Extended,password,control,php

Ron 10/11/2016 0

Extended password control in PHP

PHP
 <?php 
# This bit of code may be freely used on condition that I will not be responsible for any mishap it might cause 

# If $pass_stop = 1, check if you can log in, but do not exit!! Do not ask HTTP Password! 
# Required - sometimes you want to show a page whether user is logged in or not to know which message to send. 

# Password checking via 
# 1 Form input 
# 2 HTTP input 
# 3 Cookie return 
# Cookie set at end to last 1 year 
# 1 overides 2 overrides 3 

# Variables for form: 
# f_userID  User ID 
# f_pass  Password 
# rem_cookie Remember username and password for the future in a cookie? (if 1 yes else no) 


$logged_in = false; 

# Function to request http password. 

function http_pass(){ 
GLOBAL $pass_stop; 

if ($pass_stop != 1){ 
$unauthstring = "You did not enter a valid Username/Password combination"<p>

Header("WWW-Authenticate: Basic realm=\"Registered users Only\""); 
    Header("HTTP/1.0 401 Unauthorized"); 
    echo "$unauthstring";     exit;   
} # if ($pass_stop == 1) 
} # end function http_pass 

# set some control variables 

$userID = ''; 
$passwd = ''; 
$userstat = ''; 



# Is form variable set? 
# if so set process variables and skip http and cookies 

if ((isset($f_userID)) && (isset($f_pass))) { 
$userID = $f_userID; 
$passwd = $f_pass; 
$userstat = 1; 

} # end ((isset($f_userID) && isset($f_pass)) 


# Is HTTP variable set? 
# if so set process variables and skip cookies 


if (isset($PHP_AUTH_USER) && isset($PHP_AUTH_PW) && ($userstat == '')) { 
$userID = $PHP_AUTH_USER; 
$passwd = $PHP_AUTH_PW; 
$userstat = 1; 

} # end if ((isset($PHP_AUTH_USER) && isset($PHP_AUTH_PW) && ($userstat == '')) 


# Is Cookie variable set? 
# if so set process variables 

if (isset($download) && ($userstat == '')) { 
$tt1 = explode("|",$download); 
$userID = $tt1[0]; 
$passwd = $tt1[1]; 
$userstat = 1; 

} # end ((isset($download) && ($userstat == '')) 

# If no username or password - ask for it!  And exit 

if ($userstat == '') 
{http_pass();  } 



# Now we should have a username/password combination 
# is it valid?? 

# Connect to DB 
$db = mysql_connect("localhost", "root", ""); 

if ( mysql_select_db("userDB",$db) ) { 
# Connect Ok 
; 
} else { 

echo "Failed to connect to database<p>";exit;}; 

# get data from DB 
$query = "SELECT * FROM users WHERE uname = '$userID'"; 

$result = mysql_query($query); 

if ($result) { $x=1;} else {echo "PASSWORD SEARCH FAILED<p> result= $result<br> sql = $query <p>";}; 

if ($memberrow = mysql_fetch_array($result)) { 

$dbpasswd = $memberrow["passwd"]; 
$userpasswd = md5($passwd); 

if (!$userid) { $userid= $memberrow["uname"]; } ; 

if ($dbpasswd != $userpasswd)   {http_pass();} #End 
if ($dbpasswd == $userpasswd)   {$logged_in=true;} 


}  # End if (!$userid) { $userid= $memberrow["uname"]; } 

else 

{ 
         http_pass;} #Ende else memberrow 


# Now we know who this guy is! 

# Set cookie for future 
# If not set - did he give permission? 
# If set, rewrite with new expiry date 

$cookie_value = $userID.'|'.$passwd; 

if ($logged_in && (($rem_cookie == 1) || isset($download))) {SetCookie("download",$cookie_value,time() 31622400); # Set Cookie for 366 days 
$download= $cookie_value; 
} 
?> 

#Use this form snippet to provide the user with a login screen. 

<?php 
include('Code_Above'); 
# Login insert 
?> 

<form action="<?php echo $PHP_SELF; ?>" method="POST"> 
<table border=0 cellpadding=3 cellspacing=3> 
<tr><td>Username:</td><td><input size="20" name="f_userID"></td></tr> 
<tr><td>Password:</td><td><input size="20" name="f_passwd"></td></tr> 
<tr><td colspan=2><input type="submit" value="login"></td></tr> 
</table> 
</form>
  

Report Bug

Please Login to Report Bug

Reported Bugs

Comments

Please Login to Comment

Comments