A simple user auth

by: Ahmet Karakilcik

April 6, 2002

Version: 4

Type: Full Script

Category: Other

License: GNU General Public License

Description: User auth system that uses adress line for have user's sessionid. It seems good way if we let a user see our secret pages for a period.

/*
Mysql table shema for this script
CREATE TABLE user (
  userid int(11) NOT NULL auto_increment,
  username varchar(12) NOT NULL DEFAULT '' ,
  userpass varchar(32) NOT NULL DEFAULT '' ,
  sesid varchar(32) NOT NULL DEFAULT '' ,
  time int(14) NOT NULL DEFAULT '0' ,
  PRIMARY KEY (userid),
  INDEX userid (userid)
  );
*/

<?
//functions.php
@mysql_connect("localhost","root","");
@mysql_select_db("test");
function user_check(){
 global $username,$userpass,$gonder,$time;
 $check_user = @mysql_query("SELECT userid FROM user WHERE username = '$username' AND userpass = '".md5($userpass)."'");
 $row = mysql_fetch_array($check_user);
 $userid = $row["userid"];
 if (!empty($userid)) {
 //generate session id and time we close the session
   $sesid = md5(time());
   $time = time() + 360;
   @mysql_query("UPDATE user SET sesid='$sesid',time='$time' WHERE userid='$userid'");
   //Instead of cookies or session we know our user's id and etc. from adress line
   header("Location:secret.php?sesid=$sesid");
 } else {
  echo die("<center>Wrong password or username please try <a href=login.php>again!!!</a></center>");
  }
}

function session_check() {
 global $sesid;
 $check_time = @mysql_query("SELECT zaman FROM user WHERE sesid = '$sesid'");
 $time_row = @mysql_fetch_array($check_time);
 $bitis = $time_row["time"];
 if ($bitis < time()){
 die("<center>Your session timeout please <a href=login.php>login</a>...</center>");
 }
}
?>
//login.php
include("functions.php");
if (!empty($submit)){
user_check();
} else {
echo "<form action=login.php method=post>
<table width=350 border=0 cellpadding=1 cellspacing=0 align=center>
       <tr>
       <td width=150>Username :</td><td><input type=text name=username size=15></td>
       </tr>
        <tr>
       <td width=150>Password :</td><td><input type=password name=userpass size=15></td>
       </tr>
        <tr>
       <td width=150>&nbsp;</td><td><input type=submit name=submit value=Submit></td>
       </tr>
</table>
</form>";
} ?>

//secret.php
include("functions.php");
//check session id and time from mysql
session_check();
//then show content
echo "<center>Here is your secret page. <br>
Don't forget to put \$sesid to your links eg:http://yourhost/nextpage.php?sesid=\$sesid</center>";
?>

Comment and Contribute

0 Comments (click to add your comment)

Your comment has been submitted and is pending approval.

Author:

Ahmet Karakilcik

Comment:

Name/nickname:
Email:

Comment:

(Maximum characters: 1200). You have characters left.