </table> <br><br><input type=submit value=Login></form>"); } ?> </BODY> </HTML>
<b>Easy to use PHP & mySql user tracker .</b><br>It combines a cookie with an id with a database to store informations . The cookie will hold an ID and then the vars and everything is read and written to the database . Perfect for user tracking and login systems . <b>Rate it .</b> I will share more code if appreciated properly . <?php //You are free to do anything with this as long as you don't claim it or remove this and the next line . //Copyright : darklight@go.ro . class UserTracker { /* $trackerTable; $newSession; $trackerID; $expireTime; $cookieName; isNewSession(); listUsers(); userCount($max=0); endSession($uid=""); getIP($uid=""); getUserAgent($uid=""); loginTime($uid=""); delVar($name,$uid=""); getVar($name,$uid=""); setVar($name,$data,$uid=""); lastVisitTime($uid=""); myID(); getTableName(); setExpiryTime($minutes); getExpiryTime(); */ var $trackerTable="UTracker"; var $newSession=0; var $trackerID=""; var $expireTime=15; var $cookieName="CTracker"; function UserTracker ($table="UTracker",$cookie="CTracker",$minutes=15) { if($minutes<15) $minutes=15; $this->expireTime=$minutes; $this->cookieName=$cookie; $this->trackerTable=$table; $query="CREATE TABLE IF NOT EXISTS `".$this->trackerTable."` ( `UID` int(10) unsigned NOT NULL auto_increment, `ID` varchar(35) NOT NULL, `JTime` int(15) NOT NULL, `Time` int(15) NOT NULL, `Expire` int(10) NOT NULL, `IP` varchar(15) NOT NULL default '', `UserAgent` varchar(255) NOT NULL default '', `Data` text NOT NULL default '', PRIMARY KEY (`UID`) ) TYPE=MyISAM";mysql_query ($query); //remove all the expired sessions . no need to keep them . cookies are long gone anyway . $query="DELETE FROM `".$this->trackerTable."` WHERE (".time()."-Time)>Expire"; mysql_query($query); $this->trackerID=$_COOKIE["$cookie"]; $query="SELECT * FROM `".$this->trackerTable."` WHERE `ID`='".$this->trackerID."'"; $result=mysql_query($query); $rec=array(); $rows=(int)mysql_num_rows($result); if($rows>0) { $rec=mysql_fetch_assoc($result); $this->expireTime=(int)$rec['Expire']/60; } //if the id is not in the database we create a new one even if we have an orphan cookie . if(($this->trackerID=="") || ($rows==0)) { $this->trackerID=md5((string)time().$_SERVER["HTTP_USER_AGENT"].$_SERVER["REMOTE_ADDR"]); //make sure there are no two identical sessions . it can`t happen for two different users from different hosts . $query="DELETE FROM `".$this->trackerTable."` WHERE `ID`=".$this->trackerID; mysql_query($query); setCookie($cookie,$this->trackerID,time()+($this->expireTime*60)); $query="INSERT INTO `".$this->trackerTable."` (`ID`,`Time`,`JTime`,`Expire`,`Data`,`UserAgent`,`IP`) VALUES ('".$this->trackerID."','".time()."','".time()."','".($this->expireTime*60)."','".serialize(array())."','".$_SERVER["HTTP_USER_AGENT"]."','".$_SERVER["REMOTE_ADDR"]."')"; $result=mysql_query($query); $this->newSession=1; } else { setCookie("$cookie",$this->trackerID,time()+($this->expireTime*60)); //make the life of the cookie longer and update time and IP . $query="UPDATE `".$this->trackerTable."` SET `Time`='".time()."',`IP`='".$_SERVER["REMOTE_ADDR"]."' WHERE `ID`='".$this->trackerID."'"; $result=mysql_query($query); $this->newSession=0; } } function getExpiryTime() { return $this->expireTime; } function setExpiryTime($minutes) { if($minutes<15) $minutes=15; $this->expireTime=$minutes; $query="UPDATE `".$this->trackerTable."` SET `Expire`='".($this->expireTime*60)."' WHERE `ID`='".$this->trackerID."'"; $result=mysql_query($query); } function myID() { return $this->trackerID; } function getTableName() { return $this->trackerTable; } function isNewSession() { return (bool)($this->newSession==1); } function setVar($name,$value,$uid="") { if($uid=="") $uid=$this->trackerID; $data=array(); $query="SELECT `Data` FROM `".$this->trackerTable."` WHERE `ID`='".$uid."'"; $result=mysql_query($query); if(mysql_num_rows($result)>0) { $rec=mysql_fetch_array($result); $data=unserialize($rec[0]); if(!is_array($data)) $data=array(); mysql_free_result($result); } $data["$name"]=$value; $query="UPDATE `".$this->trackerTable."` SET `Data`='".serialize($data)."' WHERE `ID`='".$uid."'"; $result=mysql_query($query); } function delVar($name,$uid="") { if($uid=="") $uid=$this->trackerID; $data=array(); $query="SELECT `Data` FROM `".$this->trackerTable."` WHERE `ID`='".$uid."'"; $result=mysql_query($query); if(mysql_num_rows($result)>0) { $rec=mysql_fetch_array($result); $data=unserialize($rec[0]); if(!is_array($data)) $data=array(); mysql_free_result($result); } unset($data["$name"]); $query="UPDATE `".$this->trackerTable."` SET `Data`='".serialize($data)."' WHERE `ID`='".$uid."'"; $result=mysql_query($query); } function getVar($name,$uid="") { if($uid=="") $uid=$this->trackerID; $data=array(); $query="SELECT `Data` FROM `".$this->trackerTable."` WHERE `ID`='".$uid."'"; $result=mysql_query($query); if(mysql_num_rows($result)>0) { $rec=mysql_fetch_array($result); $data=unserialize($rec[0]); if(!is_array($data)) $data=array(); mysql_free_result($result); } return $data["$name"]; } function loginTime($uid="") { if($uid=="") $uid=$this->trackerID; $data=0; $query="SELECT `JTime` FROM `".$this->trackerTable."` WHERE `ID`='".$uid."'"; $result=mysql_query($query); if(mysql_num_rows($result)>0) { $rec=mysql_fetch_array($result); $data=$rec[0]; mysql_free_result($result); } return $data; } function lastVisitTime($uid="") { if($uid=="") $uid=$this->trackerID; $data=0; $query="SELECT `Time` FROM `".$this->trackerTable."` WHERE `ID`='".$uid."'"; $result=mysql_query($query); if(mysql_num_rows($result)>0) { $rec=mysql_fetch_array($result); $data=$rec[0]; mysql_free_result($result); } return $data; } function getUserAgent($uid="") { if($uid=="") $uid=$this->trackerID; $data=""; $query="SELECT `UserAgent` FROM `".$this->trackerTable."` WHERE `ID`='".$uid."'"; $result=mysql_query($query); if(mysql_num_rows($result)>0) { $rec=mysql_fetch_array($result); $data=$rec[0]; mysql_free_result($result); } return $data; } function getIP($uid="") { if($uid=="") $uid=$this->trackerID; $data=""; $query="SELECT `IP` FROM `".$this->trackerTable."` WHERE `ID`='".$uid."'"; $result=mysql_query($query); if(mysql_num_rows($result)>0) { $rec=mysql_fetch_array($result); $data=$rec[0]; mysql_free_result($result); } return $data; } function userCount($max=0) { $query="SELECT COUNT(*) FROM `".$this->trackerTable."`"; if($maxSleep>0) $query.=" WHERE (".time()."-`JTime`)<".($max*60).""; $result=mysql_query($query); $rec=mysql_fetch_array($result); return (int)$rec[0]; } function listUsers() { $uids=array(); $result=mysql_query("SELECT `ID` FROM `".$this->trackerTable."`"); if(mysql_num_rows($result)>0) { while($rec=mysql_fetch_array($result)) { array_push($uids,$rec[0]); } mysql_free_result($result); } return $uids; } function endSession($uid="") { if($uid=="") $uid=$this->trackerID; $query="DELETE FROM `".$this->trackerTable."` WHERE `ID`='".$uid."'"; mysql_query($query); } }; ?>
PHP and MySQL running together for username/password check. <? /* SQL to build sample database named 'your-database-here' CREATE TABLE user-password-table ( username varchar(12), password varchar(12), ); INSERT INTO user-password-table VALUES ('your-username-here','your-password-here'); */ $username = "your-username-here"; $password = "your-password-here"; $database = "your-database-here"; $db = mysql_connect("localhost", "$username", "$password"); mysql_select_db("$database",$db); $result = mysql_query("select count(username) as Total from user-password-table where username='$username' and password='$password'",$db); $row = mysql_fetch_array($result); if ($row["Total"]=="0"): echo "<BODY bgcolor=\"#BFBFBF\" link=\"Black\" vlink=\"Black\" alink=\"Black\">"; echo "<FONT FACE=\"Arial\" COLOR=\"#FFFFFF\"> "; echo "<CENTER><H1>WARNING:<P>USER/PASSWORD Failed!</H1></CENTER>"; else: echo "<BODY bgcolor=\"#BFBFBF\" link=\"Black\" vlink=\"Black\" alink=\"Black\">"; echo "<FONT FACE=\"Arial\" COLOR=\"#FFFFFF\"> "; echo "<CENTER><H1>Welcome Back $username.</H1></CENTER>"; endif; mysql_close($db); ?>
On the login page: If the user is already logged on or if there are cookies or there is a valid session, he will be redirected to the member page. If the log in form isn't complete or the username or the password is wrong, the function will return the error variable. In areas for members only: If the user isn't logged on or there aren't any cookies or the session terminated, the user will be redirected to the login page. In the logout page: The user will be logged out. <? /* SCRIPT DETAILS: @author Philipe Fatio <fphilipe@hotmail.com> @version 1.0 NOTES: ________________________________________________ PASSWORDS IN COOKIES ARE SAVED MD5 ENCRYPTED. PASSWORDS IN DATABASES SHOULD BE MD5 ENCRYPTED. ________________________________________________ USE ON PAGES FOR LOGGED IN MEMBERS: $class = new userAut(); $loggedin = $class->loggedin(); If the user isn't logged on or there aren't any cookies or the session terminated, the user will be redirected to the login page. ________________________________________________ USE ON LOGIN PAGE: $class = new userAut(); $login = $class->login(); If the user is already logged on or if there are cookies or there is a valid session, he will be redirected to the member page. If the log in form isn't complete or the username or the password is wrong, the function will return the error variable. ________________________________________________ USE ON LOGOUT PAGE: $class = new userAut(); $logout = $class->logout(); The user will be logged out. ________________________________________________ HAVE YOU GOT QUESTIONS? SEND ME AN EMAIL TO fphilipe@hotmail.com ________________________________________________ */ class userAut { // declare $_SESSION variables: // The value is the name of the $_SESSION variable. // example: $_SESSION[$this->session_username] is equal to $_SESSION["username"]. // You can change these variables to your desired value. var $session_username = "username"; var $session_email = "email"; var $session_ip = "ip"; // declare $_COOKIE variables: // The value is the name of the $_COOKIE variable. // example: $_COOKIE[$this->cookie_username] is equal to $_COOKIE["username"]. // You can change these variables to your desired value. var $cookie_username = "username"; var $cookie_password = "password"; // declare $_POST variables: // The value is the name of the $_POST variable. // example: $_POST[$this->post_username] is equal to $_COOKIE["username"]. // You can change these variables to your desired value. var $post_username = "username"; var $post_password = "password"; var $post_cookie = "remember"; // not necesary // declare database variables: // Change these values. var $DB_host = "host"; var $DB_user = "username"; var $DB_pass = "password"; var $DB_db = "database"; var $DB_table_name = "users"; // enter the name of the table where the user data is saved var $DB_field_username = "username"; // enter the name of the field where the usernames are stored var $DB_field_password = "password"; // enter the name of the field where the passwords are stored var $DB_field_email = "email"; // enter the name of the field where the emails are stored // declare other variables: // Change these values. var $member_area = "memberarea"; // page only for logged in members var $login_page = "login"; // page with the login form var $error_form = "Please complete the form"; // the error message when form is incomplete var $error_user = "Username or password wrong"; // the error message when user doesn't exist or when the password is wrong // || // || // _ || _ !!!DON'T CHANGE ANYTHING FROM THIS POINT ON!!! // \\ || // // \\||// // \ / // \/ var $username; var $password; var $email; /** * @return bool * @desc Verify if user has got a session and if the user's IP corresonds to the IP in the session. */ function verifySession() { if (!isset($_SESSION[$this->session_username]) || !isset($_SESSION[$this->session_email]) || !isset($_SESSION[$this->session_ip]) || $_SESSION[$this->session_ip] != $_SERVER['REMOTE_ADDR']) { return false; } else { return true; } } /** * @return bool * @desc Verify if cookies exist. */ function verifyCookie() { if (isset($_COOKIE[$this->cookie_username]) && isset($_COOKIE[$this->cookie_password])) { $this->username = $_COOKIE[$this->cookie_username]; $this->password = $_COOKIE[$this->cookie_password]; return true; } else { return false; } } /** * @return void * @param string $page * @desc Redirect the browser to the value in $page. */ function redirect($page) { header("Location: ".$page); exit(); } /** * @return bool * @desc Verify username and password with MySQL database. */ function verifyDB() { mysql_connect($this->DB_host,$this->DB_user,$this->DB_pass); mysql_select_db($this->DB_db); $sql = "SELECT * FROM `".$this->DB_table_name."` WHERE `".$this->DB_field_username."` = '".$this->username."' AND `".$this->DB_field_password." = '".$this->password."';"; $query = mysql_query($sql); $row = mysql_fetch_assoc($query); $num = mysql_num_rows($query); if($num == 1) { $this->email = $row[$this->DB_field_email]; return true; } else { return false; } } /** * @return void * @desc Write username, email and IP into the session. */ function writeSession() { $_SESSION[$this->session_username] = $this->username; $_SESSION[$this->session_email] = $this->email; $_SESSION[$this->session_ip] = $_SERVER['REMOTE_ADDR']; } /** * @return void * @desc Write cookie with username and md5 encrypted password. */ function writeCookie() { setcookie($this->cookie_username,$this->username); setcookie($this->cookie_password,$this->password); } /** * @return bool * @desc Verify if login form fields were filled out. */ function verifyForm() { if (isset($_POST[$this->post_username]) && isset($_POST[$this->post_password]) && $_POST[$this->post_username] != "" && $_POST[$this->post_password] != "") { $this->username = $_POST[$this->post_username]; $this->password = md5($_POST[$this->post_password]); return true; } else { return false; } } /** * @return string * @desc If the user is already logged in or if there * are cookies or there is a valid session, he * will be redirected to the member page. If the * log in form isn't complete or the username or * the password is wrong, the function will * return the error variable. */ function login() { // verify if user is already logged in $v_session = $this->verifySession(); if ($v_session) { $this->redirect($this->member_area); } // verify if cookies are set and if cookies' data corespond to database's data $v_cookie = $this->verifyCookie(); if ($v_cookie) { $v_db = $this->verifyDB(); if ($v_db) { $this->writeSession(); $this->redirect($this->member_area); } } // verify if login form is complete $v_form = $this->verifyForm(); if (!$v_form) { if (isset($_POST[$this->post_username]) && isset($_POST[$this->post_password])) { return $this->error_form; } } // verify if form's data coresponds to database's data if ($v_form) { $v_db = $this->verifyDB(); if (!$v_db) { return $this->error_user; } else { $this->writeSession(); if ($_POST[$this->post_cookie]) { $this->writeCookie(); } $this->redirect($this->member_area); } } } /** * @return void * @desc The user will be logged out. */ function logout() { $_SESSION = array(); session_destroy(); header("Location: ".$this->login_page); } /** * @return void * @desc If the user isn't logged on or there aren't * any cookies or the session terminated, the * user will be redirected to the login page. */ function loggedin() { // verify if user is already logged in $v_session = $this->verifySession(); if (!$v_session) { // verify if cookies are set and if cookies' data corespond to database's data $v_cookie = $this->verifyCookie(); if ($v_cookie) { $v_db = $this->verifyDB(); if ($v_db) { $this->writeSession(); } } else { $this->redirect($this->login_page); } } } } ?>
add and select users on a mysql database ### /*create table users( username varchar(20), email varchar(35), birth varchar(10), city varchar(30), country varchar(40), adress varchar(50), posta integer, spec varchar(120), UNIQUE K_id(id), primary key(id) );, */ //Header.php <? $dbhost = "localhost"; $dbname = "database"; $dbuser = "root"; $dbpass = ""; mysql_connect("$dbhost", "$dbuser", "$dbpass"); mysql_select_db("$dbname"); ?> //newsign.php <? require("header.php"); ?> <? $numresults=mysql_query("select username from users where username='$username'"); $numrows=mysql_num_rows($numresults); if($numrows == "0") { $query = "insert into users (username, email, name, surname, birth, city, country, adress, posta, spec) values ('$username', '$email', '$name1', '$surname', '$birth', '$city', '$country', '$adress', '$posta', '$spec')"; $result = mysql_query($query); echo "Tebrikler <b>$username</b> kayd n z tamam!"; if($result) { echo "<br>"; }else{ echo " <br> hatal "; } }else{ echo "Kullanici adi mevcut L tfen <a href=javascript:history.back(-1)>geri</a> d n p tekrar deneyiniz"; } ?> //select.php <? require ("header.php"); ?> <? $query = "select * from users where username='$username'"; $result = mysql_query($query); while ($row = mysql_fetch_array ($result) ) { $kullanici = $row['username']; $ad = $row['name']; $soyad = $row['surname']; $email = $row['email']; $dogum = $row['birth']; $sehir = $row['city']; $ulke = $row['country']; $adres = $row['adress']; $post = $row['posta ']; $ozel = $row['spec']; $htmldataust = '<title>Aileniz.net</title> <body topmargin = 2 marginleft = 2 marginright = 0><table border = 0 cellspacing = 0 width = 100%> <tr> <td> <font color = black size=2>Aileniz.net... '; echo "$htmldataust"; echo "$kullanici <br> <br> "; echo "$ad <br> <br> "; echo "$soyad <br> <br> "; echo "$email <br> <br>"; echo "$dogum <br> <br>"; echo "$sehir <br> <br>"; echo "$ulke <br> <br>"; echo "$adres <br> <br>"; echo "$post <br> <br>"; echo "$ozel <br> <br>"; $htmldataalt = '</td></tr></table>'; echo "$htmldataalt"; } ?> //newsign.htm <form name=sign action=newsign.php method=post> Kullan c ad n z(En az en fazla 20 karakter olmal ) <br> <input type=text name=username size=12><br> E-mail Adresiniz( ifrenizin postalanaca adres)<br> <input type=text name=email size=12> <br> <br> <br> ------------- Ad n z <br> <input type=text name=name1> <br> Soyad n z<br> <input type=text name=surname> <br> Do um Tarihiniz(GG/AA/YY) <br> <input type=text name=birth> <br> Ya ad n z ehir<br> <input type=text name=city> <br> Ya ad n z lke<br> <input type=text name=country> <br> Adresiniz<br> <input type=text name=adress><br> Posta Kodu<br> <input type=text name=posta><br> Ki isel Tan m n z(Bu B l m sizin di er kullan c lar taraf ndan tan nman z i in kullan lacakt r)<br> <input type=text name=spec> <br> <input type=submit value=G nder> <input type=reset value=Sil> </form>
If you create regfistartion form and you wanto to check wheter the login member exist, password verify check and valid email check, then this function will help you with perform those task. <? /******************************************************************** * registration validation field function. * a function will check invalid char, verify password, existance login * and return the error message if occur, return null if validation succeed * Syntax : * - string validate (string login, string pass1, string pass2, string email); * * Copyright (C) 2001 Wibisono Sastrodiwiryo. * This program is free software licensed under the * GNU General Public License (GPL). * * CyberGL => Application Service Provider * http://www.cybergl.co.id * office@cybergl.co.id * * $Id: validation.php3,v 1 2001/06/25 21:47:33 wibi Exp $ *********************************************************************/ function validate ($login, $pass1, $pass2, $email) { global $tbl_member; if (ereg("^[_a-z0-9-]+$",$login)) { if (eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+([\.][a-z0-9-]+)+$",$email)) { if ($pass1 == $pass2) { $owner=mysql_fetch_array(mysql_query("SELECT login FROM $tbl_member WHERE login='$login'")); if ($owner[login]) {$err_msg="The Login \"<b>$login</b>\" exist";} } else {$err_msg="Verify Password Failed";} } else {$err_msg="Invalid Email";} } else {$err_msg="Reserved Character";} return $err_msg; } ?>