spacepoet Posted January 30, 2011 Share Posted January 30, 2011 Hello everyone: I wanted to see how I can make a simple login page (user name and password) that redirects to a page(s) if the login is correct. Also, I wanted to put protection on the page(s) that will send the user back to the login page if the credentials are nor correct. I would imagine the username/password would be stored in a database table (Admins), and the correct login info would be stored in a session ..? I am use to doing this with ASP, but never PHP. I want to make sure I understand how to do this properly and securely so I can use this as a model for other systems. In ASP I would do a protected page like this: a_login_check.asp <% if session("admin_user_name") = "" then session.abandon response.redirect "login.asp" end if %> Protected-Page.asp <!-- #include file="include/a_check_login.asp" --> <html> ... CONTENT ... </html> And of course there is the login page itself ... (I thought it would be nice to add a "Forgot Password" link on the login page, but if that is too complicated I can do that later .. or is it easy ??) Anyway, can someone point-out to me how to do this. I would appreciate it! Quote Link to comment Share on other sites More sharing options...
ChemicalBliss Posted January 30, 2011 Share Posted January 30, 2011 This may seem like a cheap-shot but have you tried google? I would say these forums are for people who are stuck with a specific problem/logic in their code. There are plenty of beginner tutorials with plentiful information on security and usability around the web regarding authentication. You will need to know a few basics and important vulnerabilities of PHP in order to make a production-level authentication system (one the public will use); Try some tutorials from here, phpfreaks: http://www.phpfreaks.com/tutorial/php-basic-database-handling http://www.phpfreaks.com/tutorial/php-security Then do a google for the actual authentication tutorial, there are hundreds, find one that looks right for your project. http://www.google.co.uk/search?q=php+authentication+tutorial hope this helps Quote Link to comment Share on other sites More sharing options...
colleyboy Posted January 30, 2011 Share Posted January 30, 2011 Hi, Obviously presuming you know some php. You would need to consist a few pages. dbconnect.php login.html checklogin.php the dbconnect.php would obviously have all the database details and connection details. the login.html would be a html form username and password which points towards the checklogin.php the checklogin.php would have coding that would check the username and password against the database and if username and password is ok is starts the session and forwards to the index.php which is the admin area. index.php and all pages you want to password protect would have coding at the top checking if the session is started and if it is then lets the page load and if not it will redirect to login.html. Fairly simple. Ian Quote Link to comment Share on other sites More sharing options...
spacepoet Posted January 30, 2011 Author Share Posted January 30, 2011 Hi: Yes, I have a myConn.php (database connection), database set-up with a small CMS (am going to post about this for another issue), etc. I just want to know the code I use is proper - sometimes GOOGLE has good code, sometimes bad. I will look into it and see what happens. Quote Link to comment Share on other sites More sharing options...
spangle1187 Posted February 1, 2011 Share Posted February 1, 2011 I was working on a similar pfoject getting users to sign up and sign a quick verification to the db and then some session data created and so forth. I followed a tutorial on The New Boston, its under php tutorials andhe is creating a game that requires a login procedure. It may well be worth a look. Quote Link to comment Share on other sites More sharing options...
ChemicalBliss Posted February 1, 2011 Share Posted February 1, 2011 Just to let you know, the PHP equivalents of the ASP code you posted is as follows: a_login_check.PHP <?php if (!isset($_SESSION["admin_user_name"])){ Header("location: login.php"); } ?> Protected-Page.PHP <?php include("include/a_check_login.PHP"); ?> <html> ... CONTENT ... </html> There are many "best-practices" to follow but i would reccomend reading over a couple "PHP Security" guides/tutorials . hope this helps. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.