|
First I must WARN you that I'm not a writer, I can manage your network/server environment and develop web applications using PHP. So, if you notice a [sic] email me. Thanks
Now ...
$ mysqladmin create webusers -uroot -p
$ mysql webusers -uuserid -p
$ webusers>
--- Cut/Paste ---
CREATE TABLE users (
name varchar(80) DEFAULT '' NOT NULL,
password varchar(80) DEFAULT '' NOT NULL,
email varchar(80),
location varchar(100),
phone varchar(100),
type enum('reguser','admin') DEFAULT 'reguser' NOT NULL,
lastlogin varchar(16),
comments text,
PRIMARY KEY (name),
KEY type (type),
KEY passwd (password)
);
Create Global include file...
$ vi incs/global_functions.inc
<?
// Create some variables
$col_bg="9999CC"; // Background color
$col_text="black"; // Text color
$col_link="#505050"; // Text color
$col_vlink="RED"; // Text color
$col_alink="RED"; // Text color
$_connectedfrom = $GLOBALS["REMOTE_ADDR"];
$cur_date=date("l M d, Y"); // current date information
$time=date("H:i:s");
$date=date("d-m-Y");
?>
Create Auth file...
$ vi auth.php
<?
// Take from IRM
// modified by Chauncey Thorn
function AuthCheck($authtype)
{
global $USERName, $USERPass, $db_name, $db_serv, $db_user, $db_passwd;
$f = mysql_connect("$db_serv","$db_user","$db_passwd") or
die("Connection Failed");
mysql_select_db("$db_name") or die("Unable to Select DB");
$query = "SELECT * from users where (name = '$USERName')";
$result = @mysql_query($query,$f);
$password = @mysql_result($result, $i, "password");
if (IsSet($USERName) == FALSE)
{
header("Vary: User-Agent");
?>You were not logged in. (Check your browsers cookies)
<a href="../index.php">Go Back to the login
screen</a>.
<?
mysql_close();
exit();
} else if ($USERPass != md5($password))
{
PRINT "You're supplied password is no longer valid. This is probaly
because you have just changed it and need to log in
again.
<a href=\"../index.php\">Go back</a>.";
mysql_close();
exit();
} else
{
SetCookie("USERName", "$USERName", 0, "/");
SetCookie("USERPass", md5($password), 0, "/");
header("Vary: User-Agent");
if ($authtype == "reguser") {
$query = "SELECT * FROM users WHERE (name = '$USERName')";
$result = @mysql_query($query);
$type = @mysql_result($result, 0, "type");
if ($type != "reguser" && $type != "admin")
{
PRINT "You are not a normal user!";
exit();
}
}
else if ($authtype == "admin") {
$query = "SELECT * FROM users WHERE (name = '$USERName')";
$result = @mysql_query($query);
$typee = @mysql_result($result, 0, "type");
if ($typee != "admin")
{
PRINT "You are not an administrator!";
exit();
}
}
else {
return 0;
}
}
}
?>
Create a login form...
$ vi index.php
<?
include('incs/global_functions.inc');
print "<HTML><HEAD><TITLE>$_title</TITLE>";
print "
<STYLE>
A {text-decoration: none;
color: #EE0000;
font-size: 14pt;
font-family: sans-serif;
}
TR,TD,P,BODY
{font-size: 12pt;
font-family: sans-serif;
}
H2
{font-size: 14pt;
font-family: sans-serif;
}
B
{font-weight: bold; font-family: sans-serif;
}
</STYLE>
";
print "</HEAD>";
print "<BODY
bgcolor=\"$col_bg\" link=\"$col_link\" alink=\"$col_link\">";
print "<TITLE>$_title</TITLE>";
print "
<h3>$_packagename Login $blank$blank Date: $date
Time: $time
<br> Connected from: $_connectedfrom
</h3>
";
?>
<FONT FACE="Arial, Helvetica">
<br>
<form method=post action=login.php>
Username: <input type=text name="name" size=25><br>
Password: <input type=password name="mypassword" size=25>
<br>
<input type=submit value=Login>
</form>
Create a db_connect include file...
$ vi incs/db_connect.php
<?
////////////////////////////
//* Database variables *//
///////////////////////////
$db_serv="localhost";
$db_name="database";
$db_user="userid";
$db_passwd="password";
# ------------------------------------------------------------------------
# Establish Database Connection and debugging
# ------------------------------------------------------------------------
$f = mysql_pconnect("$db_serv","$db_user","$db_passwd");
$verbose_queries=0;
function mysqlquery($db_name,$query)
{
global $verbose_queries;
if ($verbose_queries!=0)
echo $query."<BR>";
$result = mysql($db_name,$query);
return $result;
}
?>
Create login processor...
$ vi login.php
<?
include('incs/db_connect.php');
$logintime = date("mdy H:m:s");
$query = "SELECT * from users where (name = '$name' and password =
password('$mypassword'))";
$result = mysqlquery($db_name,$query) ;
if(!empty($result)) {
if (mysql_numrows($result) == 0)
{
print "Bad username password.";
} else {
$name = mysql_result($result,0,"name");
$password = mysql_result($result,0,"password");
$password = md5($password);
SetCookie("USERName", $name, 0, "/");
SetCookie("USERPass", $password, 0, "/");
$query = "UPDATE users set lastlogin = '$logintime' where name =
'$name'";
$result = mysqlquery($db_name,$query) ;
if(!empty($result)) {
//
}else {
// echo mysql_error() . "<br>\n";
}
header("Location: ./phpscriptname.php");
}
//
}else {
// echo mysql_error() . "<br>\n";
}
?>
Now to use the AuthCheck($authtype);
Put the following code at the very top of every page you want auth.
include('incs/auth.php');
AuthCheck("admin"); For admin or
AuthCheck("reguser"); For regular user
To test login point your browser to index.php enter a userid and password.
Modify the header("Location: "); to point to a test script
I put this page together so I could remember how to add some security to a section of my site or an application. This coupled with mod_ssl could provide a somewhat safe environment.
This is how I compile Apache with mod_ssl
Get the latest versions of mod_ssl andsl
# cd /usr/local/src
# tar -xvzf /path/to/sl-xx.tar.gz
# tar -xvzf /path/to/mod_ssl-xx.tar.gz
# cdsl-xx
# ./config -fPIC
# make
# make install
# cd ../mod_ssl-xxx
# ./configure -with-apache=../apache-1.3.xx
# cd ../apache-1.3.xx
# SSL_BASE=../sl-xx ./configure --prefix=/home/www
--enable-module=most --enable-shared=max
--enable-module=ssl --enable-shared=ssl
# make
# make certificate
# make install
Test your Apache Setup
# /etc/rc.d/init.d/httpd stop
# /etc/rc.d/init.d/httpd startssl
# enter phrase
>> Comments/FeedBack
|
