5 Replies - 1483 Views - Last Post: 29 May 2008 - 11:55 AM Rate Topic: -----

#1 morcomm  Icon User is offline

  • D.I.C Head

Reputation: 0
  • View blog
  • Posts: 75
  • Joined: 28-March 08

User Authentication

Posted 26 May 2008 - 01:04 AM

Hi,

I used this tutorial to create a login page http://www.13dots.co...showtopic=16156, but have a few questions.
When I navigate to a page in the folder that is not the login page, I still can view it. I don't want this, but would prefer the page to re-direct me to the login page if I have not yet entered my details.
I think that I might be going wrong with this bit of code from the tutorial:
<?php
include("config.php");
$cookuser = $_COOKIE["cookuser"];
$cookpass = $_COOKIE["cookpass"];
$adminpass = md5($adminpass);
if($cookuser && $cookpass) {
	if(($cookuser == $adminuser) && ($cookpass == $adminpass)){
	echo("You have succesfully logged in! Please feel free to browse this secure admin page! To loggout go to <a href=logout.php>logout.php</a>");
	//Any protected stuff you want goes in here!
	}
	else{
	echo($incorrect_error_message);
	}
}
else{
echo($not_logged_in_message_error_message);
}
?> 


It is more than likely the place that says //Any protected stuff you want goes in here! that I am not understanding.

If anyone thinks this is not a good script to use and that there could be a better one, please let me know. I need to password protect a backend to a news system.

Is This A Good Question/Topic? 0
  • +

Replies To: User Authentication

#2 chrisman  Icon User is offline

  • New D.I.C Head
  • member icon

Reputation: 1
  • View blog
  • Posts: 46
  • Joined: 22-March 08

Re: User Authentication

Posted 28 May 2008 - 07:29 PM

View Postmorcomm, on 26 May, 2008 - 01:04 AM, said:

Hi,

I used this tutorial to create a login page http://www.13dots.co...showtopic=16156, but have a few questions.
When I navigate to a page in the folder that is not the login page, I still can view it. I don't want this, but would prefer the page to re-direct me to the login page if I have not yet entered my details.
I think that I might be going wrong with this bit of code from the tutorial:
<?php
include("config.php");
$cookuser = $_COOKIE["cookuser"];
$cookpass = $_COOKIE["cookpass"];
$adminpass = md5($adminpass);
if($cookuser && $cookpass) {
	if(($cookuser == $adminuser) && ($cookpass == $adminpass)){
	echo("You have succesfully logged in! Please feel free to browse this secure admin page! To loggout go to <a href=logout.php>logout.php</a>");
	//Any protected stuff you want goes in here!
	}
	else{
	echo($incorrect_error_message);
	}
}
else{
echo($not_logged_in_message_error_message);
}
?> 


It is more than likely the place that says //Any protected stuff you want goes in here! that I am not understanding.

If anyone thinks this is not a good script to use and that there could be a better one, please let me know. I need to password protect a backend to a news system.


An easy way to do this is, when one is logged in, a variable ( $_COOKIE['loggedin'] ) is set to true, and when one isn't, the variable is set to false.

Then at the top of every page someone needs to be logged in to view, just preform a if statement check (before ANY other output is made, including <!DOCTYPE> and <HTML>).

if ( !($_COOKIE['loggedin']) )
 {
  header (Location: "/login.php");
 }


Was This Post Helpful? 0
  • +
  • -

#3 no2pencil  Icon User is online

  • Toubabo Koomi
  • member icon

Reputation: 5226
  • View blog
  • Posts: 27,001
  • Joined: 10-May 07

Re: User Authentication

Posted 28 May 2008 - 07:31 PM

Quote

$cookpass = $_COOKIE["cookpass"];
$adminpass = md5($adminpass);
if($cookuser && $cookpass) {
	if(($cookuser == $adminuser) && ($cookpass == $adminpass)){



One error that I see with your code is you md5 the admin password, but you don't md5 the cookie. So you are comparing plain text to md5. Those will never match.
Was This Post Helpful? 0
  • +
  • -

#4 mocker  Icon User is offline

  • D.I.C Regular
  • member icon

Reputation: 50
  • View blog
  • Posts: 466
  • Joined: 14-October 07

Re: User Authentication

Posted 29 May 2008 - 08:14 AM

That's a good thing. First... storing the password at all in the cookie is not a very safe method . But IF you are storing the password in the cookie file, at least keep it as md5 and not plain text . The code that sets the cookie wasn't posted, but hopefully he is setting it with the md5 and not with the plain text password.
Was This Post Helpful? 0
  • +
  • -

#5 akozlik  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 90
  • View blog
  • Posts: 797
  • Joined: 25-February 08

Re: User Authentication

Posted 29 May 2008 - 11:40 AM

I wrote a tutorial on the differences between Sessions and Cookies that you might want to take a look at. It specifically discusses user authentication systems. It'll outline a bit more information that may be able to help you out.

To Session or To Cookie, That is the Question
Was This Post Helpful? 0
  • +
  • -

#6 PsychoCoder  Icon User is offline

  • Google.Sucks.Init(true);
  • member icon

Reputation: 1639
  • View blog
  • Posts: 19,853
  • Joined: 26-July 07

Re: User Authentication

Posted 29 May 2008 - 11:55 AM

There is also this snippet that shows authenticating using sessions, and using that to check, on each page, if the user is currently logged in. Just my 2 :)
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1