| px | top | add code | search | signup | login | help |
When the user logs off, the (encrypted) password in the user-db is moved to a temproary field,
when he tries to enter the restricted page again and if he types the correct password, it will be moved back to the
password field again.
Just require the function.php3 in all the restricted pages, and call the check_auth(); function like it's done in login.php3.
To create the user-table, you can use the syntax:
CREATE TABLE users (username CHAR(20), encrpass CHAR(100), tmppass CHAR(100));
Use this to insert a test-user:
(aB14QxrLULc36 is the encrypted form of 'testpass')
INSERT INTO users (username, encrpass, tmppass) VALUES ('testuser', 'aB14QxrLULc36', '');
Copy the code below to the different .php files...
****** function.php3 ******
<?php
$sqlhost = "localhost";
$sqllogin = "yourlogin";
$sqlpass = "yourpass";
$dbname = "yourdb";
$crsalt = "aB";
$usertable = "users";
function check_auth() {
global $sqlhost, $sqllogin, $sqlpass, $dbname, $crsalt, $users;
global $PHP_AUTH_USER, $PHP_AUTH_PW;
if (!isset($PHP_AUTH_USER)) {
header('WWW-Authenticate: Basic realm="Admin Area"');
header("HTTP/1.0 401 Unauthorized");
print "<b>Wrong password or you don't have access.</b>";
exit;
} else if (isset($PHP_AUTH_USER)) {
mysql_connect($sqlhost, $sqllogin, $sqlpass);
mysql_select_db($dbname);
$pass = crypt($PHP_AUTH_PW,$crsalt);
$res = mysql_query("SELECT * FROM users WHERE username='$PHP_AUTH_USER' AND encrpass='$pass'");
$pres = mysql_query("SELECT * FROM users WHERE username='$PHP_AUTH_USER'");
$row = mysql_fetch_array($pres);
$tmppass = $row["tmppass"];
if ($tmppass) {mysql_query("UPDATE users SET tmppass=encrpass, encrpass='$tmppass' WHERE username='$PHP_AUTH_USER'");}
$num = mysql_numrows($res);
if ($num != "0") {
return 1;
} else {
header('WWW-Authenticate: Basic realm="Admin Area"');
header("HTTP/1.0 401 Unauthorized");
print "<b>Wrong password or you don't have access.</b>";
exit;
}
}
}
?>
****** login.php3 ******
<?php
require "function.php3";
check_auth();
?>
Logged in: <?php echo $PHP_AUTH_USER; ?><br><br>
<a href="logout.php3">Click here to log out</a>
****** logout.php3 ******
<?php
require "function.php3";
check_auth();
mysql_connect($sqlhost, $sqllogin, $sqlpass);
mysql_select_db($dbname);
$pass = crypt($PHP_AUTH_PW,$crsalt);
mysql_query("UPDATE users SET tmppass=encrpass, encrpass='' WHERE username='$PHP_AUTH_USER'");
?>
Logged out!<br><br>
<a href="login.php3">Click here to log in</a>
Comments or questions?
PX is running PHP 5.2.11
Thanks to Miranda Productions for hosting and bandwidth.
Use of any code from PX is at your own risk.