How can I modify this to accompany multiple users with the ability to redirect people to different 'main.php' pages based on their user and pass? I'd like to do this within the PHP and not use a database.

login.php

<?php
// start the session
session_start();

$errorMessage = '';
if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {
// check if the username and password combination is correct
if ($_POST['txtUserId'] === 'theuser' && $_POST['txtPassword'] === 'thepass') {
// the username and password match,
// set the session
$_SESSION['basic_is_logged_in'] = true;

// after login we move to the main page
header('Location: main.php');
exit;
} else {
$errorMessage = 'Sorry, wrong username / password';
}
}
?>
<html>
<head>
<title>Basic Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>

<?php
if ($errorMessage != '') {
?>
<p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p>
<?php
}
?>
<form action="" method="post" name="frmLogin" id="frmLogin">
<table width="400" border="1" align="center" cellpadding="2" cellspacing="2">
<tr>
<td width="150">User Id</td>
<td><input name="txtUserId" type="text" id="txtUserId"></td>
</tr>
<tr>
<td width="150">Password</td>
<td><input name="txtPassword" type="password" id="txtPassword"></td>
</tr>
<tr>
<td width="150">&nbsp;</td>
<td><input name="btnLogin" type="submit" id="btnLogin" value="Login"></td>
</tr>
</table>
</form>

</body>
</html>


main.php

<?php
// start the session
session_start();

// is the one accessing this page logged in or not?
if (!isset($_SESSION['basic_is_logged_in']) || $_SESSION['basic_is_logged_in'] !== true) {
// not logged in, move to login page
header('Location: login.php');
exit;
}

?>
<html>
<head>
<title>Main User Page</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>

<p>This is the main application page. You are free to play around here since you are an autenthicated user :-) </p>
<p>&nbsp;</p>
<p><a href="logout.php">Logout</a></p>

</body>
</html>


logout.php

<?php
// start the session
session_start();

// if the user is logged in, unset the session
if (isset($_SESSION['basic_is_logged_in'])) {
unset($_SESSION['basic_is_logged_in']);
}

// now that the user is logged out,
// go to login page
header('Location: login.php');
?>

why not do something like:


$username = get_username();
$password = get_password();
$user_dat = array(
'user1' => array('password' => 'theirpassword', 'location' => 'location to goto'),
'user2' => array('password' => 'theirpassord2', 'location' => 'location2 to goto')
);

if(isset($user_dat[$username]) && ($user_dat[$username]['password'] == $password) )
header("Location: " .$user_dat[$username]['location']);
die( isset($user_dat[$username]) ? "Bad Password." : "Unknown User");


But why would you want to keep all this in a file you'd have to maintain versus a database?

tony

Because i'm new to PHP and wouldn't know where to begin to use a database. This seems to work. What do you think? I'd be open to using a database if u think u could walk me through it. I've got phpMyAdmin running on my server but I have no idea how to use it.


<?php
session_start();

$data=array("username1"=>array("url"=>"somefile.php","password"=>"password1"),
"username2"=>array("url"=>"someotherfile.php","password"=>"password2"));

if(isset($_POST['username']) && isset($_POST['password'])) {
if($data[$_POST['username']]['password'] == $_POST['password']) {
$_SESSION['username'] = $_POST['username'] . " " . $_POST['password'];
header('Location: ' . $data[$_POST['username']]['url']);
} else {
echo "Wrong user name or password. <br>";
logIn();
}
} else {
logIn();
}
?>

<?php
function logIn() {
?>
<html>
<head>
<title>Basic Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>

<p align="center"><strong><font color="#990000"></font></strong></p>

<form action="" method="post" name="frmLogin" id="frmLogin">
<table width="400" border="1" align="center" cellpadding="2" cellspacing="2">
<tr>
<td width="150">User Id</td>
<td><input name="username" type="text"></td>
</tr>
<tr>
<td width="150">Password</td>
<td><input name="password" type="password"></td>
</tr>
<tr>
<td width="150">&nbsp;</td>
<td><input name="btnLogin" type="submit" id="btnLogin" value="Login"></td>
</tr>
</table>
</form>

</body>
</html>
<?php
}
?>

Not doing something for the sake of never doing before doesn't make much sense...

Go for the Database!! Its alot better.

Here is a step by step article to walk you into it.

http://www.charles-reace.com/login_article.html

Ok, i'm looking into the Db stuff. In the meantime i'd also like to figure out this other weaker method and I have something that is working now however I was wondering if someone could figure out how to modify this to implement md5 encrypted passwords?


<?php
session_start();

$data=array("user1"=>array("url"=>"file1.php","password"=>"pass1"),
"user2"=>array("url"=>"file2.php","password"=>"pass2"));

if(isset($_POST['username']) && isset($_POST['password'])) {
if($data[$_POST['username']]['password'] == $_POST['password']) {
$_SESSION['username'] = $_POST['username'] . " " . $_POST['password'];
header('Location: ' . $data[$_POST['username']]['url']);
} else {
login('Wrong user name or password. <br>');
}
} else {
login();
}
?><?php

function login($response='This is the default message, if there is none provided') {

?>
<html>
<head>
<title>Basic Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<h1>Login</h1>
<p><?=$response?></p>
<form action="" method="post">
<label for="username">User Id</label>
<input name="username" type="text" /><br />

<label for="password">Password</label>
<input name="password" type="password"><br />
<input type="submit" value="Login" />
</form>
</body>
</html>
<?php } ?>

MD5 @ php.net (http://php.net/md5) the almighty source for all php information

thx...although their info on md5 seems pretty vague. i'll look deeper into it.

Could someone direct me to an example similar to the one sheldon posted but that starts off explaining how to set up the mysql database?

Does your Host have a control/admin panel for your hosting account? Do you have PHPmyAdmin istalled?

Otherwise
http://dev.mysql.com/doc/refman/5.1/en/create-database.html

is the mySQL dev centre.

yea, i have PHPmyAdmin although i've never used it.

Well you can set up a databse with that, assign a user with all privlages to your new database, then the ball is rolling faster than ever, with NogDog's article your cant go wrong with a decent PHP/mySL login script!

Fantastic!




(Why am i in such a good mood?)

I need something just like this, but using MySQL... Can someone help me?
Thanks