FRIHOSTFORUMSSEARCHFAQTOSBLOGSCOMPETITIONS
You are invited to Log in or Register a free Frihost Account!


my first php login w/o database





Azmo
admin.php

Code:
<?php
 session_start();
?>

<!--html--->

<form name="login" enctype="multipart/form-data" method="post" action="check-login.php?logout=no">
      <br />
      <br />
      <h3>Logga in för att administrera sidan</h3>
      <p class="adm">Användarnamn:<br /><input type="text" name="user" maxlength="10" class="log"></p><br /><br /><br />
      <p class="adm">Lösenord:<br /><input type="password" name="password" class="log"></p><br /><br /><br />
      <p class="adm"><input type="submit" name="Skicka" value="Logga in" class="log"></p>
</form>


check-login.php

Code:
<?php
 // creat/link us to the right session
 session_start();
 // clear error msg
 $_SESSION['feluser'] = "";
 $_SESSION['addfault'] = "";
 // delete userdata
 $anvandare                         = "";
 $losenord                           = "";
 // set default to not loged in
 $_SESSION['loggedon'] = FALSE;
 // check if log out have been choosen
if ($_GET['logout'] == "no") {
 // get sent login-data
 $anvandare                         = $_POST['user'];
 $losenord                           = $_POST['password'];
}
else {
         $_SESSION['loggedon']          = FALSE;
         $_SESSION['addfault']          = "";
          $_SESSION ['anvandare']       = "";
           Header('Location: ../index.html');
}

 // Verify login-data
    if ($anvandare == "admin") {
       if ($losenord == "adminpass") {
          $_SESSION ['loggedon']          = TRUE;
          $_SESSION ['anvandare']       = $anvandare;
      }
    }
   elseif ($anvandare == "Mikael") {
       if ($losenord == "mikaelpass") {
          $_SESSION ['loggedon']          = TRUE;
          $_SESSION ['anvandare']       = $anvandare;
      }
    }


 // SESSION check if u are loged in or not, and send u to the right page

 if ($_SESSION['loggedon'] == TRUE) {
    $strLocation                      = "Location: adminpanel.php";
      Header('Location: adminpanel.php');
   
 } else {
    
   $_SESSION['feluser']                = "Fel användar namn eller Lösenord";
   Header('Location: admin.php');
 }
?>


adminpanel.php

Code:
<?php
 include 'loggedin.php';
 $anvandare = $_SESSION['anvandare'];
?>

<!---html--->

<h3>Welcome <?= $_SESSION['anvandare'] ?></h3>


I know some are written in Swedish, did change what I saw so all would understand it, if u have any questions feel free to ask, this is my first login I ever made, so feel free to coment aswell if you want Smile
SlowWalkere
This script could get a bit cumbersome if you add more than two users, but it gets the job done.

The only problem I see is that in "adminpanel.php" you don't check to see that the user is logged in. Unless "loggedin.php" is a script that checks to see if the user is still logged in?

If "loggedin.php" is not that type of script, then you should include a script that checks to see if the user is logged in, and if not bounces them back to the log-in script. Otherwise people could go directly to "adminpanel.php" without logging in.

You may have already thought of this, but you didn't quote "loggedin.php" in your post. Just thought I'd alert you to that possibility just in case...

Good luck,
- Walkere
Azmo
Code:
<?php
session_start();
if ($_SESSION['loggedon'] == FALSE) {
$_SESSION['private'] = "no";
 Header('Location: admin.php');
 exit;
 }
?>


hehe just forgot to add it to the list, ofc that file exist and you'll find what it containts above. Smile Yes I know it can be abit of a pain in the ass if you add alot of members. But I don't know how to make a "register" thingy yet, I'm working on it tho, tring to find one that is nicely coded and easy to understand since I'm still a beginner in this php scripting, and don't want to use scripts I don't understand, how much learning is it in that?

But if you happend to have a link to some "how-to-make-register.php" tutorial, please post it Very Happy
cemycc
Good script but you need some security at SESSIONs .
Try to search for CSRF attacks.
Related topics
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.