Would there be a way to modify this so I could use it with multiple usernames and passwords so I could redirect a user to a specified directory that you could only see if you had logged in on a master page first.



<?php

// Define your username and password
$username = "someuser";
$password = "somepassword";

if ($_POST['txtUsername'] != $username || $_POST['txtPassword'] != $password) {

?>

<h1>Login</h1>

<form name="form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<p><label for="txtUsername">Username:</label>
<br /><input type="text" title="Enter your Username" name="txtUsername" /></p>

<p><label for="txtpassword">Password:</label>
<br /><input type="password" title="Enter your password" name="txtPassword" /></p>

<p><input type="submit" name="Submit" value="Login" /></p>

</form>

<?php

}
else {

?>

<p>This is the protected page. Your private content goes here.</p>

<?php

}

?>


If I change the bottom to



<?php

}
else {

header( 'Location: http://www.test.com/test' );

}

?>


I can redirect the user but how can I do this for multiple users and how can I make sure they have to be logged in so they can't just go to the URL in the first place?

Unless I'm missing something....


Store the username/password combo in a database. You could also put in the database the page that you want to redirect them too or a list of directories that they can access.

When a user submits their username and password, check the database to make sure it's a vaid pair. It's a valid username and password start a session (maybe load a session variable letting you know the login is okay) and if you want you can list the pages they have access to.

On the pages that are going to be restricted to only members who are logged in you'll need to check to make sure the session has been started and that the login was okay. If the session is there and the login was okay, display the page. If not display a message saying it's a restricted page and they need to log in.

I'm relatively new to PHP and have not worked with databases before so unless there is a straightforward tutorial you can direct me to i'd like to stay with just PHP...

this is a VERY SIMPLE and probably NOT VERY SECURE solution... but, like you are a noob... for testing the idea is cool:



<?php
$data=array( "username1"=>"password1", "username2"=>"password2");
// Define your username and password
$username = $_POST['txtUsername'] ;
$password = $_POST['txtPassword'] ;

if ($data[$username]!=$password) {

?>

<h1>Login</h1>

<form name="form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<p><label for="txtUsername">Username:</label>
<br /><input type="text" title="Enter your Username" name="txtUsername" /></p>

<p><label for="txtpassword">Password:</label>
<br /><input type="password" title="Enter your password" name="txtPassword" /></p>

<p><input type="submit" name="Submit" value="Login" /></p>

</form>

<?php

}
else {

?>

<p>This is the protected page. Your private content goes here.</p>

<?php

}

?>

so how would u redirect to another page for each different login and remember that they are logged in so u cant jsut go to the url otherwise

the same thing... chose make a little change... depending of your organization prefferences:



<?
# etc....
$data=array( "username1"=>array("password1","link1.html"), "username2"=>array("password2","link2.html"));
#etc...
#and...
if ($data[$username][0]==$password) {
?>
<p>This is the protected page. Your private content goes here.</p>
<a href="<? echo $data[$username][1]?>">go to your page</a>
<? } ?>


thats all...
think in the $data array like a table in a MySQL is the same ****...

would there be a way to make this a little more secure without putting the login info in a database?

would there be a way to make this a little more secure without putting the login info in a database?

you'll need to store the username in the databe, but you can store a hash of his password, using the md5(string) function, on the next login the user will enter a password, and the hash of that password must be the same as the one stored in the DB.... But someone seeing your database will only see a bunch of numbers.

On the downside, a user cannot retrieve his password.

can someone walk me through the most practical solution here? if it's using a database then i can try and learn. i think i can set up a mysql database through dreamhost. maybe someone can walk me through the process?

do you hava a brain in your head? sorry man, but thats can't be more simple to explain

thx bandinopla

This is more along the lines of what i'm looking for, except with the ability to redirect people to different 'main.php' pages based on their user and pass.

login.php


<?php
// start the session
session_start();

$errorMessage = '';
if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {
// check if the username and password combination is correct
if ($_POST['txtUserId'] === 'theuser' && $_POST['txtPassword'] === 'thepass') {
// the username and password match,
// set the session
$_SESSION['basic_is_logged_in'] = true;

// after login we move to the main page
header('Location: main.php');
exit;
} else {
$errorMessage = 'Sorry, wrong username / password';
}
}
?>
<html>
<head>
<title>Basic Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>

<?php
if ($errorMessage != '') {
?>
<p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p>
<?php
}
?>
<form action="" method="post" name="frmLogin" id="frmLogin">
<table width="400" border="1" align="center" cellpadding="2" cellspacing="2">
<tr>
<td width="150">User Id</td>
<td><input name="txtUserId" type="text" id="txtUserId"></td>
</tr>
<tr>
<td width="150">Password</td>
<td><input name="txtPassword" type="password" id="txtPassword"></td>
</tr>
<tr>
<td width="150">&nbsp;</td>
<td><input name="btnLogin" type="submit" id="btnLogin" value="Login"></td>
</tr>
</table>
</form>

</body>
</html>


main.php


<?php
// start the session
session_start();

// is the one accessing this page logged in or not?
if (!isset($_SESSION['basic_is_logged_in']) || $_SESSION['basic_is_logged_in'] !== true) {
// not logged in, move to login page
header('Location: login.php');
exit;
}

?>
<html>
<head>
<title>Main User Page</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>

<p>This is the main application page. You are free to play around here since you are an autenthicated user :-) </p>
<p>&nbsp;</p>
<p><a href="logout.php">Logout</a></p>

</body>
</html>


logout.php


<?php
// start the session
session_start();

// if the user is logged in, unset the session
if (isset($_SESSION['basic_is_logged_in'])) {
unset($_SESSION['basic_is_logged_in']);
}

// now that the user is logged out,
// go to login page
header('Location: login.php');
?>

I tried modifying the previous code to accompany multiple users but it doesn't seem to be working.

login.php


<?php
// start the session
session_start();

$errorMessage = '';

$data=array("username1"=>array("url"=>"main.php","password"=>"password1"),
"username2"=>array("url"=>"someotherfile.php","password"=>"password2"));
$data[$_POST['username']]['url']

if($data[$_POST['username']]['password'] == $_POST['password']) {
// the username and password match,
// set the session
// the username and password match,
// set the session
$_SESSION['username'] = $_POST['username'];

// after login we move to the main page
header('Location: '.$data[$_POST['username']]['url']);
exit;
} else {
$errorMessage = 'Sorry, wrong username / password';
}
}
?>

<html>
<head>
<title>Basic Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>

<?php
if ($errorMessage != '') {
?>
<p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p>
<?php
}
?>
<form action="" method="post" name="frmLogin" id="frmLogin">
<table width="400" border="1" align="center" cellpadding="2" cellspacing="2">
<tr>
<td width="150">User Id</td>
<td><input name="txtUserId" type="text" id="txtUserId"></td>
</tr>
<tr>
<td width="150">Password</td>
<td><input name="txtPassword" type="password" id="txtPassword"></td>
</tr>
<tr>
<td width="150">&nbsp;</td>
<td><input name="btnLogin" type="submit" id="btnLogin" value="Login"></td>
</tr>
</table>
</form>

</body>
</html>


main.php


<?php
// start the session
session_start();

// is the one accessing this page logged in or not?
if ($_SESSION['username'] != "whoever users page this is") {
// not logged in, move to login page
header('Location: login.php');
exit;
}

?>
<html>
<head>
<title>Main User Page</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>

<p>This is the main application page. You are free to play around here since you are an autenthicated user :-) </p>
<p>&nbsp;</p>
<p><a href="logout.php">Logout</a></p>

</body>
</html>


logout.php


<?php
// start the session
session_start();

// if the user is logged in, unset the session
if (isset($_SESSION['username'])) {
unset($_SESSION['username']);
}

// now that the user is logged out,
// go to login page
header('Location: login.php');
?>

Ok, i got this working. A couple questions. How can i change
echo "Wrong user name or password. to be code inside body tag, and to replace the <h1> text when the login fails. Also, would it be beneficial to encrypt the passwords and if so how would i do this?



<?php
session_start();

$data=array("username1"=>array("url"=>"somefile.php","password"=>"password1"),
"username2"=>array("url"=>"someotherfile.php","password"=>"password2"));

if(isset($_POST['username']) && isset($_POST['password'])) {
if($data[$_POST['username']]['password'] == $_POST['password']) {
$_SESSION['username'] = $_POST['username'] . " " . $_POST['password'];
header('Location: ' . $data[$_POST['username']]['url']);
} else {
echo "Wrong user name or password. <br>";
logIn();
}
} else {
logIn();
}
?>

<?php
function logIn() {
?>
<html>
<head>
<title>Basic Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>

<h1>Login</h1>

<form action="" method="post" name="frmLogin" id="frmLogin">
<table width="400" border="1" align="center" cellpadding="2" cellspacing="2">
<tr>
<td width="150">User Id</td>
<td><input name="username" type="text"></td>
</tr>
<tr>
<td width="150">Password</td>
<td><input name="password" type="password"></td>
</tr>
<tr>
<td width="150">&nbsp;</td>
<td><input name="btnLogin" type="submit" id="btnLogin" value="Login"></td>
</tr>
</table>
</form>

</body>
</html>
<?php
}
?>

<?php
session_start();

$data=array("username1"=>array("url"=>"somefile.php","password"=>"password1"),
"username2"=>array("url"=>"someotherfile.php","password"=>"password2"));

if(isset($_POST['username']) && isset($_POST['password'])) {
if($data[$_POST['username']]['password'] == $_POST['password']) {
$_SESSION['username'] = $_POST['username'] . " " . $_POST['password'];
header('Location: ' . $data[$_POST['username']]['url']);
} else {
echo "Wrong user name or password. <br>";
logInFail();
}
} else {
logIn();
}
?>

<?php
function logIn() {
?>
<html>
<head>
<title>Basic Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>

<h1>Login</h1>

<form action="" method="post" name="frmLogin" id="frmLogin">
<table width="400" border="1" align="center" cellpadding="2" cellspacing="2">
<tr>
<td width="150">User Id</td>
<td><input name="username" type="text"></td>
</tr>
<tr>
<td width="150">Password</td>
<td><input name="password" type="password"></td>
</tr>
<tr>
<td width="150">&nbsp;</td>
<td><input name="btnLogin" type="submit" id="btnLogin" value="Login"></td>
</tr>
</table>
</form>

</body>
</html>
<?php
}
function logInFail() {
?>
<html>
<head>
<title>Basic Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>

<h1>Wrong username or password please try again.</h1>

<form action="" method="post" name="frmLogin" id="frmLogin">
<table width="400" border="1" align="center" cellpadding="2" cellspacing="2">
<tr>
<td width="150">User Id</td>
<td><input name="username" type="text"></td>
</tr>
<tr>
<td width="150">Password</td>
<td><input name="password" type="password"></td>
</tr>
<tr>
<td width="150">&nbsp;</td>
<td><input name="btnLogin" type="submit" id="btnLogin" value="Login"></td>
</tr>
</table>
</form>

</body>
</html>
<?php
}
?>


Major overkill, but that's the quick fix.

suggestions on implementing md5 encryption for the passwords?

It's pretty easy to implement. When your account is created (not sure if you are doing this manually?) store the password as:



$password = md5($_POST['password']);


Then when you get someone to login simply get them to submit their username and password and:



$login = ($_POST['username'] == $stored_username && md5($_POST['password']) == $stored_password)) ? true : false;

// Then use the login value later as:
if ($login)
{
// Do something
} else {
// Print login failure message
}


Remember that md5() is a hashing function - that means one way encryption. You can't decrypt that into plain text ever again, so you'll only be able to reset passwords rather than retrieving them. There are other encryption methods, but may be slightly more difficult to implement.

The reason most people suggest to store it in a database is to add another layer of security and to increase performance when things start to get larger. You could simply store the information in a flat file outside of your sites web directory if your site isn't going to have many members.

I'm with dreamhost as well and they provide you shell access (ssh) + tons of mysql DB's - you should explore some of these options if you want to secure you're site a little further. That may take a bit more knowledge to use though, so google up yourself some tuts on php/mysql

Hey,

This is what i'm using currently. It's pretty basic and works but it seems that when you log-in you have to do so twice. If you type in user and pass and submit first time, it just reloads the login page and then if you do it the second time it works fine. Here is the main code. Let me know if you spot anything that might be causing this. Thanks.



<?php
// start the session
session_start();

// include the login info
require 'pwd/pass.php';

if(isset($_POST['username']) && isset($_POST['password'])) {
if($data[$_POST['username']]['password'] == md5($_POST['password'])) {
$_SESSION['username'] = $_POST['username'] . " " . md5($_POST['password']);
header('Location: ' . $data[$_POST['username']]['url']);
} else {
login('Invalid Entry. <span class="norm">Please try entering your client login information again.</span>');
}
} else {
login();
}
?>

<?php
function login($default='Client Login') {
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Client Login</title>
</head>

<body>
<div id="container">
<div id="content">
<div id="info">
<form action="" method="post" onreset="return confirm('Do you really want to reset the form?')">
<h1 class="c3"><? echo $default ?></h1>
<p>Username:<br /><input type="text" tabindex="1" title="Enter Your Username" size="42" name="username" class="c2" /></p>
<p>Password:<br /><input type="password" tabindex="2" title="Enter Your Password" size="42" name="password" class="c2" /></p>
<p class="bt"><input type="submit" tabindex="3" value="Login" class="c1" /> <input type="reset" tabindex="3" value="Reset" class="c1" /></p>
</form>
</div>
<div id="footer"></div>
</div>
</div>
</body>
</html>

<?php } ?>

any ideas?
Omg this thread is like overkill. The perosn who is askign how to set up password thing. It is easy.

Look at this:

http://www.phpfreaks.com/tutorials/40/0.php

if you dont understand that, then god knows.

i already have something that works. i just need help troubleshooting a small problem.

Your code seems sorta liek it sbveen bombed, and thwere are som codign errors in there too.

if($data[$_POST['username']]['password'] ==

There an extra ], it seems to me your making it harder for yourself, this script could be done some much easier. That tut is perfect example :D

There isn't an extra ], Seb. It's from $data[]

why don'T you just use .htacces for such task? :toad: