SitePoint Sponsor

User Tag List

Page 1 of 2 12 LastLast
Results 1 to 25 of 30

Hybrid View

  1. #1
    SitePoint Wizard Pedro Monteiro's Avatar
    Join Date
    Sep 2002
    Location
    Lisbon
    Posts
    1,393
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Having trouble with my user authentification script

    I am building a simple user recognition script, but I am having some trouble with the following parameters:

    I am able to redirect the user following the username and password validation to the page I desire.

    What I need to do right now is find a way to protect the pages that the user is being redirected too. I don't want to use cookie recognition so I'm trying to include a condition in the pages I wish to protect.

    Something like:

    <?php include("easylogicsprocessing.php");
    require($login == true);
    ?>

    in the top of the pages I want to protect.

    Consequently, I would have to do something like...



    //The file that the form will process: (easylogicsprocessing.php)

    <?php
    require("configure.php");

    if ($username == $a & $password == $a1) :
    header("Location:user1page.php");
    $login == true;
    elseif ($username == $b & $password == $b1):
    header("Location:user2page.php");
    $login == true;
    else :
    header("Location:error.php");
    $login == false;
    endif;
    ?>



    //The Configure.php page
    <?
    $a = "user1";
    $a1 = "password1";
    $b = "user2";
    $b1 = "password2";
    ?>

    //The HTML Form

    <form action="members/easylogicsprocessing.php" METHOD="post">
    <input name="username" type="text" style="width:112;height:18">
    <input name="password" type="password">
    <input name="Submit" type=image value="Submit" src="images/go1.jpg" width="46" height="25">
    </form>

    Sadly, the conditions always return false, and this solution simply sn't working.

    What am I missing guys?

    Be kind, please!

  2. #2
    if($awake){code();} PHP John's Avatar
    Join Date
    Jul 2002
    Location
    Along the Wasatch Fault line.
    Posts
    1,771
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    First of all, you should be getting an error with this:

    require($login == true);

    require() processes an external file, like include() does.

    If you want user authentication for these pages, and you don't want to use cookies, may I suggest sessions.

    This would be something that you would put at the top of all the pages you want secured:
    PHP Code:
    <?php
     
    session_start
    ();
    if( 
    $_SESSION['authorized'] != true )
    {
      
    header"Location: [the page for unauthorized users]" );
    }
     
    ?>
    In your login you would place this at the first of your script:

    session_start();

    Then if your client is an authorized user you would set $_SESSION['authorized'] = true, and redirect them to the page you want them to go to.

    HTH
    John

  3. #3
    SitePoint Wizard Pedro Monteiro's Avatar
    Join Date
    Sep 2002
    Location
    Lisbon
    Posts
    1,393
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thabk you so much John!

    But how do I set it up in such a way that each user is redirected to a specific page?

  4. #4
    if($awake){code();} PHP John's Avatar
    Join Date
    Jul 2002
    Location
    Along the Wasatch Fault line.
    Posts
    1,771
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Do you have a custom page for each individual user? Or do you send them all to the same page?
    John

  5. #5
    SitePoint Wizard Pedro Monteiro's Avatar
    Join Date
    Sep 2002
    Location
    Lisbon
    Posts
    1,393
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yep, each user has a custom page.

  6. #6
    SitePoint Member tahjah's Avatar
    Join Date
    Mar 2003
    Location
    US
    Posts
    22
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Pedro Monteiro
    Yep, each user has a custom page.
    Is the page dynamically generated? Just include the above snippet at the top of the page before you pull information from the database etc. If each user has a separate static page, then redirect to the page in an "else" branch depending on the username etc.

  7. #7
    if($awake){code();} PHP John's Avatar
    Join Date
    Jul 2002
    Location
    Along the Wasatch Fault line.
    Posts
    1,771
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You may want to store that address in a database field, probably in the users table. Then when you test for a valid user, you retrieve that address and use it this way:

    PHP Code:
    if the user is valid
    {
      
    header"Location: $usersPage);

    John

  8. #8
    SitePoint Wizard Pedro Monteiro's Avatar
    Join Date
    Sep 2002
    Location
    Lisbon
    Posts
    1,393
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    so for example if I have this table structure:

    CREATE TABLE Clients (
    ClientID int(11) NOT NULL auto_increment PRIMARY KEY,
    Username varchar(20) NOT NULL,
    Password varchar(20) NOT NULL
    );


    How do I add that adress in the field?

    and how do I call everyhting from the form?

  9. #9
    if($awake){code();} PHP John's Avatar
    Join Date
    Jul 2002
    Location
    Along the Wasatch Fault line.
    Posts
    1,771
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Tahjah asks a very important question. Are the pages created dynamically, or are the client pages static?

    Also, Tahjah, an "else" redirection would become quite impractical with many clients (i.e., 100+) and would be an absolute nightmare to maintain.
    John

  10. #10
    SitePoint Member tahjah's Avatar
    Join Date
    Mar 2003
    Location
    US
    Posts
    22
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by PHP John
    Also, Tahjah, an "else" redirection would become quite impractical with many clients (i.e., 100+) and would be an absolute nightmare to maintain.
    I know. I just gave that example in case he was using john.php, jane.php, jade.php, etc, which I hope not. Never know how people do things sometimes.

  11. #11
    SitePoint Wizard Pedro Monteiro's Avatar
    Join Date
    Sep 2002
    Location
    Lisbon
    Posts
    1,393
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by tahjah
    I know. I just gave that example in case he was using john.php, jane.php, jade.php, etc, which I hope not. Never know how people do things sometimes.
    Actually, that was just about the way I was thinking of doing it!

    I have about 20 clients, and it just seemed more preactical that way, specially for someone who knows very little about PHP and Mysql.

  12. #12
    SitePoint Wizard Pedro Monteiro's Avatar
    Join Date
    Sep 2002
    Location
    Lisbon
    Posts
    1,393
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    They are static.

  13. #13
    SitePoint Member tahjah's Avatar
    Join Date
    Mar 2003
    Location
    US
    Posts
    22
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Pedro Monteiro
    They are static.
    Since they are static, does each user's page have the same essential features, content, etc? If there are only minor changes between pages, a database/synamic page might suit your needs better, and save on maintenance issues as PHP John said.

  14. #14
    if($awake){code();} PHP John's Avatar
    Join Date
    Jul 2002
    Location
    Along the Wasatch Fault line.
    Posts
    1,771
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hmm... ok.
    CREATE TABLE Clients (
    ClientID int(11) NOT NULL auto_increment PRIMARY KEY,
    Username varchar(20) NOT NULL,
    Password varchar(20) NOT NULL,
    PageAddress varchar(20) NOT NULL
    );

    Post the code you have to authenticate the user after filling in the login form.
    John

  15. #15
    SitePoint Wizard Pedro Monteiro's Avatar
    Join Date
    Sep 2002
    Location
    Lisbon
    Posts
    1,393
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by PHP John
    Hmm... ok.
    CREATE TABLE Clients (
    ClientID int(11) NOT NULL auto_increment PRIMARY KEY,
    Username varchar(20) NOT NULL,
    Password varchar(20) NOT NULL,
    PageAddress varchar(20) NOT NULL
    );

    Post the code you have to authenticate the user after filling in the login form.


    <?PHP
    /***************************************************
    Custom Session Handler Class

    ***************************************************/
    class session
    {
    var $resource;
    /***************************************************
    Class Constructor - Sets Attributes
    ***************************************************/
    function session( $options )
    {
    $this->error = ( bool )false;
    $this->sh_sid = $options['sh_sid'];
    $this->db['host'] = $options['host'];
    $this->db['user'] = $options['user'];
    $this->db['pass'] = $options['pass'];
    $this->db['dbas'] = $options['dbas'];
    $this->db['ss_table'] = $options['db_ss_table'];
    $this->db['id_field'] = $options['db_id_field'];
    $this->db['ex_field'] = $options['db_ex_field'];
    $this->db['dt_field'] = $options['db_dt_field'];
    $this->db['connection'] = $options['db_connection'];
    $this->sess['expire'] = $options['sess_expire'];
    $this->sess['name'] = $options['sess_name'];
    $this->sess['cookies'] = $options['sess_use_cookies'];
    $this->sess['only_cookies'] = $options['sess_only_cookies'];
    $this->sess['probability'] = $options['sess_probability'];
    $this->sess['sid_len'] = $options['sess_len'];
    /***************************************************
    Call To Set INI Configuration Settings
    ***************************************************/
    $this->set_ini();
    /***************************************************
    Bind Methods To Save Handler
    ***************************************************/
    session_set_save_handler( array( &$this, 'open' ), array( &$this, 'close' ), array( &$this, 'read' ), array( &$this, 'write' ), array( &$this, 'destroy' ), array( &$this, 'gc' ) );
    /***************************************************
    Start The Session
    ***************************************************/
    if ( ( !isset( $_REQUEST[$this->sess['name']] ) ) && ( $this->sh_sid ) )
    {
    session_id( $this->new_sid() );
    session_start();
    }
    else
    {
    session_start();
    }
    }
    /***************************************************
    Method To Set INI Directives
    ***************************************************/
    function set_ini()
    {
    ini_set( 'session.save_handler', 'user' );
    ini_set( 'session.name', $this->sess['name'] );
    ini_set( 'session.use_cookies', $this->sess['cookies'] );
    ini_set( 'session.gc_maxlifetime', $this->sess['expire'] );
    ini_set( 'session.gc_probability', $this->sess['probability'] );
    ini_set( 'session.use_only_cookies', $this->sess['only_cookies'] );
    }
    /***************************************************
    Method To Open Our DB Connection
    ***************************************************/
    function open( $a, $b )
    {
    $this->resource = @$this->db['connection']( $this->db['host'], $this->db['user'], $this->db['pass'] ) or
    $this->error .= mysql_error();
    @mysql_select_db( $this->db['dbas'] ) or $this->error .= 'Could Not Select DB';
    return( $this->error );
    }
    /****************************************************
    Close DB Connection (not used but needed as arg)
    ****************************************************/
    function close()
    {
    return( ( bool )true );
    }
    /****************************************************
    Grab Our Session Data For Current User
    ****************************************************/
    function read( $id )
    {
    /****************************************************
    Bind DB Query
    ****************************************************/
    $query = @mysql_query( "SELECT * FROM " . $this->db['ss_table'] . " WHERE " . $this->db['id_field'] . " = '" . $id . "' AND " . $this->db['ex_field'] . " > '" . time() . "'" );
    /****************************************************
    Check For Active Session - If true - Return Data
    ****************************************************/
    if ( @mysql_num_rows( $query ) > ( int )0 )
    {
    $info = @mysql_fetch_assoc( $query );
    return( $info[$this->db['dt_field']] );
    }
    else
    {
    return( ( bool )false );
    }
    }
    /****************************************************
    Write Data To Current Session
    ****************************************************/
    function write( $id, $data )
    {
    /****************************************************
    Set Expire Time
    ****************************************************/
    $seconds = $this->sess['expire'] * 60;
    $expires = time() + $seconds;
    /****************************************************
    Check For Active Session
    ****************************************************/
    $_q = "SELECT " . $this->db['id_field'] . " FROM " . $this->db['ss_table'] . " WHERE " . $this->db['id_field'] . " = '" . session_id() . "'";
    $result = @mysql_query( $_q, $this->resource );
    /****************************************************
    If No Session Is Found - Create New Session
    ****************************************************/
    if ( !!@mysql_num_rows( $result ) )
    {
    $query = "INSERT INTO " . $this->db['ss_table'] . " VALUES( '" . $id . "', '" . $expires . "', '" . $data . "' )";
    }
    /****************************************************
    Else - Session Is Active; Update User Session
    ****************************************************/
    else
    {
    $query = "UPDATE " . $this->db['ss_table'] . " SET " . $this->db['ex_field'] . " = '" . $expires . "', " . $this->db['dt_field'] . " = '" . $data . "' WHERE " . $this->db['id_field'] . " = '" . $id . "' AND " . $this->db['ex_field'] . " > " . time();
    }
    /****************************************************
    Query DB - Return
    ****************************************************/
    return( @mysql_query( $query, $this->resource ) );
    }
    /****************************************************
    Method To Destroy Current Session
    ****************************************************/
    function destroy( $id )
    {
    /****************************************************
    Set Query
    ****************************************************/
    $query = "DELETE FROM " . $this->db['ss_table'] . " WHERE " . $this->db['id_field'] . " = '" . $id . "'";
    /****************************************************
    Null The Session Cookie
    ****************************************************/
    if ( isset( $_COOKIE[$this->sess['name']] ) )
    {
    unset( $_COOKIE[$this->sess['name']] );
    }
    /****************************************************
    Query And Return
    ****************************************************/
    return( @mysql_query( $query, $this->resource ) );
    }
    /****************************************************
    Method To Clean Up Reduntant Sessions
    ****************************************************/
    function gc( $a )
    {
    /****************************************************
    Set Query
    ****************************************************/
    $query = "DELETE FROM " . $this->db['ss_table'] . " WHERE " . $this->db['ex_field'] . " < '" . time() . "'";
    /****************************************************
    Query And Return
    ****************************************************/
    return( @mysql_query( $query, $this->resource ) );
    }
    /****************************************************
    Method To Return DB Connection Error
    ****************************************************/
    function connection_error()
    {
    return( $this->error );
    }
    /****************************************************
    Method To Create New Session ID
    ****************************************************/
    function new_sid()
    {
    /*********************************************
    Define Session ID Variable
    *********************************************/
    $_sid = ( bool )false;
    /*********************************************
    Character Range To Use For SID
    *********************************************/
    $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
    /*********************************************
    Get Count Of Characters In Cahracter Range
    *********************************************/
    $count = ( int )strlen( $chars );
    /*********************************************
    Create The SID
    *********************************************/
    for( $i = ( int )0; $i < $this->sess['sid_len']; $i++ )
    {
    $_sid .= $chars[ mt_rand( ( int )0, $count - ( int )1 ) ];
    }
    /*********************************************
    Return Data For Use
    *********************************************/
    return( $_sid );
    }
    /****************************************************
    End Custom Session Handler Class
    ****************************************************/
    }
    ?>

  16. #16
    if($awake){code();} PHP John's Avatar
    Join Date
    Jul 2002
    Location
    Along the Wasatch Fault line.
    Posts
    1,771
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It's not a bad way to do it (file name wise), if you are going to create static pages for each client.

    You would use the client name like this:

    header( "Location: $userName.php" );

    But, as Tahjah has said, if the changes are minor, make them dynamic utilizing the database. PHP was made for things like that.
    John

  17. #17
    SitePoint Wizard Pedro Monteiro's Avatar
    Join Date
    Sep 2002
    Location
    Lisbon
    Posts
    1,393
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This is the configuration file:

    <?PHP
    /***********************************************
    Database Connection Params
    ***********************************************/
    $options['host'] = ''; // Database Host Address
    $options['user'] = ''; // Database User Name
    $options['pass'] = ''; // Database Password
    $options['dbas'] = ''; // Database Name
    /***********************************************
    INI/Session Configuration Options
    ***********************************************/
    $options['db_connection'] = 'mysql_pconnect';
    $options['db_ss_table'] = '';
    $options['db_id_field'] = '';
    $options['db_ex_field'] = '';
    $options['db_dt_field'] = '';
    $options['sess_use_cookies'] = ( bool )true;
    $options['sess_only_cookies'] = ( bool )false;
    $options['sess_name'] = 'PHPSESSID';
    $options['sess_expire'] = ( int )24;
    $options['sess_probability'] = ( int )1;
    $options['sess_len'] = ( int )16;
    $options['sh_sid'] = ( bool )true;
    ?>

  18. #18
    SitePoint Wizard Pedro Monteiro's Avatar
    Join Date
    Sep 2002
    Location
    Lisbon
    Posts
    1,393
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    So basically, the Custom Session Handler Class should be in the action of the login form I presume?

    Forgive my absolute ignorance!

  19. #19
    if($awake){code();} PHP John's Avatar
    Join Date
    Jul 2002
    Location
    Along the Wasatch Fault line.
    Posts
    1,771
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Pedro Monteiro
    So basically, the Custom Session Handler Class should be in the action of the login form I presume?
    No.

    Your login authorization would look something like this:

    PHP Code:
    get the username and the password from the user
    query the database to see 
    if the user exists and has the right information
    if so
      redirect the user to their page 
    John

  20. #20
    SitePoint Wizard Pedro Monteiro's Avatar
    Join Date
    Sep 2002
    Location
    Lisbon
    Posts
    1,393
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by PHP John
    No.

    Your login authorization would look something like this:
    PHP Code:
    get the username and the password from the user
    query the database to see 
    if the user exists and has the right information
    if so
    redirect the user to their page 
    Hummm

    I see the logic, I just can't apply it!

  21. #21
    if($awake){code();} PHP John's Avatar
    Join Date
    Jul 2002
    Location
    Along the Wasatch Fault line.
    Posts
    1,771
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think you misunderstood.

    This code handles the custom sessions utilizing the database instead of flat files.

    Are you writing this code yourself, or are you trying to modify something to fit your needs?
    John

  22. #22
    SitePoint Wizard Pedro Monteiro's Avatar
    Join Date
    Sep 2002
    Location
    Lisbon
    Posts
    1,393
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The code I made was the first one I posted. This is the code that the form processes:

    <?php
    require("configure.php" );

    if ($username == $a & $password == $a1) :
    header("Location:user1page.php" );
    $login == true;
    elseif ($username == $b & $password == $b1):
    header("Location:user2page.php" );
    $login == true;
    else :
    header("Location:error.php" );
    $login == false;
    endif;
    ?>


    However, I failed to establish a connection between the above code and the mysql table.

  23. #23
    if($awake){code();} PHP John's Avatar
    Join Date
    Jul 2002
    Location
    Along the Wasatch Fault line.
    Posts
    1,771
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Pedro Monteiro
    The code I made was the first one I posted. This is the code that the form processes:

    <?php
    require("configure.php" );

    if ($username == $a & $password == $a1) :
    header("Location:user1page.php" );
    $login == true;
    elseif ($username == $b & $password == $b1):
    header("Location:user2page.php" );
    $login == true;
    else :
    header("Location:error.php" );
    $login == false;
    endif;
    ?>


    However, I failed to establish a connection between the above code and the mysql table.
    Sigh...

    Pedro, I'm going to send you back to the books for some of the basics of PHP programming.
    John

  24. #24
    SitePoint Wizard Pedro Monteiro's Avatar
    Join Date
    Sep 2002
    Location
    Lisbon
    Posts
    1,393
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by PHP John
    Sigh...

    Pedro, I'm going to send you back to the books for some of the basics of PHP programming. [img]images/smilies/wink.gif[/img]
    Oh dear me, is it that bad?

  25. #25
    SitePoint Wizard Pedro Monteiro's Avatar
    Join Date
    Sep 2002
    Location
    Lisbon
    Posts
    1,393
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Now, I was storing the user data in a PHP file, and I assigned variables to each.

    <?
    $a = "user1";
    $a1 = "password1";
    $b = "user2";
    $b1 = "password2";
    ?>

    After I read a tutorial I recognized that this could be done using a database, and so I created the database, but still, I was left with the doubt of how to connect these seperate pieces of code!


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •