How to do login-able websites?

resetreset · 03-20-2010, 09:20 AM

Hi,
How do I do a website you can log in to? I've read up on cookies in PHP, but I still find the above scenario a bit hard to implement. Can anyone help me?

Thanks.

graemef · 03-20-2010, 09:33 AM

You don't hold the details on a cookie but as part of the session variable. It can be as simple as a boolean variable held in the session variable, call it $_SESSION['loggedIn'] and set it to false. Once the user has successfully logged in change it to true. Wherever in your code you need to know if the user is logged in check this session variable.

That's the basics, obviously there is lots you can do once the basic code is in place, such as an activity check to log the user out after a certain amount of inactivity.

bigearsbilly · 03-21-2010, 03:14 PM

it's easy to do it using apache authentication.
look at apache.org.
apache will ask for the password for you.

devnull10 · 03-21-2010, 03:49 PM

Cookies are generally used to maintain the login once the user has closed the browser. Sessions are generally used to maintain the login for the current... session!

So - if you are ok with just the current session (ie, user has to log in each time) then you just need to set up the session.

You will want some code to process the login, check the username/pass against a database probably and then if the credentials are ok, load the various values you want into the session variables.

I find it's often useful to create a page called "session.php" and then include() that at the top of every page I want to be secure. The code in very simplistic terms would be along the lines of:

Code:

if (!isset($_SESSION['username']))
  reDirect("./login.php"); // << I usually code a redirection function rather than writing the headers each time.

CoderMan · 03-22-2010, 05:20 PM

Quote:

Originally Posted by resetreset

Hi,
How do I do a website you can log in to? I've read up on cookies in PHP, but I still find the above scenario a bit hard to implement. Can anyone help me?

Thanks.

PHP makes sessions easy for you. Here is an online tutorial:

http://www.tizag.com/phpT/phpsessions.php

Please keep in mind though, that if you want to program your web site in some language other than PHP, you probably want to learn the sessions system for that language. Many popular languages have session modules or libraries (like Perl's CGI::Session, for example). Best to pick your favorite language now, rather than have to adapt your code to a new language later.

[Side note: you usually don't want to simply use Apache authentication as bigearsbilly mention, because using a real sessions system allows you down the road to store other session information about the user fairly easily.]

frieza · 03-22-2010, 05:36 PM

note you probably also would want to use a mysql database as a backend user accounts
create database for your site with a 'users' table and include a bare minimum
the user id
an md5 hash of their password

then have your login script verify against the database to see if a user is valid or not

recomended also to add some sort of privilege flag to indicate what level of access the user has to your site (either full admin access, standard access, banned etc..)

additional information can be included but not mandatory such as full name, contact info etc..

it all depends on what you want the site to do

http://us2.php.net/manual/en/book.mysqli.php (mysql improved)
http://us3.php.net/manual/en/book.mysql.php (plain mysql)

CoderMan · 03-22-2010, 06:28 PM

PHP also makes mysql fairly easy also:

http://php.net/manual/en/book.mysql.php