Dream.In.Code > Programming Help > PHP

Welcome to Dream.In.Code
	Getting PHP Help is Easy! Join 132,685 PHP Programmers for FREE! Get instant access to thousands of PHP experts, tutorials, code snippets, and more! There are 1,244 people online right now. Registration is fast and FREE... Join Now! Chat LIVE With a PHP Expert

User Authentication

Reply to this topic

Start new topic

User Authentication

morcomm	26 May, 2008 - 12:04 AM Post #1
New D.I.C Head Joined: 27 Mar, 2008 Posts: 49 My Contributions	Hi, I used this tutorial to create a login page http://www.13dots.com/forum/index.php?showtopic=16156, but have a few questions. When I navigate to a page in the folder that is not the login page, I still can view it. I don't want this, but would prefer the page to re-direct me to the login page if I have not yet entered my details. I think that I might be going wrong with this bit of code from the tutorial: CODE <?php include("config.php"); $cookuser = $_COOKIE["cookuser"]; $cookpass = $_COOKIE["cookpass"]; $adminpass = md5($adminpass); if($cookuser && $cookpass) { if(($cookuser == $adminuser) && ($cookpass == $adminpass)){ echo("You have succesfully logged in! Please feel free to browse this secure admin page! To loggout go to <a href=logout.php>logout.php</a>"); //Any protected stuff you want goes in here! } else{ echo($incorrect_error_message); } } else{ echo($not_logged_in_message_error_message); } ?> It is more than likely the place that says //Any protected stuff you want goes in here! that I am not understanding. If anyone thinks this is not a good script to use and that there could be a better one, please let me know. I need to password protect a backend to a news system.
	This Post Was Helpful! ^New!


Register for Free to Make These Ads Go Away!

chrisman	28 May, 2008 - 06:29 PM Post #2
New D.I.C Head Joined: 22 Mar, 2008 Posts: 41 Thanked 1 times Dream Kudos: 100 My Contributions	QUOTE(morcomm @ 26 May, 2008 - 01:04 AM) Hi, I used this tutorial to create a login page http://www.13dots.com/forum/index.php?showtopic=16156, but have a few questions. When I navigate to a page in the folder that is not the login page, I still can view it. I don't want this, but would prefer the page to re-direct me to the login page if I have not yet entered my details. I think that I might be going wrong with this bit of code from the tutorial: CODE <?php include("config.php"); $cookuser = $_COOKIE["cookuser"]; $cookpass = $_COOKIE["cookpass"]; $adminpass = md5($adminpass); if($cookuser && $cookpass) { if(($cookuser == $adminuser) && ($cookpass == $adminpass)){ echo("You have succesfully logged in! Please feel free to browse this secure admin page! To loggout go to <a href=logout.php>logout.php</a>"); //Any protected stuff you want goes in here! } else{ echo($incorrect_error_message); } } else{ echo($not_logged_in_message_error_message); } ?> It is more than likely the place that says //Any protected stuff you want goes in here! that I am not understanding. If anyone thinks this is not a good script to use and that there could be a better one, please let me know. I need to password protect a backend to a news system. An easy way to do this is, when one is logged in, a variable ( $_COOKIE['loggedin'] ) is set to true, and when one isn't, the variable is set to false. Then at the top of every page someone needs to be logged in to view, just preform a if statement check (before ANY other output is made, including <!DOCTYPE> and <HTML>). CODE if ( !($_COOKIE['loggedin']) ) { header (Location: "/login.php"); }
	This Post Was Helpful! ^New!

no2pencil	28 May, 2008 - 06:31 PM Post #3
My fridge be runnin OH NOEZ! Joined: 10 May, 2007 Posts: 6,354 Thanked 58 times Dream Kudos: 2375 Expert In: Goofing Off My Contributions	QUOTE CODE $cookpass = $_COOKIE["cookpass"]; $adminpass = md5($adminpass); if($cookuser && $cookpass) { if(($cookuser == $adminuser) && ($cookpass == $adminpass)){ One error that I see with your code is you md5 the admin password, but you don't md5 the cookie. So you are comparing plain text to md5. Those will never match.
	This Post Was Helpful! ^New!

mocker	29 May, 2008 - 07:14 AM Post #4
D.I.C Regular Joined: 14 Oct, 2007 Posts: 256 Thanked 15 times My Contributions	That's a good thing. First... storing the password at all in the cookie is not a very safe method . But IF you are storing the password in the cookie file, at least keep it as md5 and not plain text . The code that sets the cookie wasn't posted, but hopefully he is setting it with the md5 and not with the plain text password.
	This Post Was Helpful! ^New!

akozlik	29 May, 2008 - 10:40 AM Post #5
D.I.C Addict Joined: 25 Feb, 2008 Posts: 596 Thanked 22 times Dream Kudos: 750 My Contributions	I wrote a tutorial on the differences between Sessions and Cookies that you might want to take a look at. It specifically discusses user authentication systems. It'll outline a bit more information that may be able to help you out. To Session or To Cookie, That is the Question
	This Post Was Helpful! ^New!

PsychoCoder	29 May, 2008 - 10:55 AM Post #6
using DIC.Core; Joined: 26 Jul, 2007 Posts: 8,933 Thanked 118 times Dream Kudos: 8525 Expert In: VB, VB.Net, C#, SQL, ASP, ASP.Net, Web Development, HTML, CSS, Win32 API, Javascript, mySQL, J#, Boo.Net My Contributions	There is also this snippet that shows authenticating using sessions, and using that to check, on each page, if the user is currently logged in. Just my 2¢
	This Post Was Helpful! ^New!

Fast Reply

Reply to this topic

Start new topic

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Time is now: 11/23/08 07:07AM

Invision Power Board v2.1.7 © 2008 IPS, Inc.

Licensed to: MediaGroup1

Advertising | Terms of Use | Privacy Policy | About Us | Site Map

Forum Index: Programming Help | C and C++ | Visual Basic | Java | VB.NET | C# | ASP.NET | PHP | ColdFusion | Perl and Python | Ruby | Databases | Other Languages | Game Programming | Software Development | Computer Science | Industry News | Programming Tutorials | C++ Tutorials | Visual Basic Tutorials | Java Tutorials | VB.NET Tutorials | C# Tutorials | PHP Tutorials | Linux Tutorials | ColdFusion Tutorials | Windows Tutorials | HTML/JavaScript Tutorials | CSS Tutorials | Flash Tutorials | Web Promotion Tutorials | Photoshop Tutorials | Software Development Tutorials | Database Tutorials | Other Language Tutorials |

Copyright 2001-2008 MediaGroup1 LLC, All Rights Reserved
A MediaGroup1 LLC Production - Version 6.0.2.1.36

Search^Updated!w00t

Over 509,000 Pages! Advanced Forum Search

Live PHP Help!

PHP Tutorials

Reference Sheets

PHP Snippets

Bye Bye Ads

Free DIC T-Shirt

T-Shirt Example

Related Sites

Monthly Drawing

Partners

Top Contributors

Top 10 Kudos This Month