PHP Authenticating

**Chris Roane** · Jan 6, 2001 16:01

Hi,

I call up this script after someone fills out and submits a login form. The code is meant to see if the username and password matchs from another file and if it does, it should load the index page.

---------------------------------
<?
function authenticateUser($user, $password)
{

If($file = fopen("password.txt", "r")) {
$files = fread($file, 500);
$files = split("/", "$files");
$real_username = $files[0];
$real_password = $files[1];
If (($user == $real_username) && ($password == $real_password)) {
return 1 ;
} else {
return 0 ;
} // end if statement
} // end if statement

} // end function

If (authenticateUser($form_user_id,$form_password)) {
setcookie ("cookie_user","$form_user_id");
setcookie ("cookie_passwd","$form_password");
Header("Location: /index.php3");
}
?>
---------------------------------
When that page loads after I submit the login form, and when the login information is correct, it brings up these errors:

---------------------------------
Warning: Oops, php3_SetCookie called after header has been sent in /home/spot/spotscripts-www/phpmo/admin/admin.php3 on line 21

Warning: Oops, php3_SetCookie called after header has been sent in /home/spot/spotscripts-www/phpmo/admin/admin.php3 on line 22

Warning: Cannot add more header information - the header was already sent (header information may be added only before any output is generated from the script - check for text or whitespace outside PHP tags, or calls to functions that output text) in /home/spot/spotscripts-www/phpmo/admin/admin.php3 on line 23
---------------------------------

The previous code is the whole file.

Any help would be appreciated.

Chris Roane

**freddydoesphp** · Jan 6, 2001 16:06

You should really take a look at sessions for this kind of task.

**Chris Roane** · Jan 6, 2001 16:14

I've heard about Sessions before, but they sem pretty complicated.

What would the advantages of using sessions have over my current method?

Chris Roane

**freddydoesphp** · Jan 6, 2001 16:22

1) You can store your usernames and passwords in a database

Using Sessions
you simply call session_start(); at the top of the pages that you want to use session variables in

For instance
session_start();
session_register("SESSION");
session_register($SESSION["username"]);
$SESSION["username"] = "billybob";

now on any page I can call $SESSION["username"]
and get the value for the life of the session.

The point is that now you could simply put two lines at the top of pages you wanted password protected

if (empty($SESSION["username"])) header("Location: login.php");

Then on your login script page once the user is validated you can shoot them off to whatever page. It is basically like your method but all the cookie stuff is taken care of by the session functions

**Chris Roane** · Jan 6, 2001 16:34

That sounds like a good idea.

But I don't need to store my username and password in a database because there will only be one set of them. I thought it would be kind of pointless to create a table for only one username and one password.

"now on any page I can call $SESSION["username"]
and get the value for the life of the session."

What do you mean "life" of the session? Are you talking about how long that username has been logged in or something?

The whole purpose of this password protection is for the administration area of a script I am working on.

Thanks!

Chris Roane

**freddydoesphp** · Jan 6, 2001 17:57

exactly until you destroy the session close your browser or the session times out. It would make your adminisration a lot more scalable, so one day if you wanted you could give someone else a username and password to the admin area you wouln't need to change any scripts

**Vinay** · Jan 6, 2001 18:18

quick tip.. if you're the only person logging into the site, .htacess would be a much easier solution than any kind of scripts...

otherwise, sessions are good and scalable

**freddydoesphp** · Jan 6, 2001 18:24

And Vinay you could move your app from server with relative ease and completely independent of the web server providing you have php installed on each machine you want use. htaccess is an Apache thing and IIS doesn't have it.

**Elledan** · Jan 6, 2001 19:04

What are the best articles/tutorials on sessions?

I've already followed the tutorial at Webmonkey.com, but I just wanted to know whether there are more of the same high quality

**jrap** · Jan 6, 2001 19:13

Elledan,
there is one on http://www.devshed.com which is pretty good. I found that the best way is to go to php.net, and look through all the information they have on sessions (as well as read peoples comments), and try it out yourself.

As many people have said to me,
'RTFM'

**freddydoesphp** · Jan 6, 2001 19:17

Unforunately the manual doesn't give a lot of real world samples to go by, but I am with robp learn by doing! There are a couple of articles on phpbuilder.com as well.

**Elledan** · Jan 6, 2001 19:50

I'm new reading the articles at phpbuilder.com and I must say that they're really useful.

I hope to get a good grasp on sessions tomorrow.

Thanks for your replies.

**Chris Roane** · Jan 6, 2001 20:54

Vinay, yes I know, but it isn't just for myself. It is for a free script I am going to be distributing on spotscripts.com . I personally think it makes the script look better and more "powerful" if they have their owner user system, even though it isn't that big of a deal.

Also, there are some files that I don't want to be password protected in that directory, and I won't be able to do that with .htaccess.

The main reason why I am trying to figure this thing out is so I can expand my knowledge with cookies and "user" management type of things. I think this will give me a good start on it.

Thanks guys!

Chris Roane

**firepages** · Jan 7, 2001 07:46

Your problem will be with content or whitespace being echoed before the cookies and header are set, make sure when you include the files that that include is the very first bit of code on the page, with no whitespace betwen the top of the page and the call to the script.

also maybe do not bother with the return values, ie
If you lost the function and just include()'ed this script at the head of any protected page, you would need to call it with the path back to the calling page ie include("pass.php3?referer=index.php3").

if(!$cookie_user && !$cookie_password){//if cookies not alrrady set
If($file = fopen("password.txt", "r")) {
$files = fread($file, 500);
$files = split("/", "$files");
$real_username = $files[0];
$real_password = $files[1];
(($user == $real_username) && ($password == $real_password)) {
setcookie ("cookie_user","$form_user_id");
setcookie ("cookie_passwd","$form_password");
Header("Location: /$referer");
} else {
Header)"Location: oops.htm");
} // end if statement
} // end if statement
}//end if cookies set

Noting that you appear to be using PHP3,
you can also use a database to store the user names and passwords in a Database with or without sessions.

I would also suggest setting an expiry time for the cookies as I think netscape gets angry if you dont?

**Chris Roane** · Jan 7, 2001 11:08

Hi,

Thanks firepages! That is what I ended up doing before you posted and everything works great. The main problem that was causing the error was I had an HTML comment before the cookies, which I guess screwed things up.

Chris Roane

User Tag List

Thread: PHP Authenticating

Thread Tools

Display

Hybrid View

Bookmarks

Bookmarks

Posting Permissions