Page 1 of 4 123 ... LastLast
Results 1 to 10 of 38

Thread: Adjusting a php-login script to multiple users and pages

  1. #1
    Join Date
    Nov 2008
    Posts
    6
    Thanks
    2
    Thanked 0 Times in 0 Posts

    Default Adjusting a php-login script to multiple users and pages

    I still have this simple loginscript that works pretty well with a single username. It also redirects to only 1 page.

    For the site i'm working on right now, i need to have 2 different usernames each redirecting to another page. Is there any way to adjust the existing script?
    PHP Code:
    <?php
    /* secret.php
     CONSTANT DECLARATIONS - DO NOT CHANGE UPPERCASE CONSTANTS.
     Change lowercase values only
    */
    /* Administration */
    define("ADMINUSER""admin"); /* your administration login name - modify - you make it up */
    define("ADMINPASSWORD""admin"); /* your administration password - modify - you make it up */
    /* below is the webpage you will go to if your login is successful */
    define("ADMINHOME""test.php"); /* your administration page name - modify - the page you go to if the login is successful: Example: admin.php */
    ?>
    PHP Code:
    <?php
    //adminLogin.php
    //
    // requires for multi applications inter-operability using same admin-Login-Only module
    if(file_exists("secret.php")) { // admin-Login-Only admin user and password file
        
    require_once("secret.php");
    }
    // begin SECURITY - DO NOT CHANGE!
    // initialize or retrieve the current values for the login variables
    $loginAttempts = !isset($_POST['loginAttempts'])?1:$_POST['loginAttempts'];
    $formuser = !isset($_POST['formuser'])?NULL:$_POST['formuser'];
    $formpassword = !isset($_POST['formpassword'])?NULL:$_POST['formpassword'];
    if((
    $formuser != ADMINUSER ) || ($formpassword != ADMINPASSWORD )) {
        if (
    $loginAttempts == 0) { /* 1 strikes and they're out */
            
    $_POST['loginAttempts'] = 1;
            include(
    "meplog.php");
            exit;
        }else{
            if ( 
    $loginAttempts >= ) {
                
    header("Location: http://www.meppers.nl/index.php");
                exit();
            }else{
                
    header("Location: http://www.meppers.nl/index.php");
                exit();
            }
        }
    }
    /* test for valid username and password
       if valid then initialize the session
        register the username and password variables
        and include the ADMINHOME page
    */
    if (($formuser == ADMINUSER ) && ($formpassword == ADMINPASSWORD )) {    // test for valid username and password
        
    session_start();
        
    $_SESSION['adminUser'] = ADMINUSER;
        
    $_SESSION['adminPassword'] = ADMINPASSWORD;
        
    $SID session_id();
        
    $adminHome ADMINHOME;
        
    header("Location: http://www.meppers.nl/".$adminHome);
        exit();
    }    
    ?>
    PHP Code:
    <?php 
    //adminLogOut.php
    //
    /*
    If you enable register_globals, session_unregister() should be used since session 
    variables are registered as global variables when session data is deserialized.
    http://www.php.net/manual/en/ref.session.php
    */
    session_start();
    function 
    session_clear() {
    // if session exists, unregister all variables that exist and destroy session
      
    $exists "no";
      
    $session_array explode(";",session_encode());
      for (
    $x 0$x count($session_array); $x++) {
        
    $name  substr($session_array[$x], 0strpos($session_array[$x],"|")); 
        if (
    session_is_registered($name)) {
          
    session_unregister('$name');
          
    $exists "yes";
        }
      }
    if (
    $exists != "no") {
        
    session_destroy();
        }
    }
    session_clear();
    ?>
    PHP Code:
    <?php
    //adminOnly.php
    //
    session_start();
    if(   (!isset(
    $_SESSION['adminUser'])) || (!isset($_SESSION['adminPassword'])) ) {
        include_once(
    "adminLogin.php");
        exit;
    }
    // requires for multi applications inter-operability using same admin-Login-Only module
    if(file_exists("secret.php")) { // admin-Login-Only admin user and password file
        
    require_once("secret.php");
    }
    /* adminOnly.php
       if the session variables are not set or are incorrect values 
       then present the login screen
    */
    if( ($_SESSION['adminUser'] != ADMINUSER) || ($_SESSION['adminPassword'] != ADMINPASSWORD) ) {
        include_once(
    "adminLogin.php");
        exit;
    }else{
    ?>
    <?php 
    }?>
    and the protected pages have the following line on top
    PHP Code:
    <?php require_once("adminOnly.php");?>

  2. #2
    Join Date
    Jan 2008
    Posts
    4,167
    Thanks
    28
    Thanked 628 Times in 624 Posts
    Blog Entries
    1

    Default

    Try an mysql one, or a xml one:

    MySQL
    XML
    Jeremy | jfein.net

  3. #3
    Join Date
    Nov 2008
    Posts
    6
    Thanks
    2
    Thanked 0 Times in 0 Posts

    Default

    The xml is way to extensive (no need for registration and other features) and the mysql one.... well there is hardly any explaination on where to put the scripts, etc.
    I'm not a coder, i'm just someone who can adjust a fairly simple script to his own needs.

    I didn't wrote the script I put on before myself. I just know where to change it to get it to work with pages i'm using it for.
    So there is no way to adjust it to multiple-user/page?

    All it needs to do is redirect a user with login "a" and pw "b" to page "c"
    and anotherone with login "x" and pw "y" to page "z".
    no need to add more users or pages

    It's for the members of our team to go to a protected team-only page and with the same form i would like to redirect coaches and people who run the club to a page where they can upload stuff, put the gameresults online, etc.
    Last edited by Gert; 03-11-2009 at 03:23 AM.

  4. #4
    Join Date
    Jan 2008
    Posts
    4,167
    Thanks
    28
    Thanked 628 Times in 624 Posts
    Blog Entries
    1

    Default

    Not tested:
    PHP Code:
    <?php
    session_start
    ();

    $logins[0]["user"] = "a";
    $logins[0]["pass"] = "b";
    $logins[0]["redirect"] = "c.php";

    $logins[1]["user"] = "x";
    $logins[1]["pass"] = "y";
    $logins[1]["redirect"] = "z.php";

    // No need to edit below, except the errors

    if(isset($_POST['submit'])){ //is the form submitted?
      
    if(empty($_POST['user']) || empty($_POST['pass'])){
        echo 
    "You have to fill out the user name and password!";
        exit;
      } 
    //check for empty user name or password
      
    $is_logged false//this is part of the process to see if they have a correct password or not, set to false right here to say no right pass... (will change later)
      
    foreach($logins as $login){
        
    $user $_POST;
        if((
    $user["user"] == $login["user"]) && ($user["pass"] == $login["pass"])) {
          
    $is_logged true;
          
    $_SESSION["loggged_in"] = TRUE//now, if they do have a correct password, set the session to true, and the variable.
          
    header("Location: ".$login["redirect"]);
        }
      }
      if(!
    $is_logged){ echo "Username/password did not match, try again!"; } //if none of the $logins arrays matched the input, give an error
    }
    ?>

    <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
    Username:<br />
    <input type="text" name="user" /><br />
    Password:<br />
    <input type="password" name="pass" /><br />
    <input type="submit" name="submit" value="Log in!" />
    </form>
    And then protect.php:
    PHP Code:
    <?php
    session_start
    ();
      if((!isset(
    $_SESSION["logged_in"])) && !$_SESSION["logged_in"]){
        
    header("Location: login.php");
      } 
    //check to see if logged in, otherwise go to the login
    ?>
    Include protect.php every time theres a protected page.
    Last edited by Nile; 03-11-2009 at 04:01 AM.
    Jeremy | jfein.net

  5. #5
    Join Date
    Sep 2008
    Location
    Bristol - UK
    Posts
    842
    Thanks
    32
    Thanked 132 Times in 131 Posts

    Default

    PHP Code:
    if(isset($_POST['submit'])){
      if(!empty(
    $_POST['user']) || !empty($_POST['pass'])){
        echo 
    "You have to fill out the user name and password!";
        exit;
      } 
    Don't you mean:

    if (empty($_POST['user'] || empty($_POST['pass'])) ?

    if !empty would mean if you fill in a value it will tell you to enter a username and password

  6. #6
    Join Date
    Jan 2008
    Posts
    4,167
    Thanks
    28
    Thanked 628 Times in 624 Posts
    Blog Entries
    1

    Default

    Yes, I did fix that... Right before you posted. Thanks though!
    Jeremy | jfein.net

  7. #7
    Join Date
    Sep 2008
    Location
    Bristol - UK
    Posts
    842
    Thanks
    32
    Thanked 132 Times in 131 Posts

    Default

    Hehe, should have left a bit more time between you posting it and me replying

  8. #8
    Join Date
    Jan 2008
    Posts
    4,167
    Thanks
    28
    Thanked 628 Times in 624 Posts
    Blog Entries
    1

    Default

    Haha... 5 minutes is enough.

    (commented the code)
    Last edited by Nile; 03-11-2009 at 03:58 AM.
    Jeremy | jfein.net

  9. #9
    Join Date
    Nov 2007
    Posts
    35
    Thanks
    5
    Thanked 0 Times in 0 Posts

    Default This is great!

    Where do I put the protect.php? Sorry, I'm a php newbie. My form redirects to an html page.

  10. #10
    Join Date
    Jan 2008
    Posts
    4,167
    Thanks
    28
    Thanked 628 Times in 624 Posts
    Blog Entries
    1

    Default

    Everywhere you have a protected page, you should put this code at the top of it(it has to be a .php):

    PHP Code:
    <?php
    include("../protect.php");
    ?>
    Just put protect.php in the root directory.

    Version 2.

    What have I done?
    Protect page now works - credits to master_script_maker for helping me fix this
    Made something that makes the user aware they're logged in
    Made the session hold an array, one with the page they're supposed to go to, and one saying their logged in.
    Made a logout.

    Login.php
    PHP Code:
    <?php
    session_start
    ();

    if(isset(
    $_GET["log_out"])){
      unset(
    $_SESSION["logged_in"]);
      echo 
    "You're logged out, and will be redirected in about 3 seconds";
      
    header('refresh: 3; url=login.php');
      exit;
    }

    $login true;
    require 
    "protect.php";

    $logins[0]["user"] = "a";
    $logins[0]["pass"] = "b";
    $logins[0]["redirect"] = "c.php";

    $logins[1]["user"] = "x";
    $logins[1]["pass"] = "y";
    $logins[1]["redirect"] = "z.php";

    // No need to edit below, except the errors

    if(isset($_POST['submit'])){ //is the form submitted?
      
    if(empty($_POST['user']) || empty($_POST['pass'])){
        echo 
    "You have to fill out the user name and password!";
        exit;
      } 
    //check for empty user name or password
      
    $is_logged false//this is part of the process to see if they have a correct password or not, set to false right here to say no right pass... (will change later)
      
    foreach($logins as $login){
        
    $user $_POST;
        if((
    $user["user"] == $login["user"]) && ($user["pass"] == $login["pass"])) {
          
    $is_logged true;
          
    $_SESSION["logged_in"] = array($login["redirect"], true); //now, if they do have a correct password, set the session to true, and the variable.
          
    header("Location: ".$login["redirect"]);
        }
      }
      if(!
    $is_logged){ echo "Username/password did not match, try again!"; } //if none of the $logins arrays matched the input, give an error
    }
    ?>

    <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
    Username:<br />
    <input type="text" name="user" /><br />
    Password:<br />
    <input type="password" name="pass" /><br />
    <input type="submit" name="submit" value="Log in!" />
    </form>
    protect.php - credits to master_script_maker for helping me fix this
    PHP Code:
    <?php
    session_start
    ();
      if((!isset(
    $_SESSION["logged_in"])) || !$_SESSION["logged_in"][1]){
        if(!isset(
    $login)){
          
    header("Location: login.php"); //check to see if logged in, otherwise go to the login
        
    }
      } else if (isset(
    $login) || isset($index)){
        echo 
    "Your already logged in!! <a href='login.php?log_out'>Click here</a>, to logout. Or, go back to your <a href='{$_SESSION['logged_in'][0]}'>page</a>.";
        exit;
      }
    ?>
    index.php
    PHP Code:
    <?php
    $index 
    true;
    require 
    "protect.php";

    ?>
    Last edited by Nile; 03-12-2009 at 03:02 AM.
    Jeremy | jfein.net

  11. The Following User Says Thank You to Nile For This Useful Post:

    chrismathews (04-06-2009)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •