Forum Moderators: coopster
how can i do it? is it i need to create .htaccess file? how to create? any guide for doing a system like these? where can i get these information?
hope to get your though...thanks...
PHP has a wonderfull thing to control things like that:
[at.php.net...]
this means - you start a session and can control everywhere if your user is logged in....
but please read the ref I gave above....
hth,
ciao
session_start();
if ((!isset($log_user)&&!isset($pwd)) ¦¦!chktime($log_time) ¦¦ $user_rights==2) {
header("Location: /login.php");
exit;
}
In the first part I'm checking to see if the user has logged in. $log_user and $pwd are session variables which are set upon successful login.
Chktime is a simple function I wrote to see how long the user has been logged in. I personally don't want them logged for hours so I log them off after some predetermined amount of time. It simply checks the time when a new page is requested. It does not automatically refresh the screen to check though.
$user_rights is another session var that I use to determine what the user is allowed to see/access. I check this on every page as well so that no one can gain access to Admin pages even if they are legitimate users of the application.
i not understand that is it i have to assign value to variable $log_user, $pwd, $log_time? how to code it? any example of it? where can i get these information?
<?php
session_start();if (isset($kill)) {
session_unset();
session_destroy();
}if (!isset($log_user)&&!isset($pwd)) {
?>
<!DOCTYPE>
<head>
<html>
<body>
<h1>Please Login</h1>
<form method="post" action="login.php">
User Name: <input type="text" name="log_user"><br>
Password: <input type="password" name="pwd"><br> <input type="submit" value="login">
</form>
<?php
}
else {
$login_query = "Select id,user_name,user_pwd
From users
Where user = '".addslashes($log_user)."'";
$login = mysql_query($login_query) or die("Query failed. ".mysql_error());
if (!mysql_num_rows($login)) {
$HTTP_GET_VARS['login'] = 'fail';
}
else {
$udetails = mysql_fetch_array($login);
if (!validate_password($pwd, $udetails['user_pwd'])) {
$HTTP_GET_VARS['login'] = 'fail';
}
else {
$user_uid = $udetails['id'];
session_register("log_user","user_name","user_id");
header("Location: index.php");
exit;
}
}
if (isset($HTTP_GET_VARS['login']) && ($HTTP_GET_VARS['login'] == 'fail')) {
?>
<!DOCTYPE>
<html>
<head>
<body>
<form method="post" action="login.php">
User Name: <input type="text" name="log_user"><br>
Password: <input type="password" name="pwd"><br>
<input type="submit" value="login">
</form>
<?php
session_unset();
session_destroy();
}
}
?>
</body>
</html>
validate_password
function validate_password($plain, $encrypted) {
if (pixel_not_null($plain) && pixel_not_null($encrypted)) {
// split apart the hash / salt
$stack = explode(':', $encrypted);if (sizeof($stack)!= 2) return false;
if (md5($stack[1] . $plain) == $stack[0]) {
return true;
}
}
return false;
}
Not Null
function not_null($value) {
if (is_array($value)) {
if (sizeof($value) > 0) {
return true;
} else {
return false;
}
} else {
if (($value!= '') && ($value!= 'NULL') && (strlen(trim($value)) > 0)) {
return true;
} else {
return false;
}
}
}
but this is not exactly what i looking for. i want the script that prevent user from accessable the page without login, no matter they have login or not, if they directly goto index.php, they still can access..i wanna make index.php can be access for those logged in only. any guide?
but this is not exactly what i looking for. i want the script that prevent user from accessable the page without login, no matter they have login or not, if they directly goto index.php, they still can access..i wanna make index.php can be access for those logged in only. any guide?
I think what you're asking for is a way to prevent a user from accessing a page without logging in. Unless I'm just not understanding you (quite possible) the scripts I've posted - in combination - will do just that.
