[script] Password Protect web pages/site using PHP and MySQL

JdS · #1 23-Jul-2003, 11:02

The 'engine' behind this Password Protect web pages / sites using PHP script:

PHP Code:


<?php
/**
  * @domain:    DESILVA.BIZ      
  * @file:      EXAMPLE_SESSION_FUNCTIONS.PHP      
  * @author:    J de Silva
  * @website:   [url]www.desilva.biz[/url]
  * @email:     scripts[AT]desilva[DOT]biz
  * @copyright: Gen.I designs
  * @date:      July 24th, 2003
  * @version:   n/a
  * @about:    The 'engine' behind a simple PHP / MySQL session based
                login / password protecting web pages script. Contains
                key functions for the LOGIN system.
  *              
/*===================================*/

ini_set( 'session.name', 's' );

/* the URL to the login page is defined... */
define( 'URL_LOGIN_PAGE', '/example_login.php' );

// start the session...
session_start();

/* One of the main functions of this included script is
   to check that the page including this script is
   being used by a valid user. There is ONE exception:
   when the person is actually LOGGING IN.  */    
if( !defined('LOGGING_IN') )
{
  verify_if_valid_user();
}

/* All the relevant functions are listed below. */
//------------------------------------------------
function match_user_in_db( $user, $pass )
{
  // it would be wiser for you to connect to the db using
  // a custom function here but for the purpose of this tutorial
  // I am including the connection right here...
  $conn = mysql_connect( 'localhost', 'root', '' );

  mysql_select_db( 'mw' );
  $sql = 'SELECT `username`
          FROM `account`
          WHERE `username` = "'.$user.'"
          AND `password` = "'.$pass.'"';
  $result = mysql_query( $sql, $conn );
  if( mysql_num_rows($result)==1 )
  {
    $_SESSION['valid_user'] = mysql_result( $result, 0, 0 );
    /* the php.ini setting for 'session.use_trans_sid' should be 1
       for the following line to work, so if this script doesn't seem
       to be working well for you, you know where to look!  */
    die( header('location:/example_secret_page_1.php?'.SID) );
  }
  else
  {
    die( header('location:'.URL_LOGIN_PAGE) );
  }
}

function process_login()
{
  /* Used ONLY in the LOGIN page. */
  $username = mysql_escape_string( trim($_POST['username']) );
  /* if you store the passwords without using md5,
    of course, edit the following line too. */
  $password = md5( trim($_POST['password']) );
  match_user_in_db( $username, $password );  
}

function process_logout()
{
  /* used ONLY in the LOGOUT page.  */
  session_destroy();
  unset( $_SESSION );
  die( header('location:'.URL_LOGIN_PAGE) );  
}

function verify_if_valid_user()
{
  if( !isset($_SESSION['valid_user']) )
  {
    // user not logged in yet!
    // re-direct them to the login page
    die( header('location:'.URL_LOGIN_PAGE) );
  }
}
?>

The sample LOGIN page:

PHP Code:


<?php
// FILENAME: EXAMPLE_LOGIN.PHP
// ---------------------------------------

if( isset($_POST['user_login']) )
{
  define( 'LOGGING_IN', true );
  // include the 'session functions' file
  include_once( './example_session_functions.php' );
  process_login();
}
else
{
?>
<html>
<head>
<title>Login Page</title>
</head>
<body>
<h1>Login Here</h1>
<form name="loginform" id="loginform" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
  <p>
    <input name="username" type="text" id="username" size="30" maxlength="30" />
    Username</p>
  <p> 
    <input name="password" type="password" id="password" size="30" maxlength="30" />
    Password</p>
  <p>
    <input type="submit" name="user_login" value="Submit" />
  </p>
</form>
</body>
</html>
<?php
}
?>

The sample LOGOUT page:

PHP Code:


<?php
// FILENAME: EXAMPLE_LOGOUT.PHP
// ---------------------------------------

include_once( './example_session_functions.php' );
process_logout();
?>

The sample SECRET PAGE page:

PHP Code:


<?php
// FILENAME: EXAMPLE_SECRET_PAGE_1.PHP
// ---------------------------------------

// include the 'session functions' file
include_once( './example_session_functions.php' );
?>
<html>
<head>
<title>Secret Page 1</title>
</head>
<body>
<h1>Secret 1</h1>
<p>Hello <strong><?php echo $_SESSION['valid_user']; ?></strong>,</p>
<p>Just one secret here.</p>
<ul>
  <li><a href="/example_secret_page_2.php">Go to Page 2</a></li>
  <li><a href="/example_secret_page_1.php">Go to Secret Page homepage</a></li>
  <li><a href="/example_logout.php">Logout</a></li>
</ul>
</body>
</html>

The sample SECRET PAGE 2 page:

PHP Code:


<?php
// FILENAME: EXAMPLE_SECRET_PAGE_2.PHP
// ---------------------------------------

// include the 'session functions' file
include_once( './example_session_functions.php' );
?>
<html>
<head>
<title>Secret Page 2</title>
</head>
<body>
<h1>Secret 2</h1>
<p>Hello <strong><?php echo $_SESSION['valid_user']; ?></strong>,</p>
<p>Just another secret here.</p>
<ul>
  <li><a href="/example_secret_page_2.php#">Go to Page 3</a></li>
  <li><a href="/example_secret_page_1.php">Go to Secret Page homepage</a></li>
  <li><a href="/example_logout.php">Logout</a></li>
</ul>
</body>
</html>

If you have any problems following this script or would simply like to make a suggestion, follow the discussion here: Using PHP sessions to password-protect web pages.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Rate This Thread
Rate This Thread:

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
PHP sessions problem	andy	MySQL / PHP Forum	19	18-Jan-2007 12:34
FREE 25 MB, No Ads, Control Panel, ASP, ColdFusion, PHP, MySQL, Access Hosting	rkmails	Free Web Hosting	0	08-Sep-2003 06:49
600MB Space, 20GB Banwidth, PHP, MySQL, CGI, SSH, FrontPage, FTP, POP3, Web Mail	fcolor	Web Hosting Advertisements & Offers	0	08-Aug-2003 11:11
Windows: From only £20p/y,Linux: from $10p/m. ASP, ASP.NET, PHP, Free MySQL, +More	EyotaHosts	Web Hosting Advertisements & Offers	0	28-Jun-2003 14:54
On Discount: 20GB Transfer, 600MB Space, Perl, PHP, MySQL, JSP, Unlimited POP3, FTP	fcolor	Web Hosting Advertisements & Offers	0	06-Oct-2002 09:15