TalkPHP - View Single Post - PHP Session Login

boycoda · 06-07-2008, 03:01 PM

Hello everyone,

Ok.. i've come to a little puzzle for myself. Back in the day this would have been easy *neck sinks into shoulders*.

Anyhow, here is my code for the login page.

PHP Code:


			
<?php

    session_start(); ## Allows sessions

    include("inc/conn.php"); ## Includes the connection file for the database

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"

        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="en">



<head>

        <title>Clientel - QualityXHTML.com - A service to remember!</title>

        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />

        <link rel="stylesheet" type="text/css" href="style.css" />

        <!--[if lte IE 7]>

        <link rel="stylesheet" type="text/css" href="ie7.css" />

        <script defer type="text/javascript" src="pngfix.js"></script>

        <![endif]-->

        <!--[if lte IE 6]>

        <link rel="stylesheet" type="text/css" href="ie6.css" />

        <![endif]-->

</head>



<body>



        <div id="container">            

                

                <div id="content">

                

                        <div id="logo">

                        

                                <a href="http://clientel.qualityxhtml.com"><img src="img/logo.png" alt="Logotype" /></a>

                        

                        </div><!-- logo -->

                        

                        <div id="title">

                            

                                <h3>QualityXHTML Client Area</h3>

                            

                        </div><!-- title -->

                        

                        <div id="login">

                                <?php

                                

                                if(isset($_POST['submit'])) { ## If the submit button was pressed do the following

                                

                                    $usn = htmlspecialchars(addslashes($_POST['username'])); ## Submitted Username stored in a variable

                                    $psd = sha1(md5(md5(sha1(md5(sha1(sha1(md5($_POST['password'])))))))); ## Submitted Password stored in a variable

                                    

                                    $slct = mysql_query("SELECT * FROM `clients` WHERE `user` = '$usn'") or die(mysql_error());

                                    $check = mysql_num_rows($slct);

                                    

                                    if($check == '0') {

                                    

                                        echo "<p>Please supply the correct Username and Password!</p>";

                                    

                                    } else {

                                    

                                    $udata = mysql_fetch_array($slct);

                                    

                                    if($udata[client] == 1) {

                                    

                                        $_SESSION['id'] = "$user[id]";

                                        $_SESSION['password'] = "$user[password]";

                                    

                                        echo "<p>Welcome, $udata[full_name]!</p>" . "<p>&nbsp;</p>" . "<p>You will be redirect in a moment...</p>";

                                        

                                        ## Now we must redirect the user

                                        echo "<meta http-equiv='Refresh' content='2; URL=panel.php'/>";

                                    

                                    } else {

                                    

                                    if($udata[admin] == 1) {

                                    

                                        $_SESSION['id'] = "$user[id]";

                                        $_SESSION['password'] = "$user[password]"; 

                                    

                                        echo "<p>Welcome back, $udata[full_name]!</p>" . "<p>&nbsp;</p>" . "<p>Please <a href='/admin/'>click here</a> to goto your admin area!</p>";

                                    

                                    }

                                    

                                    }

                                    

                                    }

                                

                                } else {

                                

                                ?>

                        

                                <p class="italic">This area is for new and existing clients only.</p>



                                <p>Please logon to your account below.</p>



                                <form id="login" name="client login" method="post" action="">

                                        <fieldset>

                                                

                                                <div id="form_top">

                                                

                                                <input type="text" name="username" class="form" value="Username" /><input type="submit" name="submit" value="" title="Login" id="submit" />

                                                

                                                </div><!-- form_top -->



                                                <div id="form_bottom">

                                            

                                                <input type="password" name="password" class="form" value="*********" /><a href="#" id="password">Forgot password?</a>

                                            

                                                </div><!-- form_bottom -->

                                            

                                        </fieldset>

                                </form>

                                

                                <?php

                                } ## Close the loop

                                ?>

                        </div><!-- login -->

                

                </div><!-- content -->



        </div><!-- container -->

    

</body>

</html>

Ok, so here we are, if you get the username and password right in the database, then it'll show a message then direct you to a page. Bare in mind this login page is working perfectly fine.

However, what I want to do is secure that panel.php, so if the registered session is not identical to the one in the database, then it should throw up a message. But if its all correct, then display the site.

Here is the code I have got for the panel.php...

PHP Code:


			
<?php

    session_start(); ## Allows sessions

    include("inc/conn.php"); ## Includes the connection file for the database

    

    ## Session Security

    $usn = $_SESSION['id'];

    

    $slct = mysql_query("SELECT * FROM `clients` WHERE `user` = '$usn'") or die(mysql_error());

    

    $udata = mysql_fetch_array($slct);

    

    if(!$usn) {

    

        echo "NO!!!!!";

    

    } else {

    

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"

        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="en">



<head>

        <title>Clientel</title>

        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />

        <link rel="stylesheet" type="text/css" href="style.css" />

        <!--[if lte IE 6]><link rel="stylesheet" type="text/css" href="ie6.css" /><![endif]-->

        <!--[if IE 7]><link rel="stylesheet" type="text/css" href="ie7.css" /><![endif]-->

        <script type="text/javascript" src="jquery-latest.pack.js"></script> 

        <script type="text/javascript" src="jquery.pngFix.js"></script> 

        <script type="text/javascript"> 

                $(document).ready(function(){ 

                    $(document).pngFix(); 

                }); 

        </script>

</head>



<body>



        <div id="container_2">            

                

                <div id="logo_2">

                

                    <a href="http://clientel.qualityxhtml.com"><img src="img/logo.png" alt="Logotype" /></a>

                        

                </div><!-- logo -->

                        

                <div id="wrapper">

                

                    <div id="top">

                    </div><!-- top -->

                    

                    <div id="wrap">

                    <div id="left_side">

                    </div><!-- left_side -->

                    

                    <div id="right_side">

                    </div><!-- right_side -->

                    </div>

                

                </div><!-- wrapper -->



        </div><!-- container_2 -->

    

</body>

</html>

<?php

} ## Close Session Security

?>

All help is highly appreciated.

06-07-2008, 03:01 PM	#1 (permalink)
boycoda The Wanderer Join Date: Mar 2008 Location: United Kingdom Posts: 22 Thanks: 1	PHP Session Login - help needed. Hello everyone, Ok.. i've come to a little puzzle for myself. Back in the day this would have been easy neck sinks into shoulders. Anyhow, here is my code for the login page. PHP Code: <?php session_start(); ## Allows sessions include("inc/conn.php"); ## Includes the connection file for the database ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en"> <head> <title>Clientel - QualityXHTML.com - A service to remember!</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <link rel="stylesheet" type="text/css" href="style.css" /> <!--[if lte IE 7]> <link rel="stylesheet" type="text/css" href="ie7.css" /> <script defer type="text/javascript" src="pngfix.js"></script> <![endif]--> <!--[if lte IE 6]> <link rel="stylesheet" type="text/css" href="ie6.css" /> <![endif]--> </head> <body> <div id="container"> <div id="content"> <div id="logo"> <a href="http://clientel.qualityxhtml.com"><img src="img/logo.png" alt="Logotype" /></a> </div><!-- logo --> <div id="title"> <h3>QualityXHTML Client Area</h3> </div><!-- title --> <div id="login"> <?php if(isset($_POST['submit'])) { ## If the submit button was pressed do the following $usn = htmlspecialchars(addslashes($_POST['username'])); ## Submitted Username stored in a variable $psd = sha1(md5(md5(sha1(md5(sha1(sha1(md5($_POST['password'])))))))); ## Submitted Password stored in a variable $slct = mysql_query("SELECT * FROM `clients` WHERE `user` = '$usn'") or die(mysql_error()); $check = mysql_num_rows($slct); if($check == '0') { echo "<p>Please supply the correct Username and Password!</p>"; } else { $udata = mysql_fetch_array($slct); if($udata[client] == 1) { $_SESSION['id'] = "$user[id]"; $_SESSION['password'] = "$user[password]"; echo "<p>Welcome, $udata[full_name]!</p>" . "<p> </p>" . "<p>You will be redirect in a moment...</p>"; ## Now we must redirect the user echo "<meta http-equiv='Refresh' content='2; URL=panel.php'/>"; } else { if($udata[admin] == 1) { $_SESSION['id'] = "$user[id]"; $_SESSION['password'] = "$user[password]"; echo "<p>Welcome back, $udata[full_name]!</p>" . "<p> </p>" . "<p>Please <a href='/admin/'>click here</a> to goto your admin area!</p>"; } } } } else { ?> <p class="italic">This area is for new and existing clients only.</p> <p>Please logon to your account below.</p> <form id="login" name="client login" method="post" action=""> <fieldset> <div id="form_top"> <input type="text" name="username" class="form" value="Username" /><input type="submit" name="submit" value="" title="Login" id="submit" /> </div><!-- form_top --> <div id="form_bottom"> <input type="password" name="password" class="form" value="********" /><a href="#" id="password">Forgot password?</a> </div><!-- form_bottom --> </fieldset> </form> <?php } ## Close the loop ?> </div><!-- login --> </div><!-- content --> </div><!-- container --> </body> </html> Ok, so here we are, if you get the username and password right in the database, then it'll show a message then direct you to a page. Bare in mind this login page is working perfectly fine. However, what I want to do is secure that panel.php, so if the registered session is not identical to the one in the database, then it should throw up a message. But if its all correct, then display the site. Here is the code I have got for the panel.php... PHP Code: <?php session_start(); ## Allows sessions include("inc/conn.php"); ## Includes the connection file for the database ## Session Security $usn = $_SESSION['id']; $slct = mysql_query("SELECT FROM `clients` WHERE `user` = '$usn'") or die(mysql_error()); $udata = mysql_fetch_array($slct); if(!$usn) { echo "NO!!!!!"; } else { ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en"> <head> <title>Clientel</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <link rel="stylesheet" type="text/css" href="style.css" /> <!--[if lte IE 6]><link rel="stylesheet" type="text/css" href="ie6.css" /><![endif]--> <!--[if IE 7]><link rel="stylesheet" type="text/css" href="ie7.css" /><![endif]--> <script type="text/javascript" src="jquery-latest.pack.js"></script> <script type="text/javascript" src="jquery.pngFix.js"></script> <script type="text/javascript"> $(document).ready(function(){ $(document).pngFix(); }); </script> </head> <body> <div id="container_2"> <div id="logo_2"> <a href="http://clientel.qualityxhtml.com"><img src="img/logo.png" alt="Logotype" /></a> </div><!-- logo --> <div id="wrapper"> <div id="top"> </div><!-- top --> <div id="wrap"> <div id="left_side"> </div><!-- left_side --> <div id="right_side"> </div><!-- right_side --> </div> </div><!-- wrapper --> </div><!-- container_2 --> </body> </html> <?php } ## Close Session Security ?> All help is highly appreciated.