HTML
|
|
|
|
<?php
//Authenticate using php sessions and mysql
//by Christopher Fryer
//Check out www.constitutioncomputing.com.au
//this authenticate is idiot proof. Simply post
//user name and password to authenticated page using
//a form or whatever method you deem appropriate
//has Logout
session_start(); //Restarts session every time page is loaded
//These headers insure no one clicks back to see pages that are protected
header ("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past
header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modified
header ("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header ("Pragma: no-cache"); // HTTP/1.0
$hostname = "yourhostname";
$password = "yourpasswordname";
$user = "yourusername";
$database = "yourdatabase";
$table = "yourtable";
//Connect to database
mysql_connect($hostname,$user,$password) or die("Unable to connect to the database");
mysql_select_db($database) or die("Unable to select database");
if(!isset($name)) {//Checks if name is in session
if($username=="") {
session_destroy();//Kill session if user name not posted
die("User authentication failed, click <a href="index.php">here</a> to login again.");
} else {
$quer2 = mysql_query("SELECT * FROM $table WHERE UserName='$username' AND PassWord='$password2'")
or die("Unable to open the table");
if (mysql_num_rows($quer2)==0)
{
session_destroy();//kills the session if user not in the database
die("User authentication failed, click <a href="index.php">here</a> to login again.");//this stops the page from displaying to unauthorised users
} else {
//success user is valid grab details from database and register them in the session
$userid = mysql_result($quer2,0,"UserId");
$username = mysql_result($quer2,0,"UserName");
$name = mysql_result($quer2,0,"Name");
session_register("pracid");
session_register("username");
session_register("name");
session_register("password2");
}
}
}
else
{
$quer2 = mysql_query("SELECT * FROM $table WHERE UserName='$username' AND PassWord='$password2'")
or die("Unable to open the table");
if (mysql_num_rows($quer2)==0)
{
session_destroy();//kill session if user not in the database
die("User authentication failed, click <a href="index.php">here</a> to login again.");//die page die
}
}
if ($do == "logout") {
session_destroy();//kill session if do = logout eg <a href="authenticatedpage.php?do=logout">logout</a>
}
?>
|
|
|
Usage Example
|
<form method="post" action="authenticatedpage.php">
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="70" align="right">User Name:</td>
<td><input type="text" name="username" size="20"></td>
</tr>
<tr>
<td width="70" align="right">Password:</td>
<td><input type="password" name="password2" size="20"></td>
</tr>
</table>
<input type="submit" name="Submit" value="Login">
</form>
|
|
|
Rate This Script
|
|
|
|
Store
Your email: