Post: Simple PHP Authentication System (MySQL not required)
Options
03-09-2016, 07:33 PM
#1
JB
[i]Remember, no Russian.[/i]
All you need to do is edit the $config array to set "loginUsername" and "loginPassword" to the values you require, and replace "Access granted" at the bottom of the script with your web app source code (or just include it). Note that ideally you should only use this to learn the basics of authentication and code standards, and probably shouldn't use this on a live system (it'll protect it, but it only supports a single login and the password is plaintext in the source). It can be easily modified to work with a MySQL database, but I'll let you all have a play with it.
<?php
session_start();
$config = [
'loginUsername' => 'JB',
'loginPassword' => 'jb da bes'
];
$message = '';
if (
(
! isset($_POST['loginUsername']) ||
! isset($_POST['loginPassword'])
) &&
isset($_POST['loginSubmit'])
) {
$message = 'Invalid Request';
}
if (
(
(
$_POST['loginUsername'] !== $config['loginUsername'] ||
$_POST['loginPassword'] !== $config['loginPassword']
) ||
(
$_SESSION['loginUsername'] !== $config['loginUsername'] ||
$_SESSION['loginPassword'] !== $config['loginPassword']
)
) &&
isset ($_POST['loginSubmit'])
) {
$message = 'Invalid Credentials';
}
if (
(
$_SESSION['loginUsername'] !== $config['loginUsername'] ||
$_SESSION['loginPassword'] !== $config['loginPassword']
) &&
(
$_POST['loginUsername'] !== $config['loginUsername'] ||
$_POST['loginPassword'] !== $config['loginPassword']
)
) {
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Authentication Required</title>
<!-- Bootstrap CSS -->
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7" crossorigin="anonymous">
<!-- Bootstrap JavaScript -->
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js" integrity="sha384-0mSbJDEHialfmuBBQP6A4Qrprq5OVfW37PRR3j5ELqxss1yVqOtnepnHVP9aJ7xS" crossorigin="anonymous"></script>
<!-- Custom styles for this template -->
<style type="text/css">
body {
padding-top: 40px;
padding-bottom: 40px;
background-color: #eee;
}
.form-signin {
max-width: 330px;
padding: 15px;
margin: 0 auto;
}
.form-signin .form-signin-heading,
.form-signin .checkbox {
margin-bottom: 10px;
}
.form-signin .checkbox {
font-weight: normal;
}
.form-signin .form-control {
position: relative;
height: auto;
-webkit-box-sizing: border-box;
-moz-box-sizing: border-box;
box-sizing: border-box;
padding: 10px;
font-size: 16px;
}
.form-signin .form-control:focus {
z-index: 2;
}
.form-signin input[type="email"] {
margin-bottom: -1px;
border-bottom-right-radius: 0;
border-bottom-left-radius: 0;
}
.form-signin input[type="password"] {
margin-bottom: 10px;
border-top-left-radius: 0;
border-top-right-radius: 0;
}
</style>
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
<script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
<![endif]-->
</head>
<body>
<div class="container">
<form class="form-signin" method="post">
<h2 class="form-signin-heading">Please sign in</h2>
<?php if ($message !== ''
{ ?>
<div class="alert alert-danger"><?=$message?></div>
<?php } ?>
<label for="loginUsername" class="sr-only">Username</label>
<input type="text" id="loginUsername" name="loginUsername" class="form-control" placeholder="Username" required autofocus>
<label for="loginPassword" class="sr-only">Password</label>
<input type="password" id="loginPassword" name="loginPassword" class="form-control" placeholder="Password" required>
<input type="submit" class="btn btn-lg btn-primary btn-block" name="loginSubmit" value="Sign in">
</form>
</div> <!-- /container -->
</body>
</html>
<?php
exit;
}
if (
(
$_SESSION['loginUsername'] !== $config['loginUsername'] ||
$_SESSION['loginPassword'] !== $config['password']
)
) {
$_SESSION['loginUsername'] = $config['loginUsername'];
$_SESSION['loginPassword'] = $config['loginPassword'];
}
?>
Access granted
The following 2 users say thank you to JB for this useful post:
03-09-2016, 08:05 PM
#2
CyberNomadic
Web Developer
The following user thanked CyberNomadic for this useful post:
04-22-2016, 10:23 AM
#3
Danny
Hurah!
Originally posted by JB
So as people seem to have been struggling to write an authentication/login system in PHP, I've written a super simple PHP authentication script that doesn't make use of MySQL (I did say it was simple, after all).
All you need to do is edit the $config array to set "loginUsername" and "loginPassword" to the values you require, and replace "Access granted" at the bottom of the script with your web app source code (or just include it). Note that ideally you should only use this to learn the basics of authentication and code standards, and probably shouldn't use this on a live system (it'll protect it, but it only supports a single login and the password is plaintext in the source). It can be easily modified to work with a MySQL database, but I'll let you all have a play with it.
All you need to do is edit the $config array to set "loginUsername" and "loginPassword" to the values you require, and replace "Access granted" at the bottom of the script with your web app source code (or just include it). Note that ideally you should only use this to learn the basics of authentication and code standards, and probably shouldn't use this on a live system (it'll protect it, but it only supports a single login and the password is plaintext in the source). It can be easily modified to work with a MySQL database, but I'll let you all have a play with it.
<?php
session_start();
$config = [
'loginUsername' => 'JB',
'loginPassword' => 'jb da bes'
];
$message = '';
if (
(
! isset($_POST['loginUsername']) ||
! isset($_POST['loginPassword'])
) &&
isset($_POST['loginSubmit'])
) {
$message = 'Invalid Request';
}
if (
(
(
$_POST['loginUsername'] !== $config['loginUsername'] ||
$_POST['loginPassword'] !== $config['loginPassword']
) ||
(
$_SESSION['loginUsername'] !== $config['loginUsername'] ||
$_SESSION['loginPassword'] !== $config['loginPassword']
)
) &&
isset ($_POST['loginSubmit'])
) {
$message = 'Invalid Credentials';
}
if (
(
$_SESSION['loginUsername'] !== $config['loginUsername'] ||
$_SESSION['loginPassword'] !== $config['loginPassword']
) &&
(
$_POST['loginUsername'] !== $config['loginUsername'] ||
$_POST['loginPassword'] !== $config['loginPassword']
)
) {
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Authentication Required</title>
<!-- Bootstrap CSS -->
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7" crossorigin="anonymous">
<!-- Bootstrap JavaScript -->
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js" integrity="sha384-0mSbJDEHialfmuBBQP6A4Qrprq5OVfW37PRR3j5ELqxss1yVqOtnepnHVP9aJ7xS" crossorigin="anonymous"></script>
<!-- Custom styles for this template -->
<style type="text/css">
body {
padding-top: 40px;
padding-bottom: 40px;
background-color: #eee;
}
.form-signin {
max-width: 330px;
padding: 15px;
margin: 0 auto;
}
.form-signin .form-signin-heading,
.form-signin .checkbox {
margin-bottom: 10px;
}
.form-signin .checkbox {
font-weight: normal;
}
.form-signin .form-control {
position: relative;
height: auto;
-webkit-box-sizing: border-box;
-moz-box-sizing: border-box;
box-sizing: border-box;
padding: 10px;
font-size: 16px;
}
.form-signin .form-control:focus {
z-index: 2;
}
.form-signin input[type="email"] {
margin-bottom: -1px;
border-bottom-right-radius: 0;
border-bottom-left-radius: 0;
}
.form-signin input[type="password"] {
margin-bottom: 10px;
border-top-left-radius: 0;
border-top-right-radius: 0;
}
</style>
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
<script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
<![endif]-->
</head>
<body>
<div class="container">
<form class="form-signin" method="post">
<h2 class="form-signin-heading">Please sign in</h2>
<?php if ($message !== '' { ?>
<div class="alert alert-danger"><?=$message?></div>
<?php } ?>
<label for="loginUsername" class="sr-only">Username</label>
<input type="text" id="loginUsername" name="loginUsername" class="form-control" placeholder="Username" required autofocus>
<label for="loginPassword" class="sr-only">Password</label>
<input type="password" id="loginPassword" name="loginPassword" class="form-control" placeholder="Password" required>
<input type="submit" class="btn btn-lg btn-primary btn-block" name="loginSubmit" value="Sign in">
</form>
</div> <!-- /container -->
</body>
</html>
<?php
exit;
}
if (
(
$_SESSION['loginUsername'] !== $config['loginUsername'] ||
$_SESSION['loginPassword'] !== $config['password']
)
) {
$_SESSION['loginUsername'] = $config['loginUsername'];
$_SESSION['loginPassword'] = $config['loginPassword'];
}
?>
Access granted
Cheers dude
The following user thanked Danny for this useful post:
Copyright © 2024, NextGenUpdate.
All Rights Reserved.
