- Login page
- Logout page
- Normal page (check if user login or not)
- Protected page (must be login to view)
Install:
- Install PHP Standard Library
- Install PHP Mysql Library
- Copy all the following files.
login.lib.php:
2 functions, one for redirect page, one for checking username and password.
<?php
// Call before write anything on the html page
function redirectPage( $page = 'index.php' ) {
$url = 'http://' . $_SERVER[ 'HTTP_HOST' ] . dirname( $_SERVER[ 'PHP_SELF' ] );
$url = rtrim( $url, '/\\' ) . '/' . $page;
header( "Location: $url" );
exit();
}
function checkLogin( $dbc, $username, $password ) {
$errors = array();
if ( empty( $username ) ) {
$errors[] = 'Please input the username.';
} else {
$u = trim( $username );
}
if ( empty( $password ) ) {
$errors[] = 'Please input the password.';
} else {
$p = $password;
}
if ( empty( $errors ) ) {
include_once( 'db.php' );
$sql = "SELECT * FROM user WHERE username='$username' AND password='$password';";
$result = $dbc->query( $sql );
if ( $result->num_rows == 1 ) {
$row = $result->fetch_assoc();
return array( true, $row );
} else {
$errors[] = 'Username and password do not match.';
}
}
return array( false, $errors );
}
login.php:
Perform the login action using session.
<?php
include_once( 'stdlib.lib.php' );
include_once( 'db.php' );
include_once( 'login.lib.php' );
$username = http_request( 'username' );
$password = http_request( 'password' );
list( $isLoginOk, $data ) = checkLogin( $db, $username, $password );
if ( $isLoginOk ) {
// set session
session_start();
$_SESSION[ 'userid' ] = $data[ 'id' ];
redirectPage();
} else {
$errors = $data;
}
include( 'loginPage.php' );
loginPage.php:
<?php
if ( isset( $errors ) && !empty( $errors ) ) {
echo '<h1>Error!</h1>';
echo '<p>The following error(s) occurred:<br />';
foreach ( $errors as $msg ) {
echo " - $msg<br />";
}
echo '</p><p>Please try again.</p>';
}
?>
<h1>Login</h1>
<form action="login.php" method="post">
<p>Username: <input type="text" name="username" size="20" /></p>
<p>Password: <input type="password" name="password" size="20" /></p>
<p><input type="submit" name="submit" value="Login" /></p>
</form>
LogoutPage.php:
<?php
session_start();
if ( !isset( $_SESSION[ 'userid' ] ) ) {
echo '<p>You are already logged out!</p>';
} else {
$_SESSION = array();
session_destroy();
echo '<p>You are now logged out!</p>';
}
?>
<a href="index.php">Home</a>
index.php:
Sample of normal pages, use session variable to check if it is login or not.
<?php
session_start();
if ( isset( $_SESSION[ 'userid' ] ) ) {
echo "<p>You are logged in! (userid = {$_SESSION[ 'userid' ]})</p>";
echo '<a href="logoutPage.php">Logout</a>';
} else {
echo '<p>You are not logged in.</p>';
echo '<a href="loginPage.php">Login</a>';
}
?>
<p><a href="mustLoginPage.php">You have to log in to go to this page.</a></p>
loginCheck.php:
Include this file to all protected pages.
<?php
session_start();
if ( !isset( $_SESSION[ 'userid' ] ) ) {
include_once( 'login.lib.php' );
redirectPage( 'loginPage.php' );
}
?>
mustLoginPage.php:
Sample of protected page:
<?php
include_once( 'loginCheck.php' );
?>
<h1>Logged in</h1>
<p>You are now logged in! (userid = <?=$_SESSION[ 'userid' ]?>)</p>
<p><a href="index.php">Home</a></p>
<p><a href="logoutPage.php">Logout</a></p>
No comments:
Post a Comment