per la versione con utenti su array e
per la versine con base dati PDO.
function checkUsername($username)
function checkPassword($password)
quindi modificare secondo le prprie esigenze. Di default fanno sì che vengano accettati solo valori alfanumerici senza spazi.
===== Utenti su array php =====
La pagina da visualizzare solo se autenticati.
**index.php**
**ca.php**
Login error';
$htmlFormLogin='';
function checkAuth($user, $pass)
{
global $accounts;
if (array_key_exists($user, $accounts) && $accounts[$user]==$pass)
{
return true;
}else{
return false;
}
}
function checkUsername($username)
{
if (ctype_alnum($username)) {
return true;
}else{
return false;
}
}
function checkPassword($password)
{
if (ctype_alnum($password)) {
return true;
}else{
return false;
}
}
// Not edit
session_start();
if (isset($_POST["login_btn"]))
{
if (!checkUsername($_POST["username"]) || !checkPassword($_POST["password"]))
{
echo "Error...
";
die();
}
$username=filter_var($_POST["username"], FILTER_SANITIZE_STRING);
$password=filter_var(md5($_POST["password"]), FILTER_SANITIZE_STRING);
if (checkAuth($username,$password))
{
//login
$_SESSION["username"]=$username;
$_SESSION["password"]=$password;
return;
}else{
//login error
echo $login_error;
die();
}
}else{
if (isset($_SESSION["username"]))
{
if (checkAuth($_SESSION["username"],$_SESSION["password"])) return ;
}
if (!empty($htmlFormLogin))
{
echo $htmlFormLogin;
}else{
echo '
Login
Login
';
}
die();
}
?>
**logout.php**
Logout...';
?>
===== Utenti su database Postgresql =====
La base dati da preparare è simile per struttura alla seguente:
CREATE TABLE public.users (
id integer NOT NULL,
username character varying(20),
password character varying(40),
active character varying(1),
email character varying(25) NOT NULL
);
Login error';
$htmlFormLogin='';
$dsn='pgsql:host=localhost;port=5432;dbname=myaccounts;user=mydbuser;password=secret';
$table='users';
$userField="username";
$passField="password";
$activeField="active";
$sql="select * from $table where $userField = :USER and $passField = :PASS and $activeField = '1' ;";
function checkAuth($user, $pass)
{
global $dsn, $table, $userField, $passField, $activeField, $sql;
$c=0;
try {
$dbh = new PDO($dsn);
$stmt = $dbh->prepare($sql);
$stmt->bindParam(":USER", $user);
$stmt->bindParam(":PASS", $pass);
if (! $stmt->execute() ) echo 'Error in query .
';
while ($row = $stmt->fetch(PDO::FETCH_BOUND)) $c++;
if ($c!=0)
{
return true;
}else{
return false;
}
$dbh = null;
} catch (PDOException $e) {
print "Error : " . $e->getMessage() . "
";
die();
}
}
function checkUsername($username)
{
if (ctype_alnum($username)) {
return true;
}else{
return false;
}
}
function checkPassword($password)
{
if (ctype_alnum($password)) {
return true;
}else{
return false;
}
}
// Not edit
session_start();
if (isset($_POST["login_btn"]))
{
if (!checkUsername($_POST["username"]) || !checkPassword($_POST["password"]))
{
echo "Error...
";
die();
}
$username=filter_var($_POST["username"], FILTER_SANITIZE_STRING);
$password=filter_var(md5($_POST["password"]), FILTER_SANITIZE_STRING);
if (checkAuth($username,$password))
{
//logged in
$_SESSION["username"]=$username;
$_SESSION["password"]=$password;
return;
}else{
//login error
echo $login_error;
die();
}
}else{
if (isset($_SESSION["username"]))
{
if (checkAuth($_SESSION["username"],$_SESSION["password"])) return ;
}
if (!empty($htmlFormLogin))
{
echo $htmlFormLogin;
}else{
echo '
Login
Login
';
}
die();
}
?>