Login Logout and Session Expire...

Angelos

Any Suggestions for an Authentication System ...
Do you have any Links to suggest ?
My current Authentication works ok but it has a major BUG !!!

BUG:
If I use the same Authentication mechanism in Two Different Websites and I
login in one of the two... Then I can change the URL to the other website
and it will log me in as the user of the other Website.

Anyway... I knew when I was writing that is not going to be perfect... but
maybe you can show me the door to getting it fixed.

What I actually do is this simple thing:
if (!isset($_SESSION['user_id'])) echo '<a href="login.php">Login</a>';

YES I know it doesn't even go close to an Authentication Mechanism... But it
does its job for a begginner...

Every page I call has a header.php and a footer.php so I just have to make
the Authentication in the Header...

Suggestions ..............
Thanks Angelos.

Jul 17 '05 #1

Subscribe Reply

5174

Craft

I use this on my auth. site, maybe this might help you

<?php
// This Function authenticates to make sure that the user has entered a
valid
// username and password, and then grabs the user's info
function authenticate($user, $pass, $minRank) {
global $diplomacy, $log, $members, $news, $status, $templates,
$useronline, $images;
global $fontString;
global $myrow;
global $recruit;
$result = @mysql_query("SELECT * FROM $members WHERE username =
\"$user\"");
$myrow = mysql_fetch_array($result);
if($myrow != NULL)
extract($myrow);

// If the username matches the result in the mysql query and the
password is correct
// return the rank of the user.
if($user == $username && $pass == $password and $username != NULL) {
if($disable != 1) {
if($rank >= $minRank) {
return 1;
}
else {
echo("
$fontString
You are not high enough rank. <center> <a href=main.php>Click Here to return to
console</center>
");
}
}
if($disable == 1) {
$result = @mysql_query("SELECT * FROM $members WHERE username =
\"$user\"");
$row = mysql_fetch_array($result);
extract($row);
echo("
$fontString
You have been disabled. 
$disabled
");
}
}
else {
if(!$user) {

echo("
$fontString

Invalid Username or Password 
Note: Username and Password are CaSe Sensitive.
 
If you are unsure of how your name is spelled you should check the
members page. 
If you had forgotten your password ask one of the generals to retrieve
it for you
<form action=main.php method=post>

Username: <INPUT style=\"border:1px solid
#76A5D5; WIDTH: 115px; HEIGHT: 20px; BACKGROUND-COLOR: #ffffff\"
type=username name=username size=\"20\"> 
Password:  <INPUT style=\"border:1px solid #76A5D5;
WIDTH: 115px; HEIGHT: 20px; BACKGROUND-COLOR: #ffffff\" type=password
name=password size=\"20\"> 
        &n bsp;       &nbs p;    <INPUT
style=\"border:1px solid #1874CD; WIDTH: 115px; HEIGHT: 20px;
BACKGROUND-COLOR: #76A5D5; float:center\" type=submit value=Login>

");

}
else {
echo("
$fontString
Invalid Username or Password 
Note: Username and Password are CaSe Sensitive.
 
If you are unsure of how your name is spelled you should check the
members page. 
If you had forgotten your password ask one of the generals to retrieve
it for you

<form action=main.php method=post>

Username: <INPUT style=\"border:1px solid
#76A5D5; WIDTH: 115px; HEIGHT: 20px; BACKGROUND-COLOR: #ffffff\"
type=username name=username size=\"20\"> 
Password:  <INPUT style=\"border:1px solid #76A5D5;
WIDTH: 115px; HEIGHT: 20px; BACKGROUND-COLOR: #ffffff\" type=password
name=password size=\"20\"> 
        &n bsp;       &nbs p;    <INPUT
style=\"border:1px solid #1874CD; WIDTH: 115px; HEIGHT: 20px;
BACKGROUND-COLOR: #76A5D5; float:center\" type=submit value=Login>
");
}
}

}
?>

This is used to grab the username & password from mysql and then lets
the member view w/e page this function is on like for example if i only
want a member of a rank 26 (admin) to view a page called ip.php that
views the name & ips of each member then i would put the following on
that page.

<?php
$username = $usercook;
$password = $passcook;
setcookie("usercook", $username);
setcookie("passcook", $password);

require("functions.php");

if(authenticate($username, $password, 26)) {
Ip();
}
?>

Maybe this will help you.. if you want the full code then email me and
ill help you out...

Jul 17 '05 #2

Angelos

> Maybe this will help you.. if you want the full code then email me and

ill help you out...

First of all thank you for your reply,
This code is better than nothing so it will be a bit helpfull. Although I
noticed that you use globals... and I don't know how that is going to affect
my program that doesn't use Globals... Also I don't use Cookies....

So I will wait to see if I have any other suggestions and then I will have a
better look in your Code bit ...
Thanks Again Craft !!!

Jul 17 '05 #3

Craft

No probelm.. sessions are tricky.. but i use cookies b/c you can set
how long til they expire.. so if the user times out (ie: closes the
page for how ever long i set it) they logged out.. but yea no problem..

You could try and use different variables for each site..

IE: $username & $password for one site

then $user & $pass for the other so then you wont be logged in one
both.. just and idea it might work..

Jul 17 '05 #4

Botan Guner

You can register another variable like

$_SESSION['site']=$_SERVER['SERVER_NAME'];

this will register the sites adress (www.site.com) to session than you
can compare the sites after login while checking
(!isset($_SESSION['user_id']))

if (!isset($_SESSION['user_id']) or
(isset($_SESSION['site'])!=$_SERVER['SERVER_NAME']))

If you are working on localhost its better you to use
$site=explode("/",$_SERVER['PHP_SELF']);
$_SESSION['site']=$site[1];

to get the directory name of your site insted of
$_SERVER['SERVER_NAME'].

Jul 17 '05 #5

Angelos

> You could try and use different variables for each site..

IE: $username & $password for one site

then $user & $pass for the other so then you wont be logged in one
both.. just and idea it might work..

Yeah That is an OPTION ... not the Best Though but you can get away with the
problem I have at the moment. Thanks Again !!! ;-)

Jul 17 '05 #6

Angelos

> if (!isset($_SESSION['user_id']) or

(isset($_SESSION['site'])!=$_SERVER['SERVER_NAME']))

If you are working on localhost its better you to use
$site=explode("/",$_SERVER['PHP_SELF']);
$_SESSION['site']=$site[1];

to get the directory name of your site insted of
$_SERVER['SERVER_NAME'].

Wow... That was something I haven't thought ... Great !!!
This will definetely do my Job ;-)
Cheers Botan Guner !!!

Jul 17 '05 #7

Jamie Meyers

I actually had a problem with logging into both my sites when I was
developing my open source CMS (ProtonCMS http://protoncms.gotdns.com). Here
is what I did to stop it, and I'll show you how allow it also.

on every page put (in your case header.php).

<other session stuff here>
session_name(SITE_SESS_NAME);
session_start();

If SITE_SESS_NAME is different, then you cannot go across domains that are
on one machine, however if they are the same, then it works like a charm. I
hope this helps.

Jul 17 '05 #8

Similar topics

2835

php login script error

by: koolyio | last post by:

Hey, could you please tell me what is wrong with my login script. I just started learning php. CODE: login.php <? session_start(); header("Cache-Control: private"); ?>

PHP

1657

implementing login/logout (new to php)

by: konsu | last post by:

hello, i need to implement a secure web site in php and mysql but i have just started looking at php a few days ago, and i would appreciate any advice from the experts. the site, as i said,...

PHP

3925

Single User Login At A Time

by: Joey Lee | last post by:

Hi, Does anyone knows how to control user login that only a single userid can login at a time? Thanks Joey

ASP.NET

2853

by: Shakun | last post by:

Hi All, This is my 1st posting to this group. Can any1 help me with the "Remember Me" which is there in a login form. Im pasting the code below. Im not able to set a cookie.. Thanks, Shakun...

PHP

4058

phpmyadmin database built on my server and i cannot connect wiht my login page

by: tolkienarda | last post by:

Hi all I work for a small webdesign company and we have remote hosting. i built a mysql database with phpmyadmin on the server. i then downloaded and modified a php login page. i am continuing to...

MySQL Database

3313

by: Kandiman | last post by:

Hiya, i made a asp page, and one of my divs (as a include) is as below. the problem is if the main page is resubmitted, i get logged out again?... heres the code.. i think its on the value=true...

ASP / Active Server Pages

3279

How to change the login hyper link to logout when successfully logged in

by: Adrock952 | last post by:

I have a link on my site which obviously says "Login" where users log in. I would like that link to be changed to "Logout" when the user has successfully logged in and the session has been created...

Javascript

4794

Logout and Login is Screwy

by: DavidPr | last post by:

When I logout as one user and log in under a different user, it opens with the last user's information. User 1 - Unsername: Davey Jones User 2 - Unsername: David Smith I log out from Davey...

PHP

53925

On logout disable the back button and expire session

by: vinodsk101 | last post by:

Hi all, I am developing a web application. I am using Servlet and JSP. After logout the user should not able to see the previous pages and page should navigate to loginpage.jsp. I have used...

Java

7086

Changing the language in Windows 10

by: Hystou | last post by:

Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...

Windows Server

7280

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...

C / C++

7330

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...

Online Marketing

7460

Discussion: How does Zigbee compare with other wireless protocols in smart home applications?

by: tracyyun | last post by:

Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...

General

5014

Access Europe - Using VBA to create a class based on a table - Wed 1 May

by: isladogs | last post by:

The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...

Microsoft Access / VBA

3167

Trying to create a lan-to-lan vpn between two differents networks

by: TSSRALBI | last post by:

Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...

Networking - Hardware / Configuration

3154

Windows Forms - .Net 8.0

by: adsilva | last post by:

A Windows Forms form does not have the event Unload, like VB6. What one acts like?

Visual Basic .NET

1512

transfer the data from one system to another through ip address

by: 6302768590 | last post by:

Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...

C# / C Sharp

380

Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy

by: bsmnconsultancy | last post by:

In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...

General