#1
  1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2000
    Posts
    15
    Rep Power
    0
    hi, i'm relatively new to php/mysql and want to set up a members area where people can login. Can someone tell me how to set up such a script and how the table has to be set up? i want to get it so when the member logs in the url will look like:
    http://jflynn@mydomain.com

    the mysql table i have set up is like this:

    create table member {
    login varchar(50),
    passwrd varchar(10),
    var1 varchar(20),
    var2 tinyint
    };


    I'd also like to be able to pass the 2 variables around to each page they goto without having to use a hidden input field.

    thanks in advance to anyone who can help me!!!

    [This message has been edited by jflynn (edited August 04, 2000).]
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Aug 2000
    Location
    Indiana
    Posts
    614
    Rep Power
    16
    Use the .htaccess method to protect the directory, then use the environment variable $REMOTE_USER (this will be the user name entered).

    .htaccess method is also how you get http://user@domain.com

    Example: http://user:adminpass@domain.com would have user and the $REMOTE_USER. (you can not include the password and it will ask for it.) it will also never put the password into an environment variable.

    I hope this is what you wanted!

    [This message has been edited by JonLed (edited August 04, 2000).]

    [This message has been edited by JonLed (edited August 04, 2000).]
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2000
    Posts
    33
    Rep Power
    15
    Ok, I'm going to try to show you how I used to do my user authentication, recently I developed a method where I generate my own session id and pass it around, but if you have a site with information that isn't too critical this should work for you.

    First off you have your login form (in my example, I'll call it index.php)

    -index.php----------------------------

    <?
    session_start();
    if (!isset($SESSION)) {
    session_register(SESSION);
    $SESSION["logged"]=false;
    }
    ?>

    <html>
    <body bgcolor="#FFFFFF">
    <form method="post" action="login.php">
    <table>
    <tr>
    <td><font size="2">Login:</font></td>
    <td><input type="text" name="login" size="10" maxlength="16"></td>
    </tr>
    <tr>
    <td><font size="2">Password:</font></td>
    <td><input type="password" name="password" size="10" maxlength="16"></td>
    </tr>
    <tr>
    <td colspan="2"><div align="center"><input type="submit" value="Login"></div></td>
    </tr>
    </table>
    </form>
    </body>
    </html>

    --------------------------------------

    nothing really spectacular here, a regular form, except for the top.

    next, we have login.php.

    -login.php----------------------------

    <? session_start(); ?>

    <html>
    <body>

    <?
    $db=mysql_connect("databaseip","account","apassword");
    mysql_select_db("users",$db);
    $result=mysql_query("SELECT * FROM users",$db);
    while ($userlist=mysql_fetch_array($result)) {
    if ($userlist["login"] == $login) {
    if ($userlist["password"] == md5($password))
    {
    $SESSION["logged"]=true;
    // successful login, stuff here
    } else {
    // login exists, wrong password
    }
    } else {
    // username does not exist
    }
    }
    ?>

    </html>
    </body>

    --------------------------------------

    this sets the $SESSION["logged"] variable to true which then just needs to be checked like this

    -randomPage.php-----------------------

    <? session_start(); ?>

    <html>
    <body>
    <? if ($SESSION["logged"]==true) { ?>
    You're not logged in. You can login <a href="index.php">here</a>.
    <? } else { ?>
    // page here
    <? } ?>
    </body>
    </html>

    --------------------------------------

    That should pretty much get you started. What I use now is a userAuthentication script I setup which creates a random session id, stores that in a database, and just checks that. It also expires every 5 minutes if it isn't updated. This is however what I used till I wrote that script.

    Good luck...

    -Justin King
    <aeonINTERACTIVE>
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2000
    Posts
    33
    Rep Power
    15
    I almost forgot about the setup of my users table

    CREATE TABLE users (
    login varchar(20) NOT NULL,
    password varchar(50) NOT NULL,
    access tinyint(10) NOT NULL,
    PRIMARY KEY (login),
    KEY login (login),
    UNIQUE login_2 (login)
    );


    I'd dump that nto a mysql database, and when I store users I put in the md5 encryption of their password. This way if anyone accesses the database to view passwords, they're all encrypted. To get the md5 encryption of a password in php you can do md5($string);. If you wish to take out the md5 encryption, just take off the md5 part of login.php.

    -Justin
  8. #5
  9. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2000
    Posts
    15
    Rep Power
    0
    thanx guys i'll give it a try!

IMN logo majestic logo threadwatch logo seochat tools logo