This is a very simple code and hardly requires any explanations. If you need any put the post here. functions.php PHP: <?phpfunction createsessions($username,$password){ //Add additional member to Session array as per requirement session_register(); $_SESSION["gdusername"] = $username; $_SESSION["gdpassword"] = md5($password); if(isset($_POST['remme'])) { //Add additional member to cookie array as per requirement setcookie("gdusername", $_SESSION['gdusername'], time()+60*60*24*100, "/"); setcookie("gdpassword", $_SESSION['gdpassword'], time()+60*60*24*100, "/"); return; }}function clearsessionscookies(){ unset($_SESSION['gdusername']); unset($_SESSION['gdpassword']); session_unset(); session_destroy(); setcookie ("gdusername", "",time()-60*60*24*100, "/"); setcookie ("gdpassword", "",time()-60*60*24*100, "/");}function confirmUser($username,$password){ // $md5pass = md5($password); // Not needed any more as pointed by ted_chou12 /* Validate from the database but as for now just demo username and password */ if($username == "demo" && $password = "demo") return true; else return false;}function checkLoggedin(){ if(isset($_SESSION['gdusername']) AND isset($_SESSION['gdpassword'])) return true; elseif(isset($_COOKIE['gdusername']) && isset($_COOKIE['gdpassword'])) { if(confirmUser($_COOKIE['gdusername'],$_COOKIE['gdpassword'])) { createsessions($_COOKIE['gdusername'],$_COOKIE['gdpassword']); return true; } else { clearsessionscookies(); return false; } } else return false;}?> index.php PHP: <?phpob_start();session_start();require_once ("functions.php");if (checkLoggedin()) echo "<H1>You are already logged in - <A href = \"login.php?do=logout\">logout</A></h1>";else echo "<H1>You are not logged in - <A href = \"login.php\">login</A></h1></h1>";?> login.php PHP: <?phpob_start();session_start();require_once ("functions.php");$returnurl = urlencode(isset($_GET["returnurl"])?$_GET["returnurl"]:"");if($returnurl == "") $returnurl = urlencode(isset($_POST["returnurl"])?$_POST["returnurl"]:"");$do = isset($_GET["do"])?$_GET["do"]:"";$do = strtolower($do);switch($do){case "": if (checkLoggedin()) { echo "<H1>You are already logged in - <A href = \"login.php?do=logout\">logout</A></h1>"; } else { ?> <form NAME="login1" ACTION="login.php?do=login" METHOD="POST" ONSUBMIT="return aValidator();"> <input TYPE="hidden" name="returnurl" value="<?=$returnurl?>"> <TABLE cellspacing="3"> <TR> <TD>Username:</TD> <TD><input TYPE="TEXT" NAME="username"></TD> <TD>Password:</TD> <TD><input TYPE="PASSWORD" NAME="password"></TD> </TR> <TR> <TD colspan="4" ALIGN="center"><input TYPE="CHECKBOX" NAME="remme"> Remember me for the next time I visit</TD> </TR> <TR> <TD ALIGN="CENTER" COLSPAN="4"><input TYPE="SUBMIT" name="submit" value="Login"></TD> </TR> </TABLE> </form> <?php } break;case "login": $username = isset($_POST["username"])?$_POST["username"]:""; $password = isset($_POST["password"])?$_POST["password"]:""; if ($username=="" or $password=="" ) { echo "<h1>Username or password is blank</h1>"; clearsessionscookies(); header("location: login.php?returnurl=$returnurl"); } else { if(confirmuser($username,md5($password))) // As pointed out by asgard2005 { createsessions($username,$password); if ($returnurl<>"") header("location: $returnurl"); else { header("Location: index.php"); } } else { echo "<h1>Invalid Username and/Or password</h1>"; clearsessionscookies(); header("location: login.php?returnurl=$returnurl"); } } break;case "logout": clearsessionscookies(); header("location: index.php"); break;}?> Attachment also modified with a bug as pointed out by asgard2005 here
Hello Mr. Shabbir I m grateful for this code but can you help me learning php more.. i have joined a forum www.tufat.com/foums and found it very helpful. but i need your guidence to learn more about php. Regards
Sure. Just put your queries related to PHP in PHP forum and we will definitely help you master in PHP
Hello Mr. Shabbir The code works well, but after logging out, somebody could hit the back button and see any data on the pages. How difficult would it be to prevent anyong seeing the pages after a logout just like the web sites for all the banks?
For that probably you need to be clearing the cache because thats not the actual page but the cache version and applying some metas can even prevent that.
*ps. if mutiple accounts are allowed, is it possible to have an echo that shows who is logged in right now? thank you very much, Ted.
Multiple sessions cannot be added to this script, only one user per session/per browser can be logged in at a time.
<?php ob_start(); session_start(); ?> ********** You mean here? ********** <? require_once ("functions.php"); if (checkLoggedin()) echo "<H1>You are already logged in - <A href = \"login.php?do=logout\">logout</A></h1>"; else echo "<H1>You are not logged in - <A href = \"login.php\">login</A></h1></h1>"; ?>
Yeah, right! But you may need to include or require your files before that, you can include your files, before the session code.
okay, ive solved that problem, now, if i want to store username and password in another txt file, what would i have to put in the main php page codes? eg. Code: if(file('logindata.txt')) return true; else return false; so far, i tried file(), fileread(), file_ get_ contents(), include(), require()...etc.. and a bunch of them, but none works, can you give me a suggestion?
It would be something like this PHP: <? $username = $_SESSION['usr']; $pwd = $_SESSION['pwd']; $h = fopen("userdata.txt"); fwrite($h,"$username\n$pwd\n\n"); fclose($h); ?>
where do i paste this in? <?$username = $_SESSION['usr'];$pwd = $_SESSION['pwd'];$h = fopen("userdata.txt");fwrite($h,"$username\n$pwd\n\n");fclose($h);?> and what do the "\n" stand for?
oh no, sorry, i think i didn't say it clearly, what i wish is to extract the information of username and password FROM the text file, not store them into the txt files. Thanks for understanding.
Well then you have to store the data in text files, in a specific format say user:location:age OR user#ocation#age, so that the data retrieval becomes easy. All you have to do is to read the text file line by line, and split it by the separator you have chosen or #) and then check the username part for a match. Bingo! you got your record.