Login script php mysql
Ik ben sinds een paar daagjes bezig met een login script in php en mySQL.
Het lukt allemaal prima want, het loopt helemaal goed maar, is het mogelijk om sommige gebruikersnamen naar een andere pagina te sturen?
MVG,
Een wanhopige PHP-scripter
index
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
<?php
require($_SERVER['DOCUMENT_ROOT'] . 'login/includes/config.php');
$sOutput .= '<div id="index-body">';
if (loggedIn()) {
$sOutput .= '<h2>Welcome!</h2>
Hello, ' . $_SESSION['username'] . '<br />
<h4>Would you like to <a href="login.php?action=logout">Logout?</a></h4>';
}else {
$sOutput .= '<h2>Welcome to the login page</h2><br><a href="login.php">login</a>?</h4>
<h4>Create a new <a href="register.php">account</a>?</h4>';
}
$sOutput .= '</div>';
echo $sOutput;
?>
require($_SERVER['DOCUMENT_ROOT'] . 'login/includes/config.php');
$sOutput .= '<div id="index-body">';
if (loggedIn()) {
$sOutput .= '<h2>Welcome!</h2>
Hello, ' . $_SESSION['username'] . '<br />
<h4>Would you like to <a href="login.php?action=logout">Logout?</a></h4>';
}else {
$sOutput .= '<h2>Welcome to the login page</h2><br><a href="login.php">login</a>?</h4>
<h4>Create a new <a href="register.php">account</a>?</h4>';
}
$sOutput .= '</div>';
echo $sOutput;
?>
login.php
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
<?php
require($_SERVER['DOCUMENT_ROOT'] . 'login/includes/config.php');
if (isset($_GET['action'])) {
switch (strtolower($_GET['action'])) {
case 'login':
if (isset($_POST['username']) && isset($_POST['password'])) {
if (!validateUser($_POST['username'], $_POST['password'])) {
$_SESSION['error'] = "Bad username or password supplied.";
unset($_GET['action']);
}
}else {
$_SESSION['error'] = "Username and Password are required to login.";
unset($_GET['action']);
}
break;
case 'logout':
if (loggedIn()) {
logoutUser();
$sOutput .= '<h1>Logged out!</h1><br />You have been logged out successfully.
<br /><h4>Would you like to go to <a href="index.php">site index</a>?</h4>';
}else {
unset($_GET['action']);
}
break;
}
}
$sOutput .= '<div id="index-body">';
if (loggedIn()) {
$sOutput .= '<h1>Logged In!</h1><br /><br />
Hello, ' . $_SESSION["username"] . ' how are you today?<br /><br />
<h4>Would you like to <a href="login.php?action=logout">logout</a>?</h4>
<h4>Would you like to go to <a href="index.php">site index</a>?</h4>';
}elseif (!isset($_GET['action'])) {
$sUsername = "";
if (isset($_POST['username'])) {
$sUsername = $_POST['username'];
}
$sError = "";
if (isset($_SESSION['error'])) {
$sError = '<span id="error">' . $_SESSION['error'] . '</span><br />';
}
$sOutput .= '<h2>Login to our site</h2><br />
<div id="login-form">
' . $sError . '
<form name="login" method="post" action="login.php?action=login">
Username: <input type="text" name="username" value="' . $sUsername . '" /><br />
Password: <input type="password" name="password" value="" /><br /><br />
<input type="submit" name="submit" value="Login!" />
</form>
</div>
<h4>Would you like to <a href="login.php">login</a>?</h4>
<h4>Create a new <a href="register.php">account</a>?</h4>';
}
$sOutput .= '</div>';
echo $sOutput;
?>
require($_SERVER['DOCUMENT_ROOT'] . 'login/includes/config.php');
if (isset($_GET['action'])) {
switch (strtolower($_GET['action'])) {
case 'login':
if (isset($_POST['username']) && isset($_POST['password'])) {
if (!validateUser($_POST['username'], $_POST['password'])) {
$_SESSION['error'] = "Bad username or password supplied.";
unset($_GET['action']);
}
}else {
$_SESSION['error'] = "Username and Password are required to login.";
unset($_GET['action']);
}
break;
case 'logout':
if (loggedIn()) {
logoutUser();
$sOutput .= '<h1>Logged out!</h1><br />You have been logged out successfully.
<br /><h4>Would you like to go to <a href="index.php">site index</a>?</h4>';
}else {
unset($_GET['action']);
}
break;
}
}
$sOutput .= '<div id="index-body">';
if (loggedIn()) {
$sOutput .= '<h1>Logged In!</h1><br /><br />
Hello, ' . $_SESSION["username"] . ' how are you today?<br /><br />
<h4>Would you like to <a href="login.php?action=logout">logout</a>?</h4>
<h4>Would you like to go to <a href="index.php">site index</a>?</h4>';
}elseif (!isset($_GET['action'])) {
$sUsername = "";
if (isset($_POST['username'])) {
$sUsername = $_POST['username'];
}
$sError = "";
if (isset($_SESSION['error'])) {
$sError = '<span id="error">' . $_SESSION['error'] . '</span><br />';
}
$sOutput .= '<h2>Login to our site</h2><br />
<div id="login-form">
' . $sError . '
<form name="login" method="post" action="login.php?action=login">
Username: <input type="text" name="username" value="' . $sUsername . '" /><br />
Password: <input type="password" name="password" value="" /><br /><br />
<input type="submit" name="submit" value="Login!" />
</form>
</div>
<h4>Would you like to <a href="login.php">login</a>?</h4>
<h4>Create a new <a href="register.php">account</a>?</h4>';
}
$sOutput .= '</div>';
echo $sOutput;
?>
register.php
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
<?php
require($_SERVER['DOCUMENT_ROOT'] . 'login/includes/config.php');
$sOutput .= '<div id="register-body">';
if (isset($_GET['action'])) {
switch (strtolower($_GET['action'])) {
case 'register':
if (isset($_POST['username']) && isset($_POST['password'])) {
if (createAccount($_POST['username'], $_POST['password'])) {
$sOutput .= '<h1>Account Created</h1><br />Your account has been created.
You can now login <a href="login.php">here</a>.';
}else {
unset($_GET['action']);
}
}else {
$_SESSION['error'] = "Username and or Password was not supplied.";
unset($_GET['action']);
}
break;
}
}
if (loggedIn()) {
$sOutput .= '<h2>Already Registered</h2>
You have already registered and are currently logged in as: ' . $_SESSION['username'] . '.
<h4>Would you like to <a href="login.php?action=logout">logout</a>?</h4>
<h4>Would you like to go to <a href="index.php">site index</a>?</h4>';
}elseif (!isset($_GET['action'])) {
$sUsername = "";
if (isset($_POST['username'])) {
$sUsername = $_POST['username'];
}
$sError = "";
if (isset($_SESSION['error'])) {
$sError = '<span id="error">' . $_SESSION['error'] . '</span><br />';
}
$sOutput .= '<h2>Register for this site</h2>
' . $sError . '
<form name="register" method="post" action="' . $_SERVER['PHP_SELF'] . '?action=register">
Username: <input type="text" name="username" value="' . $sUsername . '" /><br />
Password: <input type="password" name="password" value="" /><br /><br />
<input type="submit" name="submit" value="Register!" />
</form>
<br />
<h4>Would you like to <a href="login.php">login</a>?</h4>';
}
$sOutput .= '</div>';
echo $sOutput;
?>
require($_SERVER['DOCUMENT_ROOT'] . 'login/includes/config.php');
$sOutput .= '<div id="register-body">';
if (isset($_GET['action'])) {
switch (strtolower($_GET['action'])) {
case 'register':
if (isset($_POST['username']) && isset($_POST['password'])) {
if (createAccount($_POST['username'], $_POST['password'])) {
$sOutput .= '<h1>Account Created</h1><br />Your account has been created.
You can now login <a href="login.php">here</a>.';
}else {
unset($_GET['action']);
}
}else {
$_SESSION['error'] = "Username and or Password was not supplied.";
unset($_GET['action']);
}
break;
}
}
if (loggedIn()) {
$sOutput .= '<h2>Already Registered</h2>
You have already registered and are currently logged in as: ' . $_SESSION['username'] . '.
<h4>Would you like to <a href="login.php?action=logout">logout</a>?</h4>
<h4>Would you like to go to <a href="index.php">site index</a>?</h4>';
}elseif (!isset($_GET['action'])) {
$sUsername = "";
if (isset($_POST['username'])) {
$sUsername = $_POST['username'];
}
$sError = "";
if (isset($_SESSION['error'])) {
$sError = '<span id="error">' . $_SESSION['error'] . '</span><br />';
}
$sOutput .= '<h2>Register for this site</h2>
' . $sError . '
<form name="register" method="post" action="' . $_SERVER['PHP_SELF'] . '?action=register">
Username: <input type="text" name="username" value="' . $sUsername . '" /><br />
Password: <input type="password" name="password" value="" /><br /><br />
<input type="submit" name="submit" value="Register!" />
</form>
<br />
<h4>Would you like to <a href="login.php">login</a>?</h4>';
}
$sOutput .= '</div>';
echo $sOutput;
?>
config.php
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
<?php
session_start();
$sFolder = 'login';
mysql_connect('localhost', 'root', '') or trigger_error("Unable to connect to the database: " . mysql_error());
mysql_select_db('login') or trigger_error("Unable to switch to the database: " . mysql_error());
****************/
define('SALT1', '24859f@#$#@$');
define('SALT2', '^&@#_-=+Afda$#%');
require_once($_SERVER['DOCUMENT_ROOT'] . $sFolder . '/includes/functions.php');
$_SESSION['error'] = "";
$sOutput="";
?>
session_start();
$sFolder = 'login';
mysql_connect('localhost', 'root', '') or trigger_error("Unable to connect to the database: " . mysql_error());
mysql_select_db('login') or trigger_error("Unable to switch to the database: " . mysql_error());
****************/
define('SALT1', '24859f@#$#@$');
define('SALT2', '^&@#_-=+Afda$#%');
require_once($_SERVER['DOCUMENT_ROOT'] . $sFolder . '/includes/functions.php');
$_SESSION['error'] = "";
$sOutput="";
?>
functions.php
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
<?php
function createAccount($pUsername, $pPassword) {
if (!empty($pUsername) && !empty($pPassword)) {
$uLen = strlen($pUsername);
$pLen = strlen($pPassword);
$eUsername = mysql_real_escape_string($pUsername);
$sql = "SELECT username FROM users WHERE username = '" . $eUsername . "' LIMIT 1";
$query = mysql_query($sql) or trigger_error("Query Failed: " . mysql_error());
if ($uLen <= 4 || $uLen >= 11) {
$_SESSION['error'] = "Username must be between 4 and 11 characters.";
}elseif ($pLen < 6) {
$_SESSION['error'] = "Password must be longer then 6 characters.";
}elseif (mysql_num_rows($query) == 1) {
$_SESSION['error'] = "Username already exists.";
}else {
$sql = "INSERT INTO users (`username`, `password`) VALUES ('" . $eUsername . "', '" . hashPassword($pPassword, SALT1, SALT2) . "');";
$query = mysql_query($sql) or trigger_error("Query Failed: " . mysql_error());
if ($query) {
return true;
}
}
}
return false;
}
function hashPassword($pPassword, $pSalt1="2345#$%@3e", $pSalt2="taesa%#@2%^#") {
return sha1(md5($pSalt2 . $pPassword . $pSalt1));
}
function loggedIn() {
if (isset($_SESSION['loggedin']) && isset($_SESSION['username'])) {
return true;
}
return false;
}
function logoutUser() {
unset($_SESSION['username']);
unset($_SESSION['loggedin']);
return true;
}
function validateUser($pUsername, $pPassword) {
$sql = "SELECT username FROM users
WHERE username = '" . mysql_real_escape_string($pUsername) . "' AND password = '" . hashPassword($pPassword, SALT1, SALT2) . "' LIMIT 1";
$query = mysql_query($sql) or trigger_error("Query Failed: " . mysql_error());
if (mysql_num_rows($query) == 1) {
$row = mysql_fetch_assoc($query);
$_SESSION['username'] = $row['username'];
$_SESSION['loggedin'] = true;
return true;
}
return false;
}
?>
function createAccount($pUsername, $pPassword) {
if (!empty($pUsername) && !empty($pPassword)) {
$uLen = strlen($pUsername);
$pLen = strlen($pPassword);
$eUsername = mysql_real_escape_string($pUsername);
$sql = "SELECT username FROM users WHERE username = '" . $eUsername . "' LIMIT 1";
$query = mysql_query($sql) or trigger_error("Query Failed: " . mysql_error());
if ($uLen <= 4 || $uLen >= 11) {
$_SESSION['error'] = "Username must be between 4 and 11 characters.";
}elseif ($pLen < 6) {
$_SESSION['error'] = "Password must be longer then 6 characters.";
}elseif (mysql_num_rows($query) == 1) {
$_SESSION['error'] = "Username already exists.";
}else {
$sql = "INSERT INTO users (`username`, `password`) VALUES ('" . $eUsername . "', '" . hashPassword($pPassword, SALT1, SALT2) . "');";
$query = mysql_query($sql) or trigger_error("Query Failed: " . mysql_error());
if ($query) {
return true;
}
}
}
return false;
}
function hashPassword($pPassword, $pSalt1="2345#$%@3e", $pSalt2="taesa%#@2%^#") {
return sha1(md5($pSalt2 . $pPassword . $pSalt1));
}
function loggedIn() {
if (isset($_SESSION['loggedin']) && isset($_SESSION['username'])) {
return true;
}
return false;
}
function logoutUser() {
unset($_SESSION['username']);
unset($_SESSION['loggedin']);
return true;
}
function validateUser($pUsername, $pPassword) {
$sql = "SELECT username FROM users
WHERE username = '" . mysql_real_escape_string($pUsername) . "' AND password = '" . hashPassword($pPassword, SALT1, SALT2) . "' LIMIT 1";
$query = mysql_query($sql) or trigger_error("Query Failed: " . mysql_error());
if (mysql_num_rows($query) == 1) {
$row = mysql_fetch_assoc($query);
$_SESSION['username'] = $row['username'];
$_SESSION['loggedin'] = true;
return true;
}
return false;
}
?>
Gewijzigd op 19/11/2013 16:20:16 door Bradley verbrugge
Dit gebeurd ook veel met bijvoorbeeld administrators en gebruikers.
Aan de hand van de status kun je dus ook bepaalde gebruikers naar een andere pagina verwijzen
Ik snap niet wat je probleem is.
Het helpt ook altijd wanneer je code post.
Bij de gebruikers kun je nu de status gaan toevoegen.
gebruiker1 krijgt bijvoorbeeld status: simpel
gebruiker2 krijgt bijvoorbeeld status: geavanceerd
Dit kun je ook met alleen nummers doen dus een 1 voor simpel en een 2 voor geavanceerd
Tijdens het controleren van de gebruikersnaam en het wachtwoord kun je dan ook de status ophalen en dan de gebruiker met status simpel stuur je door naar de simpele pagina en de geavanceerde gebruiker stuur je door naar geavanceerd.php
Ik neem aan dat je ook met sessies werkt om te kijken of iemand is ingelogd? Sla dan de status na correcte login ook op in de sessie, dan hoef je m niet steeds opnieuw te controleren als de gebruiker door je website surft.
edit: zie nu je code dus je werkt inderdaad met sessies
Gewijzigd op 19/11/2013 16:21:03 door Q S
hoeveel verschillende ranks zijn er?
user -- normale gebruiker
admin -- ik dus :-)
Mag ik misschien een beetje uitleg? hoe moet ik dit in me login toepassen?
is het erbij zetten
Code (php)
1
2
3
2
3
if($status == 3){
header("admin.php");
}
header("admin.php");
}
Laat me even het principe vertellen van de login/user module van drupal.org.
Er zijn twee dingen: roles en permissions.
Roles zijn bv. 'moderator', 'geregistreerde', 'admin', 'auteur', ...
permissions zijn 'dingen die men mag doen'
bv. 'een nieuw artikel aanmaken', 'een artikel verwijderen', 'een pagina aanpassen', ...
Je maakt dus een lijst met alle mogelijke permissions.
Je maakt een lijst met alle mogelijke Roles.
En dan de koppeling:
* Maak een koppeltabel 'user_role': die koppelen een gebruiker aan 1 of meerdere rollen die ze krijgen (krijgen via de Admin)
* Maak een koppeling 'permission_role':
Daarin zeg je bv.:
Een 'Auteur' mag 'een nieuw artikel aanmaken'
Een 'Auteur' mag 'artikels van zich zelf aanpassen'
Een 'Moderator' mag 'artikels van gelijk wie aanpassen'
Een 'Admin' mag ... Alles.
* Dan moet je nog de koppeling maken tussen de navigatie van je site en de permissions.
bv. Iemand die (via de koppelingen) niet de permission 'een nieuw artikel aanmaken' heeft, hoort geen toegang te hebben tot de pagina met het formulier voor het maken van een nieuw artikel.
Om je toch nog even iets verder te helpen
Je moet je functie validateUser eerst aanpassen want je systeem weet nog niks van de toegevoegd rank
zoals je waarschijnlijk al bedacht had hoef je de rank guest niet op te slaan ;-)
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
<?php
function validateUser($pUsername, $pPassword) {
$sql = "SELECT username, rank FROM users
WHERE username = '" . mysql_real_escape_string($pUsername) . "' AND password = '" . hashPassword($pPassword, SALT1, SALT2) . "' LIMIT 1";
$query = mysql_query($sql) or trigger_error("Query Failed: " . mysql_error());
if (mysql_num_rows($query) == 1) {
$row = mysql_fetch_assoc($query);
$_SESSION['username'] = $row['username'];
$_SESSION['rank'] = $row['rank'];
$_SESSION['loggedin'] = true;
return true;
}
return false;
}
?>
function validateUser($pUsername, $pPassword) {
$sql = "SELECT username, rank FROM users
WHERE username = '" . mysql_real_escape_string($pUsername) . "' AND password = '" . hashPassword($pPassword, SALT1, SALT2) . "' LIMIT 1";
$query = mysql_query($sql) or trigger_error("Query Failed: " . mysql_error());
if (mysql_num_rows($query) == 1) {
$row = mysql_fetch_assoc($query);
$_SESSION['username'] = $row['username'];
$_SESSION['rank'] = $row['rank'];
$_SESSION['loggedin'] = true;
return true;
}
return false;
}
?>
Nu kun je aan de hand van $_SESSION["rank"] op verschillende manieren te werk gaan.
Je kunt inderdaad iets doen als
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
<?php
if (isset($_GET['action'])) {
switch (strtolower($_GET['action'])) {
case 'login':
if (isset($_POST['username']) && isset($_POST['password'])) {
if (!validateUser($_POST['username'], $_POST['password'])) {
$_SESSION['error'] = "Bad username or password supplied.";
unset($_GET['action']);
}
}else {
if($_SESSION["rank"] == 2){
header("Location: user.php");
}
if($_SESSION["rank"] == 3){
header("Location: admin.php");
}
//deze error snap ik niet helemaal want de gebruikers logt in met de juiste gegevens dus deze error is niet meer nodig lijkt me
$_SESSION['error'] = "Username and Password are required to login.";
unset($_GET['action']);
}
break;
case 'logout':
if (loggedIn()) {
logoutUser();
$sOutput .= '<h1>Logged out!</h1><br />You have been logged out successfully.
<br /><h4>Would you like to go to <a href="index.php">site index</a>?</h4>';
}else {
unset($_GET['action']);
}
break;
}
}
?>
if (isset($_GET['action'])) {
switch (strtolower($_GET['action'])) {
case 'login':
if (isset($_POST['username']) && isset($_POST['password'])) {
if (!validateUser($_POST['username'], $_POST['password'])) {
$_SESSION['error'] = "Bad username or password supplied.";
unset($_GET['action']);
}
}else {
if($_SESSION["rank"] == 2){
header("Location: user.php");
}
if($_SESSION["rank"] == 3){
header("Location: admin.php");
}
//deze error snap ik niet helemaal want de gebruikers logt in met de juiste gegevens dus deze error is niet meer nodig lijkt me
$_SESSION['error'] = "Username and Password are required to login.";
unset($_GET['action']);
}
break;
case 'logout':
if (loggedIn()) {
logoutUser();
$sOutput .= '<h1>Logged out!</h1><br />You have been logged out successfully.
<br /><h4>Would you like to go to <a href="index.php">site index</a>?</h4>';
}else {
unset($_GET['action']);
}
break;
}
}
?>
Code (php)
1
2
2
ALTER TABLE Koppeltabel
ADD PRIMARY KEY (ranks, perms)
ADD PRIMARY KEY (ranks, perms)
