By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
454,406 Members | 1,470 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 454,406 IT Pros & Developers. It's quick & easy.

Login Logout and Session Expire...

P: n/a
Any Suggestions for an Authentication System ...
Do you have any Links to suggest ?
My current Authentication works ok but it has a major BUG !!!

BUG:
If I use the same Authentication mechanism in Two Different Websites and I
login in one of the two... Then I can change the URL to the other website
and it will log me in as the user of the other Website.

Anyway... I knew when I was writing that is not going to be perfect... but
maybe you can show me the door to getting it fixed.

What I actually do is this simple thing:
if (!isset($_SESSION['user_id'])) echo '<a href="login.php">Login</a>';

YES I know it doesn't even go close to an Authentication Mechanism... But it
does its job for a begginner...

Every page I call has a header.php and a footer.php so I just have to make
the Authentication in the Header...

Suggestions ..............
Thanks Angelos.
Jul 17 '05 #1
Share this Question
Share on Google+
7 Replies


P: n/a
I use this on my auth. site, maybe this might help you

<?php
// This Function authenticates to make sure that the user has entered a
valid
// username and password, and then grabs the user's info
function authenticate($user, $pass, $minRank) {
global $diplomacy, $log, $members, $news, $status, $templates,
$useronline, $images;
global $fontString;
global $myrow;
global $recruit;
$result = @mysql_query("SELECT * FROM $members WHERE username =
\"$user\"");
$myrow = mysql_fetch_array($result);
if($myrow != NULL)
extract($myrow);

// If the username matches the result in the mysql query and the
password is correct
// return the rank of the user.
if($user == $username && $pass == $password and $username != NULL) {
if($disable != 1) {
if($rank >= $minRank) {
return 1;
}
else {
echo("
$fontString
You are not high enough rank. <center><br><font size=2
face=verdana><b><a href=main.php>Click Here to return to
console</font></b></center>
");
}
}
if($disable == 1) {
$result = @mysql_query("SELECT * FROM $members WHERE username =
\"$user\"");
$row = mysql_fetch_array($result);
extract($row);
echo("
$fontString
You have been disabled.<br><br>
<font color=#1C86EE size=1 face=verdana>$disabled</font>
");
}
}
else {
if(!$user) {

echo("
$fontString

<b><font color=red>Invalid Username or Password</font></b><br><br>
<font color=red>Note:</font> Username and Password are CaSe Sensitive.
<br>
If you are unsure of how your name is spelled you should check the
members page.<br>
If you had forgotten your password ask one of the generals to retrieve
it for you<p>
<form action=main.php method=post>
<FONT color=#76A5D5 size=2>
<b>Username:<b> <INPUT style=\"border:1px solid
#76A5D5; WIDTH: 115px; HEIGHT: 20px; BACKGROUND-COLOR: #ffffff\"
type=username name=username size=\"20\"><br>
<b>Password:</b>&nbsp; <INPUT style=\"border:1px solid #76A5D5;
WIDTH: 115px; HEIGHT: 20px; BACKGROUND-COLOR: #ffffff\" type=password
name=password size=\"20\"><br><br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs p;&nbsp;&nbsp;&nbsp;&nbsp;<INPUT
style=\"border:1px solid #1874CD; WIDTH: 115px; HEIGHT: 20px;
BACKGROUND-COLOR: #76A5D5; float:center\" type=submit value=Login>

");

}
else {
echo("
$fontString
<b><font color=red>Invalid Username or Password</font></b><br><br>
<font color=red>Note:</font> Username and Password are CaSe Sensitive.
<br>
If you are unsure of how your name is spelled you should check the
members page.<br>
If you had forgotten your password ask one of the generals to retrieve
it for you
<p>
<form action=main.php method=post>
<FONT color=#76A5D5 size=2>
<b>Username:<b> <INPUT style=\"border:1px solid
#76A5D5; WIDTH: 115px; HEIGHT: 20px; BACKGROUND-COLOR: #ffffff\"
type=username name=username size=\"20\"><br>
<b>Password:</b>&nbsp; <INPUT style=\"border:1px solid #76A5D5;
WIDTH: 115px; HEIGHT: 20px; BACKGROUND-COLOR: #ffffff\" type=password
name=password size=\"20\"><br><br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs p;&nbsp;&nbsp;&nbsp;&nbsp;<INPUT
style=\"border:1px solid #1874CD; WIDTH: 115px; HEIGHT: 20px;
BACKGROUND-COLOR: #76A5D5; float:center\" type=submit value=Login>
");
}
}

}
?>

This is used to grab the username & password from mysql and then lets
the member view w/e page this function is on like for example if i only
want a member of a rank 26 (admin) to view a page called ip.php that
views the name & ips of each member then i would put the following on
that page.

<?php
$username = $usercook;
$password = $passcook;
setcookie("usercook", $username);
setcookie("passcook", $password);

require("functions.php");

if(authenticate($username, $password, 26)) {
Ip();
}
?>

Maybe this will help you.. if you want the full code then email me and
ill help you out...

Jul 17 '05 #2

P: n/a
> Maybe this will help you.. if you want the full code then email me and
ill help you out...


First of all thank you for your reply,
This code is better than nothing so it will be a bit helpfull. Although I
noticed that you use globals... and I don't know how that is going to affect
my program that doesn't use Globals... Also I don't use Cookies....

So I will wait to see if I have any other suggestions and then I will have a
better look in your Code bit ...
Thanks Again Craft !!!
Jul 17 '05 #3

P: n/a
No probelm.. sessions are tricky.. but i use cookies b/c you can set
how long til they expire.. so if the user times out (ie: closes the
page for how ever long i set it) they logged out.. but yea no problem..

You could try and use different variables for each site..

IE: $username & $password for one site

then $user & $pass for the other so then you wont be logged in one
both.. just and idea it might work..

Jul 17 '05 #4

P: n/a
You can register another variable like

$_SESSION['site']=$_SERVER['SERVER_NAME'];

this will register the sites adress (www.site.com) to session than you
can compare the sites after login while checking
(!isset($_SESSION['user_id']))

if (!isset($_SESSION['user_id']) or
(isset($_SESSION['site'])!=$_SERVER['SERVER_NAME']))

If you are working on localhost its better you to use
$site=explode("/",$_SERVER['PHP_SELF']);
$_SESSION['site']=$site[1];

to get the directory name of your site insted of
$_SERVER['SERVER_NAME'].

Jul 17 '05 #5

P: n/a
> You could try and use different variables for each site..

IE: $username & $password for one site

then $user & $pass for the other so then you wont be logged in one
both.. just and idea it might work..


Yeah That is an OPTION ... not the Best Though but you can get away with the
problem I have at the moment. Thanks Again !!! ;-)
Jul 17 '05 #6

P: n/a
> if (!isset($_SESSION['user_id']) or
(isset($_SESSION['site'])!=$_SERVER['SERVER_NAME']))

If you are working on localhost its better you to use
$site=explode("/",$_SERVER['PHP_SELF']);
$_SESSION['site']=$site[1];

to get the directory name of your site insted of
$_SERVER['SERVER_NAME'].


Wow... That was something I haven't thought ... Great !!!
This will definetely do my Job ;-)
Cheers Botan Guner !!!
Jul 17 '05 #7

P: n/a
I actually had a problem with logging into both my sites when I was
developing my open source CMS (ProtonCMS http://protoncms.gotdns.com). Here
is what I did to stop it, and I'll show you how allow it also.

on every page put (in your case header.php).

<other session stuff here>
session_name(SITE_SESS_NAME);
session_start();

If SITE_SESS_NAME is different, then you cannot go across domains that are
on one machine, however if they are the same, then it works like a charm. I
hope this helps.
Jul 17 '05 #8

This discussion thread is closed

Replies have been disabled for this discussion.