FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


one line securing of php pages (login of users) (user auth)





jamez
For me, securing of PHP pages are too important.. I am using and coding in PHP.. I can say that I am an advanced PHP programmer, but not an expert one.. I wanted to share my techniques in securing PHP pages..

First, I am using SESSION variables for every pages needed a validation that the user is logged in or not.. I am using to start the session, get the current session id, then save it to cookie when the user is logged in (cookie expired in 100 million years).. But when the user close his browser, then the cookie will not be acceptable in the site anymore.. When the user visits the site again, he is not logged in anymore.. How do I code that?

Here is it: login.php
Code:

<?
// Config and connection for mysql page.
include("mysql.conf.php");

// Starts a session
session_start();

function displaylogin($error){
echo "<form method=\"post\" action=\"\">";
echo "Please login to your account now:<br><br>".$error;
echo "Username:&nbsp;<input name=\"user\" type=\"text\"><br>";
echo "Password:&nbsp;<input name=\"pass\" type=\"password\"><br>";
echo "<input type=\"submit\" value=\"Login\" name=\"subLogin\">
echo "</form>";
}

function setlogin($uid,$sid){
setcookie($sid,$uid,time()+60*60*24*30); // Sets cookie with the name as current session id and with the value of the user id.
echo "<script language=\"javascript\">location.href=\"index.php\"</script>"; // Redirect to index.php file.
}


if(!isset($_COOKIE[session_id()])){ // If cookie is stored with the right session id.. do..
displaylogin(""); // Error message is empty so we set blank to argument.
exit; // Take note to exit script to exit to index.php script.
}
elseif(isset($_POST['sublogin'])){ // If the form is submitted.. do..
// Database structures - table=users;fields=id,user,pass;
// Remeber: id is unique, user is unique.
$query = mysql_query("SELECT * FROM users WHERE user = '".$_POST['user']."'");
$result = mysql_fetch_array($query);
if($result['id']>0){
if($result['pass'] == md5($_POST['pass'])){
setlogin($result['id'],session_id());
}
else{
$error = "Wrong Password!<br><br>";
displaylogin($error);
exit;
}
}
else{
$error = "Wrong username!<br><br>";
displaylogin($error);
exit;
}
}
?>



Here is: protected_page.php or even index.php if you wanted to..
Code:

<?
include("login.php"); // Just include this file.. this is the secret..
?>
<p>Anything should be written here..</p>


Inclusion of login.php in every pages you may want to secure will be efforless in securing your pages.. The login.php file acts as your login UI for the users to login, process login of users, setting cookie for strong verification of logged user and CHECKING if the user is logged in..

This is my original code.. So you may reply if my code helps..
ganbate
nice tutorial.
i was looking something like this to secure my php pages.
thanks... i will try it.
jabapyth
there are way too many topics like this. Someone should write a sticky:
"how to secure/login using php" Very Happy
...
not me, of course Embarassed ; ive never done it before, so im no expert, but, really.
It should happen. (just a suggestion) Very Happy
Ghost Face
Code:

// Config and connection for mysql page.
include("mysql.conf.php");


Could you elaborate please?

Thanks.
Xcelerate
That's probably just a file with a username and password supplied and then it connects to the database. A lot of PHP scripts that use mySQL have just one script to do this so they don't have to keep rewriting it.
Rhysige
I use a one line process aswell which may be more suitable to some..
I make a function called securePage('level') and with this function have a series of "cases" for the level provided by the function.
Basically you secure it to the "level" of access you wish to be what you must have.

For example the user editing page you may put securePage('admin');

So its just another idea, have it as a function rather than an include.
kv
jabapyth wrote:
there are way too many topics like this. Someone should write a sticky:
"how to secure/login using php" Very Happy
...
not me, of course Embarassed ; ive never done it before, so im no expert, but, really.
It should happen. (just a suggestion) Very Happy


Very much true. It is a good idea to stick this topic itself. Mods can consider this.
Related topics
HTTP AUTH with PHP and mySQL
php and mysql connection in flash based website
Login Scripts
PHP DB Error: syntax error
Review: GNOME 2.14 (from Linux.com)
PHP VS ASP
Warning: mysql_connect(): Client does not support authentica
Login System help
150 frih to make this SIMPLE script
Pls Help. Inter-office Memorandum system...
How do i host my PHP pages?
Free PHP/MySQL login script
HTML vs PHP pages?
Adsense in user pages
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.