Implement a simple authorization login system. MySQL required.
2009-07-18
MySQL table structure
CREATE TABLE auth (
username VARCHAR(100) default '' NOT NULL,
password VARCHAR(100) default '' NOT NULL,
PRIMARY KEY (username),
KEY (password)
)
auth.php
<?php
# -------------------------------------------------------------------------------------------
ob_start();
session_name('auth');
session_start();
# -------------------------------------------------------------------------------------------
define('TIMEOUT', 60); # seconds
# database connect
# -------------------------------------------------------------------------------------------
$link = mysqli_connect('localhost', 'username', 'password', 'database_name');
// mysqli_set_charset($link, 'utf8');
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
# make it safe
# -------------------------------------------------------------------------------------------
function escape_data($data) {
global $link;
if (ini_get('magic_quotes_gpc')): $data = stripslashes($data); endif;
return mysqli_real_escape_string($link, trim($data));
}
# seek and destroy
# -------------------------------------------------------------------------------------------
function endsession() {
session_name('auth');
session_start();
$_SESSION = array();
session_destroy();
setcookie(session_name('auth'), '', time()-3600, '/');
}
# auth request
# -------------------------------------------------------------------------------------------
function auth() {
if ($_GET['logout'] == 1):
endsession();
header('location: index.php?message=logout_complete');
return true;
endif;
# -------------------------------------------------------------------------------------------
if (array_key_exists('login', $_POST)):
global $link;
$username = escape_data($_POST['username']);
$password = escape_data($_POST['password']);
$pepper = sha1($password);
$query = "SELECT username FROM auth WHERE username = '$username' AND password = '$pepper'";
$result = mysqli_query($link, $query);
if (mysqli_num_rows($result)):
session_name('auth');
session_start();
$_SESSION['auth'] = 1;
$_SESSION['auth_time'] = time() + TIMEOUT;
header('location: simple-page.php');
return true;
else:
header('location: index.php?message=auth_mismatch');
return false;
endif;
endif;
# -------------------------------------------------------------------------------------------
if (time() > intval($_SESSION['auth_time'])):
endsession();
header('location: index.php?message=timeout');
return false;
else:
$_SESSION['auth_time'] = time() + TIMEOUT;
return true;
endif;
# -------------------------------------------------------------------------------------------
if (!$_SESSION['auth']):
endsession();
header('location: index.php?message=auth_required');
return false;
endif;
} # function end
auth();
ob_flush();
?>
login page ( index.php )
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>login page</title>
</head>
<body>
<pre>
<form method="post" action="auth.php">
username: <input type="text" id="username" name="username">
password: <input type="password" id="password" name="password">
<input type="submit" name="login" value="login">
</form>
<hr />
<?php echo $_GET['message']; ?>
</pre>
</body>
</html>
simple-page.php
<?php
require('auth.php');
?>
<html>
<head>
<!--
if js is enable, a call to google api forces a
browser history refresh. - a bit of a hack here.
-->
<script type="text/javascript" src="http://www.google.com/jsapi"></script>
<script type="text/javascript">google.load('jquery', '1.3.2');</script>
</head>
<body>
Hello world from foo and bar.
<hr />
<a href="auth.php?logout=1">logout</a>
</body>
</html>