• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2255
  • Last Modified:

PHP Login script with MySQL

Hello,
  I am farely new to PHP and I have stumbled on these set of scripts that work in conjunction to allow a person to login to my website. It works like this: Once you have tried to access the page that is password locked, it redirects you to the incSession.php page which determines if there is a cookie on your computer saying that you are logged in or not, but this page is not seen. If you are not logged in, it directs you to the Login.php page in which you can login. Once you have typed in the User and Password, it directs you to another page that can't be viewed, LoginAction.php. This page determines if you have entered the correct info by connecting to my MySQL page and seeing if that information is there or not. If it is, you will be directed to the page you want to view, if not, you go right back to the Login.php page. What I am trying to do is that I would like to add a timeout to the cookie or the session that the user is on and I would like to have a command here to determine if you have cookies enabled or not, and if not it would show an alert.

Here are the PHP pages in order:

members.php:(ex.)

<?PHP require('incSession.php'); ?>
<html>
..................
</html>

incSession.php:

<?php
// Check for a cookie, if none got to login page
if(!isset($HTTP_COOKIE_VARS['session_id'])) {
header('Location: Login.php?refer='.urlencode($PHP_SELF.'?'.$HTTP_SERVER_VARS['QUERY_STRING']));
}

// Try to find a match in the database
$sGUID = $HTTP_COOKIE_VARS['session_id'];
$hDB = mysql_connect('host', 'user', 'pass');
mysql_select_db('database', $hDB);

$sQuery = " 
Select iUser
From tblUsers
Where sGUID = '$sGUID'";

$hResult = mysql_query($sQuery, $hDB);

if(!mysql_num_rows($hResult)) {
// No match for guid
header('Location: Login.php?refer='.urlencode($PHP_SELF.'?'.$HTTP_SERVER_VARS['QUERY_STRING']));
}
?>

Login.php:

<html>
<body>
<p align="center"><form action="LoginAction.php" method="Post">
  <div align="center"><font color="#FF6600"><strong>User:<br />
        <input type="Text" name="psUser" />
        <br />
    Password:</strong></font><br />
    <input type="password" name="psPassword" />
    <br />
    <input type="submit" value="Login" />
   
  <input type="hidden" name="psRefer" value="<? echo($refer) ?>" >
  </div>
</form> </p>
</body>
</html>

LoginAction.php:

<?php
// Check if the information has been filled in
if($psUser == '' || $psPassword == '') {

// No login information
header('Location: Login.php?refer='.urlencode($psRefer));

} else {

// Authenticate user
$hDB = mysql_connect('host', 'user', 'pass');
mysql_select_db('database', $hDB);

$sQuery = " 
Select iUser, MD5(UNIX_TIMESTAMP() + iUser + RAND(UNIX_TIMESTAMP())) sGUID
From tblUsers
Where sUser = '$psUser'
And sPassword = password('$psPassword')";

$hResult = mysql_query($sQuery, $hDB);

if(mysql_num_rows($hResult)) {

$aResult = mysql_fetch_row($hResult);

// Update the user record
$sQuery = " 
Update tblUsers
Set sGUID = '$aResult[1]'
Where iUser = $aResult[0]";

mysql_query($sQuery, $hDB);

// Set the cookie and redirect
setcookie("session_id", $aResult[1]);

if(!$psRefer) $psRefer = 'index.php';
header('Location: '.$psRefer);

} else {

// Not authenticated
header('Location: Login.php?refer='.urlencode($psRefer));

}
}
?>
0
techadvanced06
Asked:
techadvanced06
  • 2
  • 2
1 Solution
 
techadvanced06Author Commented:
It might be hard to see in all of the code, but their are 4 PHP codes included in thier. member.php, incSession.php, Login.php, and LoginAction.php
0
 
frugleCommented:
The only way to determine if cookies are turned on is to set one then try to read it.

setcookie() defines a cookie to be sent along with the rest of the HTTP headers. Like other headers, cookies must be sent before any output from your script (this is a protocol restriction). This requires that you place calls to this function prior to any output, including <html> and <head> tags as well as any whitespace. If output exists prior to calling this function, setcookie() will fail and return FALSE. If setcookie() successfully runs, it will return TRUE. This does not indicate whether the user accepted the cookie.

setcookie.php

<?php
 #Attempt to set a cookie with 1 hour expiry
setcookie( 'test' , 'yes' , time()+3600);

#redirect to next page
header("Location: checkcookie.php");
?>

checkcookie.php

<?php
#Is cookie set?
if (isset($_COOKIE['test'])){

    # redirect to login page
    header("Location: yes_we_have_cookies.php");

} else {

    # redirect to warning page
    header("Location: error_no_cookies.php");

}

?>

see also http://www.php.net/manual/en/features.cookies.php

Setting cookies to expire is done when setting them.  You can forcibly expire a cookie by setting it to a time in the past.

expirecookie.php

<?php

# Set cookie expiry to 1 hour ago.
setcookie( 'test' , 'expired' , time()-3600);

?>

Expiring sessions can be done by altering session.gc_maxlifetime in php.ini or by using ini_set()

http://www.php.net/manual/en/function.ini-set.php

or you can use session_destroy () to log someone out.

see also http://www.php.net/manual/en/ref.session.php

hope this helps,

Mike
0
 
techadvanced06Author Commented:
Ok, where would I have to plug these commands into in my PHP code? Would that cookie code have to be before it sees if I am logged in or at the same time or what?
0
 
frugleCommented:
session expiry code should probably be put into the top of incSession.php

The cookie code can be run standalone as a "check for cookies" button. If your login works, you can assume cookies are on.

Mike
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now