Shoutbox

i'm creating an admin area for my site and basically im stuck on the login area...

i know how to create the password check (checking the password entered against the correct password), but i don't know how to code say, 'if the password is right, goto this page, if not, echo w/e'... any ideas?

I once made myselve this class to manage my login pages

[code]<?
class database_connection{

  var $query_id;
  var $link;

  function connect($location, $username, $password, $database){
    $this->link = mysql_connect($location, $username, $password) or die ("Could not Connect: ".mysql_error());
    mysql_select_db($database) or die ('Could not select database: '.mysql_error());
    Return true;
  }
  function query($query){
  $this->query_id = mysql_query($query) or die ('Query failed: '.mysql_error());
  Return true;
  }
  function output(){
    $array = mysql_fetch_array($this->query_id, MYSQL_ASSOC);
    Return $array;
  }
  function closelink(){
    if(!empty($this->query_id)){
      if(is_resource($this->query_id)){
        mysql_free_result($this->query_id);
      }
    }
    mysql_close($this->link);
  }
}


class loginmanager{
 
  function verify(){
    if(empty($_SESSION['ingelogd']) || $_SESSION['ingelogd'] != true){
      $this->makeloginscreen();
    }
  }
  function verify_ERR401(){
    if(empty($_SESSION['ingelogd']) || $_SESSION['ingelogd'] != true){
      header('HTTP/1.0 401 Unauthorized');
      die("HTTP/1.0 401 Unauthorized");
    }
  }
  function makeloginscreen(){
    $con = new database_connection();
    $con->connect("location", "user", "password", "database");
   
    if(isset($_POST['login']) && $_POST['login'] == "yes"){
      if(isset($_POST['username']) && $_POST['username'] != ""){
        $con->query("SELECT * FROM `login` WHERE `username` = '".$_POST['username']."'");
        $num = count($con->query_id);
        if($num <= 1){
          if($num >= 1){
            if(isset($_POST['password']) && $_POST['password'] != ""){
              $USER = $con->output();
              if(md5($_POST['password']) == $USER['password']){    //Succesvol ingelogd
                $_SESSION['ingelogd'] = true;
                $_SESSION['userid'] = $USER['id'];
                $_SESSION['username'] = $USER['username'];
                header("Location: index.php");
              }else{                                                //Onsuccesvol ingelogd
                $_SESSION['ingelogd'] = false;
                header("Location: index.php");
              }
            }
          }else{
            $_SESSION['ingelogd'] = false;
            header("Location: index.php");
          }
        }else{
          die("ERROR, contact the webmaster with your login username about this");
        }
      }
      $con->closelink();
    }elseif(isset($_SESSION['ingelogd']) && $_SESSION['ingelogd'] == true){
      header("Location: index.php");
    }else{
      echo "<form action=\"#\" method=\"post\">\n";
      echo "\t<table>\n";
      echo "\t\t<tr>\n\t\t\t<td>Username:</td>\n\t\t\t<td><input type=\"text\" name=\"username\"></input></td>\n\t\t</tr>\n";
      echo "\t\t<tr>\n\t\t\t<td>Password:</td>\n\t\t\t<td><input type=\"password\" name=\"password\"></input></td>\n\t\t</tr>\n";
      echo "\t\t<input type=\"hidden\" name=\"login\" value=\"yes\">\n";
      echo "\t\t<tr>\n\t\t\t<td colspan=\"2\" align=\"right\"><input type=\"submit\" name=\"submit\" value=\"submit\"></td>\n\t\t</tr>\n";
      echo "\t</table>\n</form>";
    }   
    die();
  }
}
?>[/code]

It also uses a database class I made to make easy database connections.

You can modify or just read the code and learn

BTW: To use, just include the page these classes are in and call the function verify() to see if the user is logged in, if he/she is she will she the page that is made under the verify() call else he/she will see the login form, and with verify_401(), they will see a black page with a 401 Unauthorized header sent to the browser.

EDIT: Reindented the code

Ok, just to note, use a mysql database to check your login details, it is a must and is secure. If you want you can have 'My secret panel of secretness' which you know about .

Also, don't store the passwords in raw text. Use encryption like RSA, or a hash like MD5 or SHA-1.

quote:

---

Originally posted by absorbation
Ok, just to note, use a mysql database to check your login details, it is a must and is secure. If you want you can have 'My secret panel of secretness' which you know about .

---

rofl, yays!! but a few hours too late.. me and ajd (ok, mainly ajd) fixed the problem using just php... (still, if you'd be kind enough to let me have it for learning and eventually upgrading purposes )

quote:

---

Originally posted by RaceProUK
Also, don't store the passwords in raw text. Use encryption like RSA, or a hash like MD5 or SHA-1.

---

yeah, i'm using encryption for the passwords ^_^

anyways, so yeah, i fixed the problem... thanks for the help (and @ erza i've saved that code and i'm going to look over it to help me learn, thanks! )