Professional Documents
Culture Documents
We shall use a MySQL table like this for storing administrator information:
id user_name user_pass
1 admin admin
2 swashata swashata
asically we shall encrypt the password inside the table. Just for the demonstration I have showed the
passwords above.
Now create a Database and inside it create a table login_admin with the following MySQL query
command:
?
CREATETABLElogin_admin
(
id INTNJTNULLAUTJ_INCREMENT,
user_name VARCHAR(100),
user_pass VARCHAR(200),
PRIMARYKEY(id)
)
Now insert the two user information inside the table with the following command:
?
php
/
Contains all the basic Configuration
php
define(DJC_RJJT,dirname(__FILE__)); // To properly get the config.php file
$username= $_PJST'username',; //Set UserName
$password= $_PJST'password',; //Set Password
$msg='';
if(isset($username, $password)) ,
ob_start();
include(DJC_RJJT.'/config.php'); //Initiate the MySQL connection
// To protect MySQL injection (more detail about MySQL injection)
$myusername= stripslashes($username);
$mypassword= stripslashes($password);
$myusername= mysqli_real_escape_string($dbC, $myusername);
$mypassword= mysqli_real_escape_string($dbC, $mypassword);
$sql="SELECT FRJM login_admin WHERE user_name='$myusername' and
user_pass=SHA('$mypassword')";
$result=mysqli_query($dbC, $sql);
// Mysql_num_row is counting table row
$count=mysqli_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1),
// Register $myusername, $mypassword and redirect to file "admin.php"
session_register("admin");
session_register("password");
$_SESSIJN'name',= $myusername;
header("location:admin.php");
,
else,
$msg= "Wrong Username or Password. Please retry";
header("location:login.phpmsg=$msg");
,
ob_end_flush();
,
else,
header("location:login.phpmsg=Please enter some username and password");
,
As you can see it registers _SESSION['name'] superglobal variable along with session_register and
then redirects to admin.php. Now lets see what the admin.php file has to protect it from unauthorized
use! Also note that if username and password do not match, then it redirects back to
the 4355 file with an error $ms.
5: Ccce Lehinc ccmin.php fi|e:
?
8
9
8
9
<.php
sessionstait(); Stait the session
uefine(ABNIN,SESSI0N|namej); uet the usei name fiom the pieviously iegisteieu supei global vaiiable
if(!sessionisiegisteieu(aumin)){ If session not iegisteieu
heauei(location:login.php); Reuiiect to login.php page
}
else Continue to cuiient page
heauei( Content-Type: texthtml; chaiset=utf-8 );
.>
<!B0CTYPE html P0BLIC -WCBTB XBTNL . TiansitionalEN http:www.w.oigTRxhtmlBTBxhtml-tiansitional.utu>
<html xmlns=http:www.w.oig999xhtml xml:lang=en lang=en>
<heau>
<title>Welcome To Aumin Page Bemonstiation<title>
<heau>
<bouy>
<h>Welcome To Aumin Page <.php echo ABNIN *Echo the useiname * .><h>
<p><a hief=logout.php>Logout<a><p> <!-- A link foi the logout page -->
<p>Put Aumin Contents<p>
<bouy>
<html>
I have put comments every where! So you will be able to easily understand the code! asically, here
you need to be creative to put the admin contents properly! What ever it is, it will only be shown to
authorized users. Also we have set a constant DMIN to fetch the username from the super global
variable $_SESSION['3ame'] and we can echo it where ever we want!
: Lcgging cuI wiIh |cgcuI.php
It is used to destroy the current session. It is very simple!
?
php
session_start(); //Start the current session
session_destroy(); //Destroy it! So we are logged out now
header("location:login.phpmsg=Successfully Logged out"); // Move back to login.php with a
logout message
Save the file with the above code and you are done!