Menu
Community /Pin to ProfileBookmarkcreate a user authentification script or if you never wanted them to see the page you could put,
if($_GET[pass]) != 'apassword') {
header('Location: ./index.php');
}
at the top of your page, then when you wanted to access it you would put ?pass=apassword at the end of the address, e.g.
protected.php?pass=apassword
a login form with a POST system would be more secure, but i cant be bothered typing it out Actually an authentification script is exactly what I'm looking for but I'm havin trouble with one right now, can you give me an example?
Not brilliant, i wrote it as a temp one just to check everything was working with a cupple of scripts then i added to and rewrote partsit is object orientated so you will need to open with
class Something
note all db info is stored in the array $db
and my function runSQL connects to the database, runs $sql, closes the connection a returns the result. (said function is not included).
I would look at the last few functions and base some of your own on them the create/update stuff you can write yourself.
As i said it isnt brilliant but its a start
View only the main page script?
How can I prevent users from browsing to any page they want to on my website by typing in the URL to it in the address bar? I only want them to be able to access the main page (index.php) ?
Sign in
to post a comment6 Comments(s) ↴
0
@cwrathOct 14.2005 — #if($_GET[pass]) != 'apassword') {
header('Location: ./index.php');
}
at the top of your page, then when you wanted to access it you would put ?pass=apassword at the end of the address, e.g.
protected.php?pass=apassword
a login form with a POST system would be more secure, but i cant be bothered typing it out
reply?
0
@Brad_ArmitageauthorOct 14.2005 — #reply?
0
@cwrathOct 14.2005 — #[code=php]
<?php
/**
* Username
*
* @var string
*/
var $username;
/**
* User Email
*
* @var string
*/
var $email;
/**
* User Password
*
* @var String
*/
var $password;
/**
* User Group
*
* @var string
*/
var $group;
/**
* User Access Level
*
* @var string
*/
var $level;
/**
* Constructor method
*
* @param string $username
* @return CTMS_User
*/
function CTMS_User($username = "") {
global $db;
if($username != "") {
$sql = "SELECT * FROM $db[users] WHERE username = '$username'";
$id = runSQL($sql);
$userinfo = mysql_fetch_object($id);
$this->username = $username;
$this->email = $userinfo->email;
$this->password = $userinfo-password;
$this->group = $userinfo->group;
$this->level = $userinfo->level;
}
}
/**
* Create a User (add post info to tables)
*
* @param array $post
* @return boolean
*/
function create($post) {
global $db;
$sql = "INSERT INTO $db[users] VALUES('',
'$post[username]',
'$post[email]',
'$post[password]',
'$post[group]',
'$post[level]' )
";
if(runSQL($sql)) {
return true;
}
else {
return false;
}
}
/**
* Update via REPLACE query a user
*
* @param array $post
* @return boolean
*/
function update($post) {
global $db;
$sql = "REPLACE INTO $db[users] VALUES('',
'$post[username]',
'$post[email]',
'$post[password]',
'$post[group]',
'$post[level]' )
WHERE username = '$post[username]
";
if(runSQL($sql)) {
return true;
}
else {
return false;
}
}
/**
* Delete user record
*
* @param array $post
* @return boolean
*/
function delete($post) {
global $db;
$sql = "DELETE * FROM $db[users] WHERE username = $post[username]";
if(runSQL($sql)) {
return true;
}
else {
return false;
}
}
/**
* Secure a page by requiring sucsessful database-$_SESSION[username]/$_SESSION[password] matches
*
* @param string $level
* @param string $level2
* @param string $level3
*/
function lockPage($level, $level2= '', $level3 ='' ) {
if($_SESSION['username'] == "" ) {
header('Location: ./login.php');
exit();
}
elseif ( ($_SESSION[level] != $level) && ($_SESSION[level] != $level2) && ($_SESSION[level] != $level3) ) {
$this->displayPage('template');
echo '<br><br><strong><center>' . $_SESSION[username] . ', you are not authorised to view this page! </center></strong>';
$this->displayPage('footer');
exit();
}
}
/**
* Fetch user information with checking
*
* @return object
*/
function checkUser() {
global $db;
if( trim($_POST[username]) == "" || trim($_POST[password]) == "") {
echo 'Please complete all fields';
return false;
exit();
}
else {
$sql = "SELECT * FROM $db[users] WHERE username = '$_POST[username]' AND password = '$_POST[password]'";
$id = runSQL($sql);
if(!$id) {
echo 'Username or Password Not Found!';
return false;
exit();
}
else {
$userinfo = mysql_fetch_object($id);
}
}
return $userinfo;
}
/**
* Start session and assign username and level information
*
* @return boolean
*/
function loginUser() {
if(isset($_POST[username])) {
session_start();
$userinfo = $this->checkUser();
$_SESSION['username'] = $userinfo->username;
$_SESSION['level'] = $userinfo->level;
$SID = session_id();
header('Location: index.php?'.$SID.'');
return true;
}
else {
return false;
}
}
}
?>
[/code]Not brilliant, i wrote it as a temp one just to check everything was working with a cupple of scripts then i added to and rewrote parts
reply?
0
@cwrathOct 14.2005 — #class Something
note all db info is stored in the array $db
and my function runSQL connects to the database, runs $sql, closes the connection a returns the result. (said function is not included).
I would look at the last few functions and base some of your own on them the create/update stuff you can write yourself.
As i said it isnt brilliant but its a start
reply?