Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Results 1 to 7 of 7
  1. #1
    Senior Member
    Join Date
    Apr 2005
    Location
    Hatfield, England
    Posts
    855
    Member #
    9790
    Erm... how?

    So i am making an admin panel with only 1 user. I do need a method to register, recover password etc etc.

    I just need to understand how you create a method for a user to stay logged in.

    The only way i know of is to set a cookie with the username and password. As they load the page the information can be taken from the cookie, compare it to the db then the user can be logged in. The problem with this is that it is about as secure as a house with no doors and windows...

    I have looked at various tutorials and blocks of code, they are all really long and seem to skip the part saying "Now you need to do this...". I know its something to do with sessions. I am just looking for the stripped down basic's of how this works. I can then build everything else I need around it.

    Can someone talk me through the basics of setting this up.

    Currently I have..

    - user inputs username and password
    - db checks username and password against user table
    - if yes...

  2.  

  3. #2
    WDF Staff mlseim's Avatar
    Join Date
    Apr 2004
    Location
    Cottage Grove, Minnesota
    Posts
    7,715
    Member #
    5580
    Liked
    717 times
    Perad ....

    1)
    Your user inputs a username and password on a form,
    which calls a PHP script named "login.php"

    2)
    That "login.php" script looks like this:

    PHP Code:
    <?php
    session_start
    ();

    //variables from your HTML log-in form.
    $pass $_POST['pass'];
    $name $_POST['name'];

    //this part, you check your database for the correct password ...
    //not sure how you do that, but if the variables $pass and $name
    //match your database, then register the session with a $userid, or
    //something from your database that identifies the user.

    if($pass === "the correct password"){
    session_register(user);
    $user $userid;
    $flag 1;
    }
    else{
    $flag 0;
    }

    //this part can goto an admin page or do something if
    //the user is logged-in.   Otherwise, it can return back to
    //your HTML form with or without an error message ...
    //however you want to do that.

    if($flag==1){
    header ("location: admin.php");
    }
    else{
    $mess="<h2>Sorry, we cannot find that member ...</h2>";
    header ("location: myform.php?mess=$mess");
    }
    ?>

    Now, on every other PHP page you have, you start with this.
    It checks the user session to see if $user has been set (they are logged-in).
    It can drop through (do nothing) and display the page, or it will see that
    the user is not logged-in and return back to the main page ...

    PHP Code:
    <?php
    session_start
    ();
    if(
    session_is_registered("user")){
    //do nothing
    }
    else{
    header ("location: index.php");
    }

    the rest of your page here

    ?>

    EDIT:

    To log-out, the user closes their browser or this script is executed:
    PHP Code:
    <?php
    if(session_start()){  
    session_destroy();}
    header ("location: index.php");
    ?>


  4. #3
    Senior Member Eddy Bones's Avatar
    Join Date
    Jan 2004
    Location
    Washington, USA
    Posts
    1,054
    Member #
    4651
    Do you mean "stay logged in" as being able to close the browser, come back tomorrow, and still be logged in? If so, you won't be able to do that with sessions. The above works as long as you keep the browser open, but that's the extend of the session's life.

  5. #4
    WDF Staff mlseim's Avatar
    Join Date
    Apr 2004
    Location
    Cottage Grove, Minnesota
    Posts
    7,715
    Member #
    5580
    Liked
    717 times
    And Yes, Eddy is right ... I don't know if you wanted them to stay logged-in.


  6. #5
    Senior Member rosland's Avatar
    Join Date
    Jul 2003
    Location
    Norway
    Posts
    1,944
    Member #
    2096
    You're a bit cryptic with regard to what you want to achieve.

    As others has already pointed out, you are not specifying wether you want people to come back the following day, and still be logged in, or you mean that changing a page retains your login status.

    With regard to cookies, you don't have to store the username/password. You could just store a session hash, that would match a similar authentication approval.

    If you use sessions (at least with PHP), that would normally generate a cookie (primarily), and a rewriting of all POST links secondarily (to transfer the approved hash).

    If you choose the cookie way, you can set the cookie to expire upon browser closure, upon leaving the site, upon expiring a certain time limit, or whatever.

    There are several ways. Sessions are normally the easiest way, as they would normally instantiate a cookie holding ony the session hash, and nothing more. It all depends on how secure you want your site to be.

    Normal session hashes are secure enough for anything but bank transactions.
    S. Rosland

  7. #6
    Senior Member
    Join Date
    Apr 2005
    Location
    Hatfield, England
    Posts
    855
    Member #
    9790
    Sorry for being a bit vague in what i wanted. I was after a way to navigate my site while staying logged in.

    Thanks a lot for the code mlseim, it took me about 5 seconds to get working and about 5 minutes to make do what i want it to.

    Now if there is a session I can navigate my admin panel, if not i automatically get redirected to the log-in page. It's uber cool

    A quick question... if i just close my browser instead of logging out. Does that present any security issues?

  8. #7
    Senior Member rosland's Avatar
    Join Date
    Jul 2003
    Location
    Norway
    Posts
    1,944
    Member #
    2096
    Quote Originally Posted by Perad
    A quick question... if i just close my browser instead of logging out. Does that present any security issues?
    No it shouldn't.
    The cookie that holds the session data (automatically set by session_start() ), holds the expire value '0' by default, which means the cookie expires/dies the second the browser is closed.
    S. Rosland


Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT -6. The time now is 09:57 AM.
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com