Welcome to HBH! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.

An Authenticator with Cookies and Redirect - PHP Code Bank

  1. Home
  2. Code Bank
  3. PHP
  4. An Authenticator with Cookies and Redirect

An Authenticator with Cookies and Redirect
is is an Authenticator with Cookies and Redirects if sucessful. 
                <?php 

//Put in your own info for username, password, DB, email@address, Cookiename, 
//the name of this page (currently login.php) and the name of your subscribe 
//or new user page (currently new.php).  I went ahead and included all the HTML 
//so this page should work as is, with only the changes described above needed 

$dblink = mysql_pconnect("localhost","username","password"); 
mysql_select_db("DB"); 

$headers=0; //Make Sure HTML Headers are in place before the form 


//after Authenticating the script automatically sends the browser to   
//the webpage of your choice (note if your page calls this   
//script with ?redirect="foobar.php" it will automatically 
//redirect to foobar.php after authenticating.  Set the default   
//redirect page here 

if ( !isset($redirect)) 
   { 
     $redirect = "index.php"; 
   } 

if (isset($UserID) && isset($Password)) { 

  $query = "select * from members where UserID = \"$UserID\" and Password = 
\"$Password\""; 

  if ( !($dbq = mysql_query($query, $dblink))) { 
    echo "Unable to query database.  Please Contact <a 
href=\"mailto:email@address\">email@address</a>.\n"; 
    exit; 
  }   

  $lim = mysql_num_rows( $dbq ); 

  if ($lim != 1) { 

  $headers=1; //HTML headers in place    
  echo "<HTML><HEAD><TITLE>Login Page</TITLE></HEAD><BODY>"; 
  echo "<B>Invalid User ID or Password. Please Try again</B><BR>"; 

  } 

  if ($lim == 1) { 

//make unique session id and store it in Database 
  $timer = md5(time()); 
  $sid = $UserID . "+" . $timer; 
  SetCookie("Cookiename",$sid,time()+2592000); //Set Cookie for 30 days 
  $query = "update members set sid=\"$timer\" where UserID=\"$UserID\""; 

  if( !($dbq = mysql_query( $query, $dblink))) { 
    echo "Unable to update database.  Please contact <a 
href=\"mailto:email@address\">email@address</a>.\n"; 
  exit; 
  } 

  $headers=1; 
  header("Location: $redirect"); 
  exit; 
  } 

} 

if (isset($Cookiename)) { 
  $headers=1; //make sure HTML headers are in place before the form 
  $sidarray = explode("+", "$Cookiename"); 
  $query = "select * from members where UserID = \"$sidarray[0]\" and sid = \"$sidarray[1] 
\""; 

  if ( !($dbq = mysql_query($query, $dblink))) { 
    echo "Unable to find database.  Please Contact <a 
href=\"mailto:email@address\">email@address</a>.\n"; 
    exit; 
  } 

  if (mysql_num_rows( $dbq ) == 1) { 
    echo "<HTML><HEAD><TITLE>Login Page</TITLE></HEAD><BODY>"; 
    echo "You are already logged in as $sidarray[0].<BR>"; 
    echo "You may logon as another user or simply begin using our services with your current 
session.<BR>"; 
    echo "Click <A Href=\"http://www.mydomain.com/home.php\">Here</A> to return to our 
homepage."; 
  } 
} 

if ($headers == 0) { 
echo "<HTML><HEAD><TITLE>Login Page</TITLE></HEAD><BODY>"; 
} 

echo "<Form Action=\"login.php\" METHOD=POST>"; 
echo "<H2>User Name</H2>"; 
echo "<Input TYPE=\"text\" Name=\"UserID\" Value=",$UserID,">"; 
echo "<BR>"; 
echo "<H2>Password</H2>"; 
echo "<Input TYPE=\"password\" Name=\"Password\">"; 
echo "<BR>"; 
echo "<Input Type=\"submit\" Value=\"Submit\">"; 
echo "<Input Type=\"hidden\" Name=\"redirect\" Value=\"$redirect\">"; 
echo "</FORM>"; 
?> 
<A HREF=new.php>Create an Account</A> 
</BODY> 
</HTML> 



<?php 
//Header for Authenticator with Cookies: 
//I received some e-mail asking what code should be placed on other pages of the website using my Authenticator 
//with Cookies and Redirect. This  should appear before the HTML Tag on any page you want protected. 

//Put in your own info for username, password, DB, email@address, Cookiename,   
//the name of this page (currently thispage.php), and the name of the login page (currently 
login.php). 
//Cookiename MUST be the same as Cookiename in the login page. 

$dblink = mysql_pconnect("localhost","username","password"); 
mysql_select_db("DB"); 
   
if( !(isset( $CookieName ))) 
{   
        header("Location: http://www.yourdomain.com/login.php3?redirect=thispage.php"); 
        exit; 
}   
   
$sidarray = explode("+","$CookieName"); 
   
$query = "select * from members where UserID = \"$sidarray[0]\" and sid = \"$sidarray[1]\""; 
   
if ( !($dbq = mysql_query( $query, $dblink))) { 
  echo "Unable to find database.  Please Contact <A 
HREF=\"mailto:email@address\">email@address</a>.\n"; 
  exit; 
} 
   
if (mysql_num_rows( $dbq ) != 1) { 
        header("Location: http://www.yourdomain.com/login.php3?redirect=thispage.php"); 
        exit; 
}   
    
?>
77mod77 avatar77mod77
Comments
ADIGA's avatar
ADIGA 13 years ago

looks good at first look, but its way SQL injectable, try using 'mysql_real_escape_string' wither when checking posted valued used in the query to check if the username/password is right or when checking the cookie value in the database, also you could use the user IP address and store it in the database to prevent the usage of the sission by other users if cookie got stolen :) rated as good.