1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Login and Logout using Sessions and Cookies

Discussion in 'PHP' started by shabbir, Jun 15, 2005.

  1. ted_chou12

    ted_chou12 New Member

    Joined:
    Nov 21, 2006
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    0
    Home Page:
    can you write an eg. and send the file to me with zip?
     
  2. ted_chou12

    ted_chou12 New Member

    Joined:
    Nov 21, 2006
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    0
    Home Page:
    i just want a simple example. With the username and age in the text file and the codes that you have to include in the php page, thanks so much.
     
  3. ted_chou12

    ted_chou12 New Member

    Joined:
    Nov 21, 2006
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    0
    Home Page:
    spiderman, you not there...? HELP ASAP
     
  4. pradeep

    pradeep Team Leader

    Joined:
    Apr 4, 2005
    Messages:
    1,646
    Likes Received:
    86
    Trophy Points:
    0
    Occupation:
    Programmer
    Location:
    Kolkata, India
    Home Page:
    Try this out, hope you got the point!

    PHP:
    <?
    /*
    **    Our text file's format is values separated by #
    **    And example entry would look like this
    **    pradeep#myPassword#Kolkata
    */

    $TEXT_FILE 'data.txt';
    $aData = @file($TEXT_FILE); // collect all data into an array

    // Dummy data
    $user 'pradeep';
    $pwd 'g4e';

    foreach(
    $aData as $v)
    {
        list(
    $u,$p,$c) = explode("#",$v); // split up the differnt parts of the data

        
    if($u == $user && $p == $pwd)
        {
            print 
    "Matched";
            break;
        }
    }

    ?>
    Sample text file:
    Code:
    pradeep#g4e#Kolkata
    shabbir#G4E#Kolkata
    manindar#ABC#Mumbai
    
     
  5. ted_chou12

    ted_chou12 New Member

    Joined:
    Nov 21, 2006
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    0
    Home Page:
    hey, thanks a lot. it finally worked :) :cool:
     
  6. ted_chou12

    ted_chou12 New Member

    Joined:
    Nov 21, 2006
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    0
    Home Page:
    hi, again.
    As i got this to work, things got more complicated, here
    PHP:
    <?php
    $bData 
    = @file("../admin/log_files/members_list.txt"); 
    foreach(
    $bData as $w){list($username1,$username2,$username3) = explode(":",$w);
    $aData = @file("../admin/log_files/members_list.txt"); // collect all data into an array
    foreach($aData as $v){list($username,$email,$time) = explode(":",$v); // split up the differnt parts of the data?
    echo "<table><tr><td><font face=\"arial\" size=5><b>Last Modification:</b></td><td>$username</td></tr></font>";
    echo 
    "<tr><td><font face=\"arial\" size=5><b>Name:</b></td><td>$email</td></tr></font>";
    echo 
    "<tr><td><font face=\"arial\" size=5><b>Gender:</b></td><td>$time</td></tr></font></table>";}}
    ?>
    Now I have two layers, I separated each username with # and the user data with :, and i want to ask if the "$username1,$username2,$username3..." part streches to infinity, what shall i put in? :confused:
     
  7. pradeep

    pradeep Team Leader

    Joined:
    Apr 4, 2005
    Messages:
    1,646
    Likes Received:
    86
    Trophy Points:
    0
    Occupation:
    Programmer
    Location:
    Kolkata, India
    Home Page:
    PHP:
    <?
    // Simple just do this
    $aUserList explode("#",$v);
    // This returns an array
    ?>
     
  8. ted_chou12

    ted_chou12 New Member

    Joined:
    Nov 21, 2006
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    0
    Home Page:
    oh, so you dont separte the data?
     
  9. ted_chou12

    ted_chou12 New Member

    Joined:
    Nov 21, 2006
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    0
    Home Page:
    Can you give me another example please?
    I cant get it to work
    ps. please do include the txt file as well, a big "pre"thanks!
     
  10. cyberience

    cyberience New Member

    Joined:
    Dec 5, 2006
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    Good script, got a question though, if we have multiple servers with various configurations in load balancing, and we try to maintain a session, that session will be lost when either round robin on next connection is in effect, so sessions is not an option due to persistence issues, and we don't want to enable persistence through the firewall, as it is not under our control. so we would need to rely on the cookie credentials for every page call to validate the user log in!
    also, due to distributed database architecture, we can not maintain credentials in the database either. So we would need to take the cookie credentials and validate on every page. and pass other data via http header.

    What is the modification to this script if sessions are not available, but still maintain security?
     
  11. ubye

    ubye New Member

    Joined:
    Feb 8, 2007
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    i need more explanation about that code..please help me
     
  12. pradeep

    pradeep Team Leader

    Joined:
    Apr 4, 2005
    Messages:
    1,646
    Likes Received:
    86
    Trophy Points:
    0
    Occupation:
    Programmer
    Location:
    Kolkata, India
    Home Page:
    The code snippet provided is quite self-explanatory, what exactly are you failing to understand?
     
  13. qaladien

    qaladien New Member

    Joined:
    Feb 28, 2007
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    0
    I am attemptin gto modify your script to work on my server as a session / user manager authenticator. Logically i can follow th eprogram flow, but I am running in to 2 issues which i hope you are able to assit me with. Any help would be appreciated.

    1.) Inside "function confirmUser" i have added the following text to connect to my database and get the information i want to verify (tested this portion alone in a test.php file and i get success when echoing "SUCCESS" on return true)


    <----- BEGIN CODE SNIPPET

    Code:
    //Connecting, selecting database
    $link = mysql_connect('X.X.X.X,'USER','PWORD') or die('Could not connect: ' . mysql_error());
    mysql_select_db('DBASE') or die('Could not select database');
    
    //DO QUERY
    $query = 'SELECT username,password FROM users WHERE username='.$username;
    $result = mysql_query($query);
    $data = mysql_fetch_assoc($result);
    $md5pass = md5($password);
    
    //VALIDATE LOGON
        if($username == $data[username] && $md5pass == $data[password]) 
    		return true;
        else 
    		return false;
    } 

    ^----- END CODE SNIPPET


    2. Inside login.php, the section as below is not passing errors when username/pword are blank


    <------ BEGIN CODE SNIPPET
    Code:
    case "login": 
        $username = isset($_POST["username"])?$_POST["username"]:""; 
        $password = isset($_POST["password"])?$_POST["password"]:""; 
    
        if ($username=="" or $password=="" ) 
        { 
            echo "<h1>Username or password is blank</h1>"; 
            clearsessionscookies(); 
            header("location: login.php?returnurl=$returnurl"); 
        } 
    ^----- END CODE SNIPPET


    The page index.php correctly passes me to login.php, i enter a username password, and get returned to the login UName PWord boxes with no error output. Thanks for any assistance and nice elegant code that was easy to follow barring this issue.



    Qaladien
     
  14. pradeep

    pradeep Team Leader

    Joined:
    Apr 4, 2005
    Messages:
    1,646
    Likes Received:
    86
    Trophy Points:
    0
    Occupation:
    Programmer
    Location:
    Kolkata, India
    Home Page:
    Try writing

    PHP:
    //DO QUERY
    $query 'SELECT username,password FROM users WHERE username='.$username;
    As

    PHP:
    //DO QUERY
    $query sprintf('SELECT username,password FROM users WHERE username="%s" AND password=MD5("%s")',$username,$password);
    $r mysql_query($query);
    if(
    mysql_num_rows($r)>0)
    {
      
    //Success
    }
     
  15. qaladien

    qaladien New Member

    Joined:
    Feb 28, 2007
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    0
    the password is stored in the database as MD5 not in raw form so i can drop the MD5 you have in the variable right?
     
  16. pradeep

    pradeep Team Leader

    Joined:
    Apr 4, 2005
    Messages:
    1,646
    Likes Received:
    86
    Trophy Points:
    0
    Occupation:
    Programmer
    Location:
    Kolkata, India
    Home Page:
    yeah right!
     
  17. asgard2005

    asgard2005 New Member

    Joined:
    Mar 23, 2007
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    0
    Hi, am I right in seeing that login.php calls confirmUser() with a plaintext password but if a cookie is present and its called from the checkloggedin() function the password is sent to confirmuser() in MD5 format?
     
  18. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,287
    Likes Received:
    364
    Trophy Points:
    83
    The point you are making is correct. You need to have a new flag in confirmUser where you know if its plain or encrypted to fix the issue. Very nice point I must say. I guess if I get time I will definitely update the article.
     
  19. asgard2005

    asgard2005 New Member

    Joined:
    Mar 23, 2007
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    0

    In login.php just change it to:
    if(confirmuser($username,md5($password)))


    works since the session and cookie stored password is MD5 always.
     
  20. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,287
    Likes Received:
    364
    Trophy Points:
    83
    I have rectified the error.
     

Share This Page