Mega Code Archive

 

Categories / Php / User Management

 

Extended password control

<?php # This bit of code may be freely used on condition that I will not be responsible for any mishap it might cause # If $pass_stop = 1, check if you can log in, but do not exit!! Do not ask HTTP Password! # Required - sometimes you want to show a page whether user is logged in or not to know which message to send. # Password checking via # 1 Form input # 2 HTTP input # 3 Cookie return # Cookie set at end to last 1 year # 1 overides 2 overrides 3 # Variables for form: # f_userID User ID # f_pass Password # rem_cookie Remember username and password for the future in a cookie? (if 1 yes else no) $logged_in = false; # Function to request http password. function http_pass(){ GLOBAL $pass_stop; if ($pass_stop != 1){ $unauthstring = "You did not enter a valid Username/Password combination<p> Header("WWW-Authenticate: Basic realm=\"Registered users Only\""); Header("HTTP/1.0 401 Unauthorized"); echo "$unauthstring"; exit; } # if ($pass_stop == 1) } # end function http_pass # set some control variables $userID = ''; $passwd = ''; $userstat = ''; # Is form variable set? # if so set process variables and skip http and cookies if ((isset($f_userID)) && (isset($f_pass))) { $userID = $f_userID; $passwd = $f_pass; $userstat = 1; } # end ((isset($f_userID) && isset($f_pass)) # Is HTTP variable set? # if so set process variables and skip cookies if (isset($PHP_AUTH_USER) && isset($PHP_AUTH_PW) && ($userstat == '')) { $userID = $PHP_AUTH_USER; $passwd = $PHP_AUTH_PW; $userstat = 1; } # end if ((isset($PHP_AUTH_USER) && isset($PHP_AUTH_PW) && ($userstat == '')) # Is Cookie variable set? # if so set process variables if (isset($download) && ($userstat == '')) { $tt1 = explode("|",$download); $userID = $tt1[0]; $passwd = $tt1[1]; $userstat = 1; } # end ((isset($download) && ($userstat == '')) # If no username or password - ask for it! And exit if ($userstat == '') {http_pass(); } # Now we should have a username/password combination # is it valid?? # Connect to DB $db = mysql_connect("localhost", "root", ""); if ( mysql_select_db("userDB",$db) ) { # Connect Ok ; } else { echo "Failed to connect to database<p>";exit;}; # get data from DB $query = "SELECT * FROM users WHERE uname = '$userID'"; $result = mysql_query($query); if ($result) { $x=1;} else {echo "PASSWORD SEARCH FAILED<p> result= $result<br> sql = $query <p>";}; if ($memberrow = mysql_fetch_array($result)) { $dbpasswd = $memberrow["passwd"]; $userpasswd = md5($passwd); if (!$userid) { $userid= $memberrow["uname"]; } ; if ($dbpasswd != $userpasswd) {http_pass();} #End if ($dbpasswd == $userpasswd) {$logged_in=true;} } # End if (!$userid) { $userid= $memberrow["uname"]; } else { http_pass;} #Ende else memberrow # Now we know who this guy is! # Set cookie for future # If not set - did he give permission? # If set, rewrite with new expiry date $cookie_value = $userID.'|'.$passwd; if ($logged_in && (($rem_cookie == 1) || isset($download))) {SetCookie("download",$cookie_value,time()+31622400); # Set Cookie for 366 days $download= $cookie_value; } ?> #Use this form snippet to provide the user with a login screen. <?php include('Code_Above'); # Login insert ?> <form action="<?php echo $PHP_SELF; ?>" method="POST"> <table border=0 cellpadding=3 cellspacing=3> <tr><td>Username:</td><td><input size="20" name="f_userID"></td></tr> <tr><td>Password:</td><td><input size="20" name="f_passwd"></td></tr> <tr><td colspan=2><input type="submit" value="login"></td></tr> </table> </form>