PHP Help

[Aercor]

Hello,
I am just starting to learn PHP, and I wanted to make a simple, non-mysql login to guard all my work at school so the noobs wouldn't take my work.

Basically, I have the main login part, I just need two parts added. I can't get my session to work, so I'll stay logged in until the session is destroyed. Secondly, I wanted to make a redirect, if the user is logged in successfully, redirect to blank.php or something.

I will be getting mysql access at school on tuesday, I was wondering how hard it'd be doing that, and having users be able to register and see work I place out for them, not all my stuff though.

Here's a live preview:

You must be registered for see links

• Username: admin
• Password: password

My code:

Index.php:
 
<?php
session_start();
if($_SESSION['username'] == "username"){
header("Location: login.php");
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Login</title>
 
    <!-- Seo Information -->
  <meta name="description" content="Login Page"/>
        <meta name="keywords" content="Login, Page"/>
        <meta name="author" content="Tyler Schramm"/>
        <meta charset="utf-8"/>
 
    <!-- Css Files -->
  <link href="css/style.css" rel="stylesheet" type="text/css"/>
</head>
<body>
<form action="login.php" method="post">
  Username: <input name="username" type="text"><br></br>
        Password: <input name="password" type="password"><br></br>
        <input name="submit" value="Login" type="submit">
    </form>
 
    <div id="footer">
  <p>Copyright 2012 &copy; Tyler Schramm. All rights reserved.</p>
    </div>
</body>
</html>

Login.php:
 
<?php
session_start();
if (isset($_POST['submit'])){
$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];
 
if ($_SESSION['username'] == "admin" && $_SESSION['password'] == "password"){
echo "Well done, you have logged in successfully.";
} else {
echo "Sorry, the login information is incorrect.";
}
}
?>

 

[Khalil]

For the stay logged in untill the session is destroyed, you need to look up for a way to use cookies to guard the session!

and secondly the html redirect is:

<meta HTTP-EQUIV="Refresh" content="0;URL=blank.php">

----------------

You also need to remake the login file.
here you go a quick login.

<?php
if(isset($_POST['submit'])) {
$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];
if(!empty($_SESSION['username']) && !empty($_SESSION['password'])) {
if(mysql_num_rows(mysql_query("SELECT * FROM `your users table name` WHERE username = '".$_SESSION['username']."' AND password = '".md5($_SESSION['password'])."'")) > 0) {
echo "you have successfully logged in!";
} else {
echo "your username or password is wrong!";
}
} else {
echo "please, fill in all the fields!";
}
}
?>

P.S: remove the md5 tag if your password on the users table is not md5 encrypted.

 

[Weasel]

Make a new file security.php, and add:

<?php
session_start();
 
$sUsername = "admin"; // Your username
$sPassword = "password"; // Your password
 
if (!isset($_SESSION['logged_in']))
{
    echo '<h1>Login</h1>';
    if ($_SERVER['REQUEST_METHOD'] == 'POST')
    {
        if (empty($_POST['username']) || empty($_POST['password']))
        {
            echo '<span style="color:red; font-weight: bold">Please fill in all fields!</span>';
        }
        elseif ($_POST['username'] != $sUsername || $_POST['password'] != $sPassword)
        {
            echo '<span style="color:red; font-weight: bold">Your username/password is wrong!</span>';
        }
        else
        {
            header("Refresh: 1");
            $_SESSION['ingelogd'] = true;
            echo '<span style="color:green; font-weight: bold">You are now logged in!</span>';
        }
    }
    else
    {
        exit('You need to log-in to view this page.<br /><br />
        <form method="POST" action=""><p>
        Username:<br />
        <input type="text" name="username" /><br /><br />
        Password:<br />
        <input type="password" name="password" /><br /><br />
        <input type="submit" value="Login" /> <input type="reset" value="Empty fields" />
        </form>');
    }
}
?>

Now every page you want to secure, add the following on top of that page:

<?php
include("security.php");
?>

And if you want a logout page, make logout.php and add:

<?php
unset($_SESSION['logged_in']);
session_destroy();
echo "You have succesfully logged out.";
header ("Refresh: 5; index.php");
?>

And add a link to the logout page in your layout:

<a href="logout.php">Log out</a>

 

[Aercor]

Make a new file security.php, and add:

<?php
session_start();
 
$sUsername = "admin"; // Your username
$sPassword = "password"; // Your password
 
if (!isset($_SESSION['logged_in']))
{
    echo '<h1>Login</h1>';
    if ($_SERVER['REQUEST_METHOD'] == 'POST')
    {
        if (empty($_POST['username']) || empty($_POST['password']))
        {
            echo '<span style="color:red; font-weight: bold">Please fill in all fields!</span>';
        }
        elseif ($_POST['username'] != $sUsername || $_POST['password'] != $sPassword)
        {
            echo '<span style="color:red; font-weight: bold">Your username/password is wrong!</span>';
        }
        else
        {
            header("Refresh: 1");
            $_SESSION['ingelogd'] = true;
            echo '<span style="color:green; font-weight: bold">You are now logged in!</span>';
        }
    }
    else
    {
        exit('You need to log-in to view this page.<br /><br />
        <form method="POST" action=""><p>
        Username:<br />
        <input type="text" name="username" /><br /><br />
        Password:<br />
        <input type="password" name="password" /><br /><br />
        <input type="submit" value="Login" /> <input type="reset" value="Empty fields" />
        </form>');
    }
}
?>

Now every page you want to secure, add the following on top of that page:

<?php
include("security.php");
?>

And if you want a logout page, make logout.php and add:

<?php
unset($_SESSION['logged_in']);
session_destroy();
echo "You have succesfully logged out.";
header ("Refresh: 5; index.php");
?>

And add a link to the logout page in your layout:

<a href="logout.php">Log out</a>

This is great help, thank you very much! Just on more question, can I add more than one user?

 

[Weasel]

Modified security.php for multiple users.

<?php
session_start();
 
$user["admin1"] = "password";
$user["admin2"] = "password";
$user["admin3"] = "password";
 
if (!isset($_SESSION['logged_in']))
{
    echo '<h1>Login</h1>';
    if ($_SERVER['REQUEST_METHOD'] == 'POST')
    {
        if (empty($_POST['username']) || empty($_POST['password']))
        {
            echo '<span style="color:red; font-weight: bold">Please fill in all fields!</span>';
        }
        elseif ($user[$_POST['username']] != $_POST['password'])
        {
            echo '<span style="color:red; font-weight: bold">Your username/password is wrong!</span>';
        }
        else
        {
            header("Refresh: 1");
            $_SESSION['ingelogd'] = true;
            echo '<span style="color:green; font-weight: bold">You are now logged in!</span>';
        }
    }
    else
    {
        exit('You need to log-in to view this page.<br /><br />
        <form method="POST" action=""><p>
        Username:<br />
        <input type="text" name="username" /><br /><br />
        Password:<br />
        <input type="password" name="password" /><br /><br />
        <input type="submit" value="Login" /> <input type="reset" value="Empty fields" />
        </form>');
    }
}
?>