here is a simple login script that i hope helps you advance your knowledge. i have commented it a lot, so, i hope it helps you understand what was done.
first, you will need to create a database with a table named "login", no quotes. That table will need a couple values entered in. there is only 2 columns really needed. "user" and "pass"
make sure the password value is entered in the database as an md5 encrypted password. you can use
this site for a converter.
now, create a script to allow you to connect to your database.
PHP:
<?php
$DATABASEname = "DATABASE"; // Database name
$DATABASEuser = "USER"; // User with rights to the database
$USERpassword = "PASSWORD"; // Users password
$MYSQLhost = "HOST"; // Mysql host, typically localhost
// Make the connection.
mysql_connect($MYSQLhost, $DATABASEuser, $USERpassword) OR die ('Could cont connect to MySQL: '.mysql_error());
mysql_select_db($DATABASEname) OR die ('Could not select the database: '.mysql_error() );
?>
ok, time for the fun stuff, create an index page for the login form. create a new file named "index.php"
PHP:
<?php # index.php
/*******************************************************************************
* iBright Login is a product of::
* © Method Computer Technologies ® All Rights Reserved 2006 - 2008
*
* Author: Justin St. Germain
*
* Method Computer Technologies
* 00+1+(480)233-5006
*
*******************************************************************************/
include ('connect.php'); // Connect to the database.
// Send NOTHING to the Web browser prior to the session_start() line!
// Check if the form has been submitted
if (isset($_POST['submitted'])) {
$errors = array(); // Initialize error array.
//Check for a username
if (empty($_POST['username'])) { // if the username wasnt entered
$errors[] = 'You need to enter a username.';
} else { // find the user name
$n = mysql_real_escape_string($_POST['username']);
}
//Check for a password
if (empty($_POST['password'])) { // If the password was not entered
$errors[] = 'You need to enter a password.';
} else { // run the password that was entered through md5 encryption check
$p = mysql_real_escape_string(md5($_POST['password']));
}
if (empty($errors)) { //If everything's OK.
/* Retrieve the user and pass
for username and password combination */
$query = "SELECT user, pass FROM login WHERE user='$n' AND pass='$p'";
$result = @mysql_query ($query); // Run the query
$row = mysql_fetch_array ($result, MYSQL_NUM); // Return a record, if applicable.
if ($row) { // A record was pulled from the database.
// Set the session data & redirect.
session_name ('uID');
session_start();
$_SESSION['user'] = $row[0];
$_SESSION['pass'] = $row[1];
$_SESSION['agent'] = md5($_SERVER['HTTP_USER_AGENT']);
// Redirect the user to the admin.php (SUCCESSFUL LOGIN) page.
// Start defining the URL.
$url = $strAdminURL;
// Check for a trailing slash
if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
$url = substr ($url, 0, -1); // Chop off the slash.
}
// Add the page.
$url .= '/admin.php';
header("Location: $url");
exit(); // Quit the script.
} else { // No record matched the query.
$errors[] = 'The username and password you entered do not match those on file.'; // Public Message.
}
} // End of if (empty($errors)) IF
mysql_close(); // Closes the database connection.
} else { // Form has not been submitted.
$errors = NULL;
}
//Begin the page login area now.
$page_title = 'Login';
?>
<html>
<head>
<meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1250">
<title><?=$pT?></title>
</head>
<body>
Welcome to the admin panel. Please login to start editing the site to your specifications.
<br><br>
<?
if (!empty($errors)) { // Print any error messages.
echo '<strong>Error!</strong><br/>
The following error(s) occured:<br/>';
foreach ($errors as $msg) { // Print each error.
echo " - $msg<br/>\n";
}
echo '<br/>Please try again.';
}
// Error message if someone trys to bypass the login.
if (isset($_GET['error'])) {
echo 'Error!<br/>
The following error(s) occured:<br/>';
echo ' - Please enter a username and password to access the admin panel.';
}
// Create the form.
?>
<b>Login</b>
<form action="index.php" method="post">
<p>Username:<br>
<input class="textArea" type="text" name="username" size="20" maxlength="40" /><br/>
Password:<br>
<input class="textArea" type="password" name="password" size="20" maxlength="20" /></p>
<p><input type="submit" name="submit" value="Login" /></p>
<input type="hidden" name="submitted" value="TRUE" />
</form>
</body>
</html>
now, you need create a file that will check to see if someone has tried to bypass your login or not, and if they do try to, it will kick them back to the login page and display an error. name this file "process.php"
PHP:
<?php # process.php
# User is checked here after login.
session_name ('uID');
session_start(); // Start the session
// If no session value is present, redirect the user
if (!isset($_SESSION['agent']) OR ($_SESSION['agent'] != md5($_SERVER['HTTP_USER_AGENT'])) ) {
// Start defining the URL
$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
// Check for a trailing slash
if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
$url = substr ($url, 0, -1); // Chop off the slash.
}
$url .= '/index.php?error=1'; // Add the page.
header("Location: $url");
exit(); // Quit the script.
}
?>
now that the bypass checking is done, we need to create a page to go to if you have successfully logged in. name this page "admin.php"
PHP:
<?php
require_once ('process.php'); // Make sure that the login was not bypassed.
// If the user logged in successfully, display the following message.
echo "Welcome to the admin panel. You have built a successful login script.<br/>\n";
echo "Every login scripts needs a way to log out, so, <a href=\"logout.php\">click here</a> to end the session.\n";
?>
now we need to be able to log out. create "logout.php"
PHP:
<?php
session_name ('uID'); // define the session to logout of.
session_start(); // declare that we are using sessions
unset($_SESSION['user'], $_SESSION['pass'], $_SESSION['agent']); // unset our sessions
session_destroy(); // now destory them and remove them from the users browser
// Start defining the URL
$url = 'http://' . $_SERVER['HTTP_HOST'];
// Check for a trailing slash
if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
$url = substr ($url, 0, -1); // Chop off the slash.
}
$url .= '/index.php'; // Add the page.
header("Location: $url"); // forward you to a page of your choice
exit(); // exit
?>
there you have it. i hope that helps you.