pedromsouza Posted February 7, 2011 Share Posted February 7, 2011 Hi! I wanted to develop a code for authentication... I have to allow/deny access to some pages according to user's login. And users that didn't login shouldn't have access to any page but the first one. I created simples pages for explaining... PS: "senha" means "password" (portuguese). I created a page called "pre_index.html". Anyone should be able to access this one. It contains a form where users can insert login and password. After submitting, it would automatically lead to "index.php", the page for registered users only. So... this is pre_index.html: <code> <xhtml> <head> <title>Pagina Teste</title> </head> <body> <form action= method="post"> <input type="text" name="login">Login: </input> <input type="pwd" name="senha">Senha: </input> </form> </body> </xhtml> </code> The form send data to "login.php"; <code> <xhtml> <head> <title>Pagina Teste</title> </head> <body> <?php //recuperando valores do formulario $login=$_POST["login"]; $senha=$_POST["senha"]; //conectando ao banco de dados include "include_conect_bd.inc"; //verificando valores $verif = mysql_query ("select * from usr where login = '$login' and senha = '$senha'"); $verif2 = mysql_num_rows($verif); //gerando cookies if($verif2!=0) {echo "Login realizado com sucesso!<br>"; setcookie("login",$login); setcookie("senha",$senha);} elseif($verif2==0) {echo "Login não realizado, verifique login e senha.<br>"; setcookie("login"); setcookie("senha"); header ("location: index.php");} ?> </body> </xhtml> </code> "login.php" leads to "index.php"; <code> <?php include "include_verif_cookie.inc"; ?> <xhtml> <head> <title>Pagina Teste dos Usuarios Logados</title> </head> <body> <div> <ul> <li><a href="#">Home</a></li> <li><a href="#">Um</a></li> <li><a href="#">Dois</a></li> </ul> </div> </form> </body> </xhtml> </code> "index.php" contains an include that should check if user is registered (and allow/deny access to "index.php") so, the include... <code> <?php include "include_database_db.inc"; if(isset($_COOKIE["login"]) {$login = $_COOKIE["login"];} if(isset($_COOKIE["senha"]) {$senha = $_COOKIE["senha"];} ?> </code> #1: is it correct? #2: how can I send user back to "pre_index.html" if he is not logged in? #3: is it safe enough? Thanks in advance! Quote Link to comment Share on other sites More sharing options...
zenlord Posted February 7, 2011 Share Posted February 7, 2011 That is a very basic login-form, so it probably is not safe enough. But a few pointers: stick to 1 page, index.php, in which you make 2 divisions (pseudo-code follows): if isset $_COOKIE['senha']: -> user is logged in and gets to see the page for logged users else -> visitor gets to see login form Next: read up on sessions, cookies and use a fwe of the examples out of the php.net-examples and user contributions... Vincent Quote Link to comment Share on other sites More sharing options...
pedromsouza Posted February 7, 2011 Author Share Posted February 7, 2011 Thanks Vincent, I wrote this include to switch between index.php and login.php according to cookie's data. Is it ok if I put this in every page? I'll read later about enhancing security but now I just have to make "basic login function" work. Include... <?php $erro==0; include "include_database_db.inc"; if(isset($_COOKIE["login"]) {$login = $_COOKIE["login"]; $erro==0;} elseif(isset($_COOKIE["senha"]) {$senha = $_COOKIE["senha"]; $erro==0;} else {$erro==1;exit;} if($erro!=0) {header ("Location: login_page.php");} else {header ("Location: index.php"); exit;} ?> Quote Link to comment Share on other sites More sharing options...
zenlord Posted February 7, 2011 Share Posted February 7, 2011 looks correct - you don't need the last 'exit' - it never gets executed. V Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.