Login Script

@CAT_web_designDec 12.2005

[FONT=Verdana]I have a login page on my site – at the moment it only allows one user to log in, i now require it to allow multiple users to log on.

I would like it to redirect the users to different pages and with different session ID’s.

Here’s the code i have:

On the login page:-

[code=php]<?php // start the session session_start();

$errorMessage = ”; if (isset($_POST[‘username’]) && isset($_POST[‘password’])) { // check if the username and password combination is correct if ($_POST[‘username’] === ‘theuser’ && $_POST[‘password’] === ‘thepass’) { // the username and password match, // set the session $_SESSION[‘bcmd’] = true;

// after login we move to the main page header(‘Location: bcmdtextedit.php’); exit; } else { $errorMessage = ‘Incorrect Username/Password’; } } ?> [/code]

On the logout php file:-

[code=php]<?php // start the session session_start();

// if the user is logged in, unset the session if (isset($_SESSION[‘bcmd’])) { unset($_SESSION[‘bcmd’]); }

// now that the user is logged out, // go to login page header(‘Location: index.html’); ?> [/code]

Any ideas anyone???

Thanks Chris.[/FONT]

to post a comment

PHP

23 Comments(s) _↴

@SheldonDec 12.2005 — #

[code=php]
 <?php 
 // start the session 
 session_start(); 
 
 $errorMessage = ''; 
 if (isset($_POST['username']) && isset($_POST['password'])) { 
 // check if the username and password combination is correct 
 if ($_POST['username'] == 'theuser1' && $_POST['password'] == 'thepass'  ||
 $_POST['username'] == 'theuser2' && $_POST['password'] == 'thepass'  ||
 $_POST['username'] == 'theuser3' && $_POST['password'] == 'thepass'  ||
 $_POST['username'] == 'theuser4' && $_POST['password'] == 'thepass'  ||
 $_POST['username'] == 'theuser5' && $_POST['password'] == 'thepass'  ||
 $_POST['username'] == 'theuser6' && $_POST['password'] == 'thepass'  ||
 $_POST['username'] == 'theuser7' && $_POST['password'] == 'thepass'  ||
 $_POST['username'] == 'theuser8' && $_POST['password'] == 'thepass'  ||
 $_POST['username'] == 'theuser9' && $_POST['password'] == 'thepass'  ||
 $_POST['username'] == 'theuser10' && $_POST['password'] == 'thepass'  ||
 $_POST['username'] == 'theuser11' && $_POST['password'] == 'thepass' ) { 
 // the username and password match, 
 // set the session 
 $_SESSION['bcmd'] = true; 
 
   // after login we move to the main page 
   header('Location: {$_POST['username']}.php');  //will direct the user to a page names as their username
   exit; 
  } else { 
   $errorMessage = 'Incorrect Username/Password'; 
  } 
 } 
 ?>[/code]

@CAT_web_designauthorDec 13.2005 — #Will this (below) work to set different session names?

[code=php]<?php 
 // start the session 
 session_start(); 
 
 $errorMessage = ''; 
 if (isset($_POST['username']) && isset($_POST['password'])) { 
 // check if the username and password combination is correct 
 if ($_POST['username'] == 'theuser1' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'theuser2' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'theuser3' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'theuser4' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'theuser5' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'theuser6' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'theuser7' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'theuser8' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'theuser9' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'theuser10' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'theuser11' && $_POST['password'] == 'thepass' ) { 
 // the username and password match, 
 // set the session 
 $_SESSION['{$_POST['username']}'] = true; 
 
   // after login we move to the main page 
   header('Location: {$_POST['username']}.php');  //will direct the user to a page names as their username 
   exit; 
  } else { 
   $errorMessage = 'Incorrect Username/Password'; 
  } 
 } 
 ?>[/code]

@purefanDec 13.2005 — #yes it should work however I dont think this is the best way to go.

I'd have it compare the username and password to those in a database, therefore inserting new users would be easier as you would then make a SignIn script.

greetings

@NewZealandDec 13.2005 — #

[code=php]
 <?php 
 // start the session 
 session_start(); 
 
 $errorMessage = 'Incorrect Username/Password'; 
 
 
 if (isset($_POST['username']) && isset($_POST['password'])) { 
 // check if the username and password combination is correct 
 if ($_POST['username'] == 'theuser1' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'theuser2' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'theuser3' && $_POST['password'] == 'thepass' || 
 $_POST['username'] == 'theuser4' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'theuser5' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'theuser6' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'theuser7' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'theuser8' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'theuser9' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'theuser10' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'theuser11' && $_POST['password'] == 'thepass' ) { 
 // the username and password match, 
 // set the session
 $user_name =  $_POST['username'];
 $_SESSION['true'] = $user_name;
 
 
   // after login we move to the main page 
   header('Location: {$user_name}.php');  //will direct the user to a page names as their username
   exit; 
   } else { 
   echo $errorMessage."<br/>".$_SESSION['true']."could have been wrong"; 
   } 
 } 
 ?>[/code]

@CAT_web_designauthorDec 13.2005 — #Thank You!!!!

@CAT_web_designauthorDec 13.2005 — #The redirect to page doesnt work:

[code=php]<?php 
 // start the session 
 session_start(); 
 
 
 if (isset($_POST['username']) && isset($_POST['password'])) { 
 // check if the username and password combination is correct 
 if (    $_POST['username'] == 'theuser1' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'theuser2' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'theuser3' && $_POST['password'] == 'thepass' || 
 $_POST['username'] == 'theuser4' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'theuser5' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'theuser6' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'theuser7' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'theuser8' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'theuser9' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'theuser10' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'theuser11' && $_POST['password'] == 'thepass' ) { 
 // the username and password match, 
 // set the session 
 $user_name =  $_POST['username']; 
 $_SESSION['true'] = $user_name; 
 
 
   // after login we move to the main page 
   header('Location: {$user_name}.php');   //will direct the user to a page names as their username 
   exit; 
   } else { 
   } 
 } 
 ?>[/code]

It goes to {$user_name}.php not to theuser1.php...

@BluesManDec 13.2005 — #Could this be of any use?

[CODE]
 <?php
 // Store your usernames and passwords in this array. Username first, then the password.
 $users = array(
 0 => 
 array("user1","password1"),
 1 =>
 array("user2","password2"),
 2 =>
 array("user3","password3"),
 );
 
 for($i=0; $i < count($users); $i++){	     // Run through the array to
 if($_POST['username'] == $users[$i][0]){   // see if username is present. If it is,
 if($_POST['password'] == $users[$i][1]){ // check if the password is correct
 echo "Welcome ".$users[$i][0].". You are granted access!"; //Do whatever you want to do here, when user is logged in
 }else{
 echo "You need to log in to see the page."; // Kick the unauthorized user out.
 }
 }
 }
 ?>
 [/CODE]

@CAT_web_designauthorDec 13.2005 — #I like the script i am currently using - its just getting that redirect part working.

I think i should be simple for those who know how to wright php.

Thanks anyway...

@purefanDec 13.2005 — #it doesnt do the redirection at all? or does it redirect somewhere you dont want it to?

@chazzyDec 13.2005 — #give this a shot

[code=php]
 header('Location: '.$user_name.'.php');
 [/code]

@CAT_web_designauthorDec 13.2005 — #Thanks its directing the pages perfectly - although its not setting the session correctly - its counting it as not logged on.

I have this on top of the pages:

[code=php]<?php 
 // start the session 
 session_start(); 
 
 // is the one accessing this page logged in or not? 
 if (!isset($_SESSION['scsu']) || $_SESSION['scsu'] !== true) { 
 // not logged in, move to login page 
 header('Location: loginpage.php); 
 exit; 
 } 
 
 ?> [/code]

Heres what i now have on the login page:

[code=php]<?php 
 // start the session 
 session_start(); 
 
 if (isset($_POST['username']) && isset($_POST['password'])) { 
 // check if the username and password combination is correct 
 if (    $_POST['username'] == 'bcmd' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'scsu' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'theuser3' && $_POST['password'] == 'thepass' || 
 $_POST['username'] == 'theuser4' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'theuser5' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'theuser6' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'theuser7' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'theuser8' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'theuser9' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'theuser10' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'theuser11' && $_POST['password'] == 'thepass' ) { 
 // the username and password match, 
 // set the session 
 $user_name =  $_POST['username']; 
 $_SESSION['true'] = $user_name; 
 
 
   // after login we move to the main page 
   header('Location: '.$user_name.'.php');    //will direct the user to a page names as their username 
   exit; 
   } else { 
   } 
 } 
 ?>[/code]

@chazzyDec 13.2005 — #well it looks like your script, from earlier on, is setting the username in the true session parameter.

see this line:

[code=php]
 $_SESSION['true'] = $user_name; 
 [/code]

that means your username is being stored in true, no matter what the username is.

@CAT_web_designauthorDec 13.2005 — #What do you suggest doing then? (I am 15 on thurs! and php is new to me)

I whant to set individual session names

Eg.

for bcmd - sessionname = 111

for scsu - sessionname = 222

@chazzyDec 13.2005 — #what does your age have to do with anything?

this line is what's determining to redirect or not.
[code=php]if (!isset($_SESSION['scsu']) || $_SESSION['scsu'] !== true) {[/code]
it should be changed to reflect "true" as the variable name, and that's its value is the username (in this case scsu?). you don't need to check that it's set, you need to check it's value, so you should use something like this

[code=php]
 if ($_SESSION['true'] == 'scsu'){
 [/code]

and i want to check, everytime you add a new user you need to redeploy this script. you're ok with that right?

@CAT_web_designauthorDec 13.2005 — #Not sure could you explain?

Thanks Chris....

@SheldonDec 13.2005 — #[code=php]if ($_SESSION['true'] == 'scsu'){[/code]
[b]scsu[/b] will have to match every user that you want to log in, try this

[code=php]
 <?php 
 // start the session 
 session_start(); 
 
 if (isset($_POST['username']) && isset($_POST['password'])) { 
 // check if the username and password combination is correct 
 if (    $_POST['username'] == 'bcmd' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'scsu' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'theuser3' && $_POST['password'] == 'thepass' || 
 $_POST['username'] == 'theuser4' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'theuser5' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'theuser6' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'theuser7' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'theuser8' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'theuser9' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'theuser10' && $_POST['password'] == 'thepass'  || 
 $_POST['username'] == 'theuser11' && $_POST['password'] == 'thepass' ) { 
 // the username and password match, 
 // set the session 
 $user_name =  $_POST['username']; 
 $_SESSION['true'] = $user_name; 
 $_SESSION['logged_in'] = "1";
 
 
   // after login we move to the main page 
   header('Location: '.$user_name.'.php');    //will direct the user to a page names as their username
   exit; 
   } else { 
   } 
 } 
 ?>
 [/code]

[code=php]
 if (isset($_SESSION['logged_in']) && $_SESSION['logged_in'] == "1") {
 
 //do nothing
 }else{
 header("Location: loginpage.php");
 }
 [/code]

@chazzyDec 13.2005 — #Not sure could you explain?

Thanks Chris....[/QUOTE]

which part don't you understand could you explain?

your script has hardcoded usernames and passwords. that's a mess for businesses, just so you know. user can't change his password at will, you need to do it and change the program. same if you want to add a new user.

does that clear anything up?

@SheldonDec 13.2005 — #a mysql database would be alot better off

@CAT_web_designauthorDec 14.2005 — #Dont really know much about databases, i can do them on Microsoft Access.

Back to the php code -

Now Looks Like:

[code=php]<?php 
 // start the session 
 session_start(); 
 
 if (isset($_POST['username']) && isset($_POST['password'])) { 
 // check if the username and password combination is correct 
 if (    $_POST['username'] == 'bcmd' && $_POST['password'] == 'bcmdadmin'  || 
 $_POST['username'] == 'scsu' && $_POST['password'] == 'scsuadmin'  || 
 $_POST['username'] == 'catadmin' && $_POST['password'] == 'lol222' ) { 
 // the username and password match, 
 // set the session 
 $user_name =  $_POST['username']; 
 $_SESSION['ADMIN'] = $user_name; 
 
 
   // after login we move to the main page 
   header('Location: '.$user_name.'.php');    //will direct the user to a page names as their username 
   exit; 
   } else { 
   } 
 } 
 ?>[/code]

It's login in as $user_name rather than their actuall username.

Could anyone solve this problem?

Thanks for all the help so far....

@SheldonDec 14.2005 — #What are you trying to do now? did the code i post you not work? At the moment you are setting every user as an admin?

@CAT_web_designauthorDec 14.2005 — #Trying to set ADMIN as their username - but it is setting ADMIN as $user_name rather than their actuall username.

@NogDogDec 14.2005 — #Is [b]$_SESSION['username'] = 'ADMIN'[/b] what you mean?

@CAT_web_designauthorDec 14.2005 — #sorted that problem - one last thing, the logout.php

here it is - it needs adapting i think?

[code=php]<?php 
 // start the session 
 session_start(); 
 
 // if the user is logged in, unset the session 
 if (isset($_SESSION['ADMIN'])) { 
 unset($_SESSION['ADMIN']); 
 } 
 
 // now that the user is logged out, 
 // go to login page 
 header('Location: logoutsuccess.php'); 
 ?>[/code]

Heres what i have on the loginpage:

[code=php]<?php 
 // start the session 
 session_start(); 
 
 if (isset($_POST['username']) && isset($_POST['password'])) { 
 // check if the username and password combination is correct 
 if (    $_POST['username'] == 'bcmd' && $_POST['password'] == 'bcmdadmin'  || 
 $_POST['username'] == 'scsu' && $_POST['password'] == 'scsuadmin'  || 
 $_POST['username'] == 'catadmin' && $_POST['password'] == 'lol222' ) { 
 // the username and password match, 
 // set the session 
 $user_name =  $_POST['username']; 
 $_SESSION['ADMIN'] = '$user_name'; 
 
 
   // after login we move to the main page 
   header('Location: '.$user_name.'.php');    //will direct the user to a page names as their username 
   exit; 
   } else { 
   } 
 } 
 ?>[/code]

Also in #PHP _↴

Requesting help GD imagejpeg and echo some text, cant do Can someone please fix this for me? very short code sample.

Success!

Help @CAT_web_design spread the word by sharing this article on Twitter...

Tweet This

Login Script

23 Comments(s) _↴

Also in #PHP _↴

Success!

Social

Version

Login Script

23 Comments(s) ↴

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

23 Comments(s) _↴

Also in #PHP _↴