Hello,
2015-08-08 changed the detection of view for a session detection with a cookie (default name of a php session)
A friend asked me to add a login and password to his php web site
I checked internet, I did not find a nice example (well, not quickly)
Security concern:
This type of login and password is half secure (if someone hack your root, he will get all login and passwords!!!)
Requirement package:
wampserver2.5-Apache-2.4.9-Mysql-5.6.17-php5.5.12-64b.exe
Requirement procedure:
To start a php web site locally, port 80 must be free, close skype or set his additionnals call option off on on another port
Install php WAMP
Copy index.php in c:\wamp\www
Type localhost in adress bar of any browser to access your local site (this will pick index.php as the first php web page)
----------------- index.php ----- use notepad.exe or notepad2.exe ------------------
<!DOCTYPE html>
<html:html>
<html:body>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /><div>
<title>Login and password in PHP</title>
</head>
<body>
<?php
// debug mode is ON, lost of echo will display message about working order of the page
$debugmode = 1;
session_start();
// initialize global variables on first load of page
// view indicate a refresh if it set, but ! mean it is not set
if(!isset($_COOKIE["PHPSESSID"]))
{
// first load of page
// initialize session variables
$_SESSION['loginok'] = 0;
$_SESSION['securitylevel'] = 0;
$_SESSION['username'] = "";
$_SESSION['fullname'] = "Guest";
if($debugmode==1) {echo "globals SESSION variables initialized";};
}
else
{
// second load of page or more
if($debugmode==1) {echo "Not first load, no global variables initializing<br>";};
};
if(!isset($userstot))
{
// initialize program variables (in this sub, not public to functions or sub, not shared to any other program
if($debugmode==1) {echo "Globals regular variables initialized<br>";};
$i = 0;
$username[$i]="admin";
$password[$i]="admin";
$fullname[$i]="Serge Fournier";
$securitylevel[$i] = "100";
$i++;
$username[$i]="admin2";
$password[$i]="admin2";
$fullname[$i]="Serge Fournier 2";
$securitylevel[$i] = "10";
$userstot = count($username); // total users would be 2
$errorlogin = "";
}
if(isset($_POST['submitlogin']))
{
//if(empty($_POST['username'])){$_SESSION['loginok'] = 0;};
//if(empty($_POST['password'])){$_SESSION['loginok'] = 0;};
$usernameresult = trim($_POST['username']);
$passwordresult = trim($_POST['password']);
$usercnt = 0;
if($debugmode==1) {echo "Total number of users: $userstot <br>";};
foreach($username as $usernameloop)
{
if($usernameresult == $usernameloop)
{
if($debugmode==1) {echo "Username valid, cheking password...<br>";};
if($passwordresult == $password[$usercnt])
{
$_SESSION['loginok'] = 1;
$_SESSION['fullname'] = $fullname[$usercnt];
$_SESSION['username'] = $username[$usercnt];
$_SESSION['securitylevel'] = $securitylevel[$usercnt];
if($debugmode==1) {echo "session value (1 is login and password ok, 0 is bad something): " . $_SESSION['loginok']."<br>";};
};
};
$usercnt = $usercnt + 1;
};
if($_SESSION['loginok'] == 1)
{
$errorlogin = "";
}
else
{
$errorlogin = "ERROR Wrong login or password. This is case sensitive. Chek your caps lock state";
};
};
if(isset($_POST['submitlogoff']))
{
$_SESSION['loginok'] = 0;
};
if($_SESSION['loginok'] == 1)
{
// second load of page (this is a view refresh)
// main program ///////////////////////////////////////////////
echo "<h1>Main program</h1><br>";
echo "<br>Welcome ".$_SESSION['fullname']."<br>";
echo "<br>Your username is: ".$_SESSION['username']."<br>";
echo "<br>Your security level is: ".$_SESSION['securitylevel']."<br>";
// logoff button
$html = "";
$html.="<br><form id='logoff' action='{$_SERVER['PHP_SELF']}' method='post' accept-charset='UTF-8'>";
$html.="<fieldset>";
$html.="<legend>Logoff</legend>";
$html.="<input type='submit' name='submitlogoff' value='Logoff' />";
$html.="</fieldset>";
$html.="</form>";
echo $html;
ob_flush(); // empty any web browser buffer so text display immediatly
flush();
}
else
{
// login form, username and password box
if($debugmode==1) {echo "Session loginok value: " . $_SESSION['loginok'] . " (0 = you are not logged in)<br>";};
$html="<form id='login' action='{$_SERVER['PHP_SELF']}' method='post' accept-charset='UTF-8'>";
$html.="<fieldset>";
$html.="<legend>Login</legend>";
$html.="<label for='username' >UserName*:</label>";
$html.="<input type='text' name='username' id='username' maxlength='50' />";
$html.="<label for='password' >Password*:</label>";
$html.="<input type='password' name='password' id='password' maxlength='50' />";
$html.="<input type='submit' name='submitlogin' value='Login' /> $errorlogin";
$html.="</fieldset>";
$html.="</form>";
echo $html;
ob_flush(); // empty any web browser buffer so text display immediatly
flush();
};
?>
</html>
</body>
</html:body>
</html:html>
No comments:
Post a Comment