|
|
 |
beginning_php thread: Login verify script.
Message #1 by "Srinivasan Prasanna" <Sri_core@m...> on Sat, 12 Oct 2002 22:36:49
|
|
I have a fully functional login script. There are few pages in my portal
where any one can enter without registering at my site. But there are few
pages in my portal where I want to restrict anyone entering through a
login page. That is suppose some one comes to my page at
mydomain.com/stuff.php which I want to protect. I would like to do it this
way: The moment someone tries to enter this page I would like to redirect
them to my register page with a msg pls register at
mydomain.com/register.php and come back to mydomain.com/stuff.php . I
prefer my code to directly route them to this page after they register. Is
this doable? If so, any code snippets or ideas???
Thanks
Sri
Message #2 by "jorge" <jorge@d...> on Sat, 12 Oct 2002 20:20:52 -0500
|
|
Hi Srinivasan
All you need to do is to test for the existence of the eihter login cookie,
session vars,or the var you are passing
or check for the value of it
if($myauthenticationvar)
{
put all the page inhere
}
else{you redirecthem here}
it hard to say send you some code
without knowing how you are authenticating your users.
Jorge
----- Original Message -----
From: "Srinivasan Prasanna" <Sri_core@m...>
To: "beginning php" <beginning_php@p...>
Sent: Saturday, October 12, 2002 10:36 PM
Subject: [beginning_php] Login verify script.
> I have a fully functional login script. There are few pages in my portal
> where any one can enter without registering at my site. But there are few
> pages in my portal where I want to restrict anyone entering through a
> login page. That is suppose some one comes to my page at
> mydomain.com/stuff.php which I want to protect. I would like to do it this
> way: The moment someone tries to enter this page I would like to redirect
> them to my register page with a msg pls register at
> mydomain.com/register.php and come back to mydomain.com/stuff.php . I
> prefer my code to directly route them to this page after they register. Is
> this doable? If so, any code snippets or ideas???
> Thanks
> Sri
Message #3 by "Srinivasan Prasanna" <Sri_core@m...> on Sun, 13 Oct 2002 19:32:30
|
|
Hello Jorge
Thanks for the advise. THe way our developer's have designed the login
script works presently is this way:
A varaible '$chk_uid'is used to check if the user is valid or not
otherwise we ask the users to register online at newreg.php.
So do I just port your idea like:
if($chk_uid)
{
page1.php,page2.php;
}
else{index.php;
}
and save this as validation.php and include in all my pages. I just want
to make sure I am getting the idea you mentioned before I try this.
Thanks a lot for your input.
THe code for the index.php page is this:
<?php
include("header.inc");
$sRegistrationErr = "";
function tosql($value, $type="")
{
if($value == "")
return "NULL";
else
if($type == "Number")
return doubleval($value);
else
{
if(get_magic_quotes_gpc() == 0)
{
$value = str_replace("'","''",$value);
$value = str_replace("\\","\\\\",$value);
}
else
{
$value = str_replace("\\'","''",$value);
$value = str_replace("\\\"","\"",$value);
}
return $value;
}
}
$chk_uid = tosql($id, "Text");
?>
<HTML>
<HEAD>
<TITLE>INDEX</TITLE>
<link href="color_scroll.css" rel="styleSheet" type="text/css">
<STYLE>.brown {
COLOR: #c67a16; TEXT-DECORATION: none
}
.browncol {
COLOR: #c67a16
}
.white {
COLOR: #ffffff
}
</STYLE>
<script language=javascript>
function check()
{
var flagresult=true;
var lname=document.login.UID.value;
var pass=document.login.UPwd.value;
if (lname=="")
{
document.login.UID.focus()
alert("Enter the Username")
return false
}
if (pass=="")
{
document.login.UPwd.focus()
alert("Enter the Password")
return false
}
return true
}
</script>
</HEAD>
<BODY vLink=#cc6611 aLink=#ffffff link=#9a0000 bgcolor=#9a0000
leftMargin=0 topMargin=0 marginwidth="0" marginheight="0">
<?
$chk_false = "False";
if ($chk_uid != "")
{
$SQL = "SELECT * FROM login where user_login = '$chk_uid' and
S_login='$chk_false'";
$result = mysql_query($SQL,$db);
$fetch_em = mysql_fetch_array($result);
$num=mysql_numrows($result);
if($num > 0){
?>
<TABLE cellSpacing=1 cellPadding=1 width="100%"
align=center border=0 bgcolor="white">
<TR><td>
<P align=center><FONT face=Verdana color=red
size=2><STRONG>*Thank you for completing registration! Please login below
for the first time using your username and the temporary password provided
within the email sent to you.</STRONG></FONT></P></td></tr>
</table>
<?
}
}
?>
<TABLE cellSpacing=0 cellPadding=0 width=374 align=center bgColor=#9a0000
border=0 valign="MIDDLE" border=1>
<form name="login" action="login.php" method="POST" onsubmit="return check
();">
<TR><TD width=370 colSpan=3 height=65><IMG height=1 alt=""
src="images/trans.gif" width=1 border=0></TD></TR>
<TR><TD width=2><IMG height=1 alt="" src="images/trans.gif" width=2
border=0></TD><TD width=370><IMG height=1 alt="" src="images/trans.gif"
width=370 border=0></TD><TD width=2><IMG height=1 alt=""
src="images/trans.gif" width=2 border=0></TD></TR>
<TR><TD width=370 colSpan=3 height=10><IMG height=1 alt=""
src="images/trans.gif" width=1 border=0></TD></TR>
<TR><TD width=2 bgColor=#000000 rowSpan=10><IMG height=1 alt=""
src="images/trans.gif" width=1 border=0></TD><TD width=370
bgColor=#000000><IMG height=2 alt="" src="images/trans.gif" width=370
border=0></TD><TD width=2 bgColor=#000000 rowSpan=10><IMG height=1 alt=""
src="images/trans.gif" width=1 border=0></TD></TR>
<TR><TD width=370 height=100>
<TABLE cellSpacing=0 cellPadding=0 width=370 align=center
bgColor=#ffcc33 border=0 valign="MIDDLE">
<TBODY>
<TR><TD width=370>
<TABLE cellSpacing=0 cellPadding=0 width=370 bgColor=#437522
border=0>
<TBODY>
<TR><TD width=370 height=48><IMG height=55 alt=""
src="images/validate2header.gif" width=370 border=0></TD></TR>
</TBODY>
</TABLE>
<TABLE cellSpacing=0 cellPadding=0 width=370 bgColor=#ffcc33
border=0>
<TBODY>
<TR>
<TD width=5><IMG height=1 alt=""
src="images/trans.gif" width=5 border=0></TD>
<TD width=28><IMG height=1 alt=""
src="images/trans.gif" width=28 border=0></TD>
<TD width=49><IMG height=1 alt=""
src="images/trans.gif" width=49 border=0></TD>
<TD width=170><IMG height=1 alt=""
src="images/trans.gif" width=170 border=0></TD>
<TD width=82><IMG height=1 alt=""
src="images/trans.gif" width=82 border=0></TD>
<TD width=15><IMG alt="" src="images/trans.gif" width=1
border=0></TD></TR>
<TR>
<TD colSpan=6 height=3><IMG height=1 alt=""
src="images/trans.gif" width=1 border=0></TD></TR>
<TR>
<TD width=5 rowSpan=15><IMG height=1 alt=""
src="images/trans.gif" width=5 border=0></TD>
<TD colSpan=4 ><IMG height=1 alt=""
src="images/trans.gif" width=340
border=0><BR><FONT face=Verdana color=Navy
size=2> <b>Please key in your</b></FONT></TD>
<TD><IMG height=1 alt=""
src="images/trans.gif" width=1
border=0></TD></TR>
<TR>
<TD colSpan=6 height=3><IMG height=1 alt=""
src="images/trans.gif" width=1
border=0></TD></TR>
<TR>
<TD><IMG height=1 alt=""
src="images/trans.gif" width=1 border=0></TD>
<TD><FONT face=Verdana color=darkblue
size=1><b>User Name<b></FONT></TD>
<TD> <INPUT size=19 name=UID value="<?echo
$HTTP_COOKIE_VARS["id"]?>"></TD>
<TD><IMG height=1 alt=""
src="images/trans.gif" width=1
border=0></TD></TR>
<TR>
<TD colSpan=6 height=5><IMG height=1 alt=""
src="images/trans.gif" width=1
border=0></TD></TR>
<TR>
<TD><IMG height=1 alt=""
src="images/trans.gif" width=1 border=0></TD>
<TD height=15><FONT face=Verdana color=darkblue
size=1><b>Password</b></FONT></TD>
<TD height=15> <INPUT type=password size=19 name=UPwd
value="<?echo $HTTP_COOKIE_VARS["pwd"]?>"></TD>
<TD vAlign=top align=right colSpan=2 rowSpan=5>
<input type="image" src="images/enter.gif"><br><br>
</TD></TR>
<TR>
<TD height=10 colspan=3><IMG height=1 alt=""
src="images/trans.gif" width=1
border=0> <INPUT type="checkbox"
name="chk" <? if($HTTP_COOKIE_VARS["check"]!=""){ echo "checked";} ?>>
<font color=darkblue size=1 face=verdana>Remember my Username &
Password</font><br><br></TD>
<TD vAlign=bottom align=middle><IMG height=1 alt=""
src="images/trans.gif" width=1 border=0></TD>
<TD vAlign=top align=left height=10> </TD></TR>
<TR>
<TD colSpan=4><FONT face=Verdana color=#c67a16 size=1><B>
</B></FONT></TD>
<TD><IMG height=1 alt=""
src="images/trans.gif" width=1
border=0></TD></TR>
<TR>
<TD vAlign=bottom colSpan=5>
<TABLE cellSpacing=0 cellPadding=0 border=0 align=left>
<tr>
<TD><FONT face=Verdana color=#c67a16 size=1> <B><A class=brown
href="forgotp.php">FORGOT PASSWORD?</a></B></FONT></TD>
<TD><IMG height=3 alt="" src="images/trans.gif" width=1
border=0></TD><td><FONT face=Verdana color=#c67a16
size=1> <B> <A class=brown
href="newreg.php">REGISTER ME NOW!</A></B></FONT></td></TR></TBODY></TABLE>
</TD></TR>
</TBODY></TABLE>
</FORM>
</BODY>
</HTML>
> Hi Srinivasan
All you need to do is to test for the existence of the eihter login cookie,
session vars,or the var you are passing
or check for the value of it
if($myauthenticationvar)
{
put all the page inhere
}
else{you redirecthem here}
it hard to say send you some code
without knowing how you are authenticating your users.
Jorge
----- Original Message -----
From: "Srinivasan Prasanna" <Sri_core@m...>
To: "beginning php" <beginning_php@p...>
Sent: Saturday, October 12, 2002 10:36 PM
Subject: [beginning_php] Login verify script.
> I have a fully functional login script. There are few pages in my portal
> where any one can enter without registering at my site. But there are few
> pages in my portal where I want to restrict anyone entering through a
> login page. That is suppose some one comes to my page at
> mydomain.com/stuff.php which I want to protect. I would like to do it
this
> way: The moment someone tries to enter this page I would like to redirect
> them to my register page with a msg pls register at
> mydomain.com/register.php and come back to mydomain.com/stuff.php . I
> prefer my code to directly route them to this page after they register.
Is
> this doable? If so, any code snippets or ideas???
> Thanks
> Sri
Message #4 by "jorge" <jorge@d...> on Sun, 13 Oct 2002 13:52:48 -0500
|
|
Hi Srinivasan:
Just to make sure we understand each other
this is page1.php
<?
if($chk_uid)
{
//show contents of page1.php
<html>
</htm>
}
else
{
//send this user to index.php using the header fucntion
header("location: index.php");
}
?>
if you are ussing sessions you need to start the session in the very first
line
<?
session_start();
//then check for the value
if($chk_uid)
{
etc...
Saludos
Jorge
----- Original Message -----
From: "Srinivasan Prasanna" <Sri_core@m...>
To: "beginning php" <beginning_php@p...>
Sent: Sunday, October 13, 2002 7:32 PM
Subject: [beginning_php] Re: Login verify script.
> Hello Jorge
> Thanks for the advise. THe way our developer's have designed the login
> script works presently is this way:
> A varaible '$chk_uid'is used to check if the user is valid or not
> otherwise we ask the users to register online at newreg.php.
> So do I just port your idea like:
> if($chk_uid)
> {
> page1.php,page2.php;
> }
> else{index.php;
> }
> and save this as validation.php and include in all my pages. I just want
> to make sure I am getting the idea you mentioned before I try this.
> Thanks a lot for your input.
>
>
>
> THe code for the index.php page is this:
> <?php
> include("header.inc");
>
> $sRegistrationErr = "";
>
> function tosql($value, $type="")
> {
> if($value == "")
> return "NULL";
> else
> if($type == "Number")
> return doubleval($value);
> else
> {
> if(get_magic_quotes_gpc() == 0)
> {
> $value = str_replace("'","''",$value);
> $value = str_replace("\\","\\\\",$value);
> }
> else
> {
> $value = str_replace("\\'","''",$value);
> $value = str_replace("\\\"","\"",$value);
> }
> return $value;
> }
> }
>
>
> $chk_uid = tosql($id, "Text");
>
>
> ?>
>
>
> <HTML>
> <HEAD>
> <TITLE>INDEX</TITLE>
> <link href="color_scroll.css" rel="styleSheet" type="text/css">
> <STYLE>.brown {
> COLOR: #c67a16; TEXT-DECORATION: none
> }
> .browncol {
> COLOR: #c67a16
> }
> .white {
> COLOR: #ffffff
> }
> </STYLE>
> <script language=javascript>
>
> function check()
> {
>
> var flagresult=true;
> var lname=document.login.UID.value;
> var pass=document.login.UPwd.value;
>
>
> if (lname=="")
> {
> document.login.UID.focus()
> alert("Enter the Username")
> return false
> }
>
> if (pass=="")
> {
> document.login.UPwd.focus()
> alert("Enter the Password")
> return false
> }
>
> return true
>
> }
> </script>
> </HEAD>
>
>
> <BODY vLink=#cc6611 aLink=#ffffff link=#9a0000 bgcolor=#9a0000
> leftMargin=0 topMargin=0 marginwidth="0" marginheight="0">
>
> <?
> $chk_false = "False";
> if ($chk_uid != "")
> {
> $SQL = "SELECT * FROM login where user_login = '$chk_uid' and
> S_login='$chk_false'";
>
> $result = mysql_query($SQL,$db);
> $fetch_em = mysql_fetch_array($result);
> $num=mysql_numrows($result);
>
> if($num > 0){
>
> ?>
> <TABLE cellSpacing=1 cellPadding=1 width="100%"
> align=center border=0 bgcolor="white">
> <TR><td>
> <P align=center><FONT face=Verdana color=red
> size=2><STRONG>*Thank you for completing registration! Please login below
> for the first time using your username and the temporary password provided
> within the email sent to you.</STRONG></FONT></P></td></tr>
> </table>
> <?
> }
> }
> ?>
> <TABLE cellSpacing=0 cellPadding=0 width=374 align=center bgColor=#9a0000
> border=0 valign="MIDDLE" border=1>
> <form name="login" action="login.php" method="POST" onsubmit="return check
> ();">
>
> <TR><TD width=370 colSpan=3 height=65><IMG height=1 alt=""
> src="images/trans.gif" width=1 border=0></TD></TR>
> <TR><TD width=2><IMG height=1 alt="" src="images/trans.gif" width=2
> border=0></TD><TD width=370><IMG height=1 alt="" src="images/trans.gif"
> width=370 border=0></TD><TD width=2><IMG height=1 alt=""
> src="images/trans.gif" width=2 border=0></TD></TR>
> <TR><TD width=370 colSpan=3 height=10><IMG height=1 alt=""
> src="images/trans.gif" width=1 border=0></TD></TR>
> <TR><TD width=2 bgColor=#000000 rowSpan=10><IMG height=1 alt=""
> src="images/trans.gif" width=1 border=0></TD><TD width=370
> bgColor=#000000><IMG height=2 alt="" src="images/trans.gif" width=370
> border=0></TD><TD width=2 bgColor=#000000 rowSpan=10><IMG height=1 alt=""
> src="images/trans.gif" width=1 border=0></TD></TR>
> <TR><TD width=370 height=100>
> <TABLE cellSpacing=0 cellPadding=0 width=370 align=center
> bgColor=#ffcc33 border=0 valign="MIDDLE">
> <TBODY>
> <TR><TD width=370>
>
> <TABLE cellSpacing=0 cellPadding=0 width=370 bgColor=#437522
> border=0>
> <TBODY>
> <TR><TD width=370 height=48><IMG height=55 alt=""
> src="images/validate2header.gif" width=370 border=0></TD></TR>
> </TBODY>
> </TABLE>
>
> <TABLE cellSpacing=0 cellPadding=0 width=370 bgColor=#ffcc33
> border=0>
> <TBODY>
> <TR>
> <TD width=5><IMG height=1 alt=""
> src="images/trans.gif" width=5 border=0></TD>
> <TD width=28><IMG height=1 alt=""
> src="images/trans.gif" width=28 border=0></TD>
> <TD width=49><IMG height=1 alt=""
> src="images/trans.gif" width=49 border=0></TD>
> <TD width=170><IMG height=1 alt=""
> src="images/trans.gif" width=170 border=0></TD>
> <TD width=82><IMG height=1 alt=""
> src="images/trans.gif" width=82 border=0></TD>
> <TD width=15><IMG alt="" src="images/trans.gif" width=1
> border=0></TD></TR>
>
> <TR>
> <TD colSpan=6 height=3><IMG height=1 alt=""
> src="images/trans.gif" width=1 border=0></TD></TR>
>
> <TR>
> <TD width=5 rowSpan=15><IMG height=1 alt=""
> src="images/trans.gif" width=5 border=0></TD>
> <TD colSpan=4 ><IMG height=1 alt=""
> src="images/trans.gif" width=340
> border=0><BR><FONT face=Verdana color=Navy
> size=2> <b>Please key in your</b></FONT></TD>
> <TD><IMG height=1 alt=""
> src="images/trans.gif" width=1
> border=0></TD></TR>
> <TR>
> <TD colSpan=6 height=3><IMG height=1 alt=""
> src="images/trans.gif" width=1
> border=0></TD></TR>
> <TR>
> <TD><IMG height=1 alt=""
> src="images/trans.gif" width=1 border=0></TD>
> <TD><FONT face=Verdana color=darkblue
> size=1><b>User Name<b></FONT></TD>
> <TD> <INPUT size=19 name=UID value="<?echo
> $HTTP_COOKIE_VARS["id"]?>"></TD>
> <TD><IMG height=1 alt=""
> src="images/trans.gif" width=1
> border=0></TD></TR>
> <TR>
> <TD colSpan=6 height=5><IMG height=1 alt=""
> src="images/trans.gif" width=1
> border=0></TD></TR>
> <TR>
> <TD><IMG height=1 alt=""
> src="images/trans.gif" width=1 border=0></TD>
> <TD height=15><FONT face=Verdana color=darkblue
> size=1><b>Password</b></FONT></TD>
> <TD height=15> <INPUT type=password size=19 name=UPwd
> value="<?echo $HTTP_COOKIE_VARS["pwd"]?>"></TD>
> <TD vAlign=top align=right colSpan=2 rowSpan=5>
> <input type="image" src="images/enter.gif"><br><br>
> </TD></TR>
> <TR>
> <TD height=10 colspan=3><IMG height=1 alt=""
> src="images/trans.gif" width=1
> border=0> <INPUT type="checkbox"
> name="chk" <? if($HTTP_COOKIE_VARS["check"]!=""){ echo "checked";} ?>>
> <font color=darkblue size=1 face=verdana>Remember my Username &
> Password</font><br><br></TD>
> <TD vAlign=bottom align=middle><IMG height=1 alt=""
> src="images/trans.gif" width=1 border=0></TD>
> <TD vAlign=top align=left height=10> </TD></TR>
> <TR>
> <TD colSpan=4><FONT face=Verdana color=#c67a16 size=1><B>
> </B></FONT></TD>
> <TD><IMG height=1 alt=""
> src="images/trans.gif" width=1
> border=0></TD></TR>
> <TR>
> <TD vAlign=bottom colSpan=5>
>
>
> <TABLE cellSpacing=0 cellPadding=0 border=0 align=left>
>
>
> <tr>
> <TD><FONT face=Verdana color=#c67a16 size=1> <B><A class=brown
> href="forgotp.php">FORGOT PASSWORD?</a></B></FONT></TD>
> <TD><IMG height=3 alt="" src="images/trans.gif" width=1
> border=0></TD><td><FONT face=Verdana color=#c67a16
> size=1> <B> <A class=brown
> href="newreg.php">REGISTER ME
NOW!</A></B></FONT></td></TR></TBODY></TABLE>
>
>
> </TD></TR>
> </TBODY></TABLE>
>
> </FORM>
> </BODY>
> </HTML>
>
>
>
> > Hi Srinivasan
> All you need to do is to test for the existence of the eihter login
cookie,
> session vars,or the var you are passing
> or check for the value of it
>
> if($myauthenticationvar)
> {
> put all the page inhere
> }
> else{you redirecthem here}
> it hard to say send you some code
> without knowing how you are authenticating your users.
>
> Jorge
>
> ----- Original Message -----
> From: "Srinivasan Prasanna" <Sri_core@m...>
> To: "beginning php" <beginning_php@p...>
> Sent: Saturday, October 12, 2002 10:36 PM
> Subject: [beginning_php] Login verify script.
>
>
> > I have a fully functional login script. There are few pages in my portal
> > where any one can enter without registering at my site. But there are
few
> > pages in my portal where I want to restrict anyone entering through a
> > login page. That is suppose some one comes to my page at
> > mydomain.com/stuff.php which I want to protect. I would like to do it
> this
> > way: The moment someone tries to enter this page I would like to
redirect
> > them to my register page with a msg pls register at
> > mydomain.com/register.php and come back to mydomain.com/stuff.php . I
> > prefer my code to directly route them to this page after they register.
> Is
> > this doable? If so, any code snippets or ideas???
> > Thanks
> > Sri
>
>
Message #5 by "Nikolai Devereaux" <yomama@u...> on Mon, 14 Oct 2002 12:54:47 -0700
|
|
I find it cleaner to check for the absense of $chk_uid than the existence of
it:
if(! isset($chk_uid) || ($chk_uid == ''))
{
// redirect
}
// display your page here.
Doing it this way allows you to encapsulate this into a function:
// defined in, say, "user_mgmt.inc"
function enforce_login($bounce_page)
{
if( !isset($_SESSION['chk_uid']) ||
($_SESSION['chk_uid'] == ''))
{
Header("Location: $bounce_page");
}
}
Now your page is just
<?php
require('user_mgmt.inc');
enfore_login('register.php');
// display your page here.
?>
If you want to whittle it down one more line, you can do this interesting
trick:
<?php // filename: "valid_user"
session_start();
if( !isset($_SESSION['chk_uid']) ||
($_SESSION['chk_uid'] == ''))
{
Header("Location: $bounce_page");
}
?>
Now your page is just
<?php
require 'valid_user';
// display your page here.
hth,
nik
|
|
