Please , look at the following post that is about directing a user to login page from a requested page:
http://webprogram4beginners.blogspot.com/2011/02/redirect-user-to-login-page-sessions.html
If the user click on any link in our website he is directed to login page to login first and after it he is redirected to his requested page.
Copy these codes for "login.php" page.
code:
<?php
session_start();
include ("funcs.php"); // the functions look like connect (to connect to the database) and creatcode (for verification text) can be put in a file and then we included that file wherever it is required.
if(!$_POST["usr"] or !$_POST["pasw"]){
// if the username or password field is empty the appropriate message is shown.
echo "you must enter user and password <br>";
}
else{
// these are some processes that you can do over the enteries to prevent from database injection (hacking)
$entered_usr=$_POST["usr"];
$entered_pass=$_POST["pasw"];
$entered_usr=trim($entered_usr); // omit the space characters from the begin and end of the word
$entered_pass=trim($entered_pass);
$entered_usr = htmlspecialchars($entered_usr); // change any code in to non-html characters (hackers may enter html characters in to your system)
$entered_pass = htmlspecialchars($entered_pass);
$entered_usr = str_replace("'", "", $entered_usr);
$entered_pass = str_replace("'", "", $entered_pass);
$entered_usr = str_replace("\\", "", $entered_usr);
$entered_pass = str_replace("\\", "", $entered_pass);
connect();
// first , connect the stream to the database and find the password related to the entered username and compare it to the entered password.
$sql = "SELECT * FROM users WHERE username='$entered_usr' ";
$search_result = mysql_query($sql);
$password = mysql_result($search_result,0,1);
}
$salt = substr($password,0,2); // finding $salt (the cryption code) by choosing the first two characters of the password from database
if((!ereg("[^a-zA-z0-9\ ]",$entered_usr)) and (crypt($entered_pass,$salt) == $password)){
// here we compare the password over the database with the encrypted version of the entered password. if it is correct the user is redirected to his requested page and the authority session ($_SESSION["auth_usr"]) is set.
$_SESSION["auth_usr"]=$entered_usr;
$dd = $_SESSION["d"];
header("Location: $dd");
exit;
}
else{
// if the entered password (after encryption ) is not equal to the password over the database , the appropriate message is shown.
echo "incorrect user or password";
}
?>
<BR>
<BR>
<FORM ACTION="login.php" METHOD=POST>
user NAME:
<INPUT TYPE="TEXT" NAME="usr" SIZE="30" >
<BR>
password:
<INPUT TYPE="PASSWORD" NAME="pasw" SIZE="30" >
<BR>
<BR>
<INPUT TYPE="SUBMIT" NAME="BUTTON1" VALUE="loginn">
</FORM>
<BR>
<BR>
<?php
// if the user has not registered yet he can go for registeration to the signup page by the following link.
echo "<p><a href=\"signup.php\">if you haven't user please sign up</a></p>";
?>
For logout just remove all of the session elements . To make logout link you can put the following link for logout to be shown over all of your pages :
code:
<a href="logout.php">log out</a>
And put these codes in "logout.php" page.
code:
<?php
session_start();
$_SESSION = array(); // remove all of the session elements.
header("Location: index.php"); // direct the stream to the first page of your website.
exit;
?>
If you couldn't find out about the codes here go the following posts to read more about the orders I have used here:
http://webprogram4beginners.blogspot.com/2011/02/redirect-user-to-login-page-sessions.html
http://webprogram4beginners.blogspot.com/2011/02/php-orders-to-work-with-database-and.html
Just one more case about crypt function:
The crypted text result = crypt(the text that we want to encrypt,$salt);
This function encrypt words by use of the variable $salt. if you use a two characters salt then the two first characters of the encrypted result always would be your salt.
for example :
code:
$pass = "v1" ;
$salt = "qw";
$result = crypt($pass,$salt);
Then "$result" would be :
$result = "qwbw9k/vI9OlY";
We have used this here :
$salt = substr($password,0,2);
We don't assign our $salt on the codes above, instead we extract our $salt directly from the encrypted password on the database.
No comments:
Post a Comment