PHP Login Form
To create the login form itself was simple html. I decided to use POST rather then GET. The code is displayed below creates an html table with 3 columns and collects the user name and password from the user and places them in form variables. The form is then parse by checklogin.php which is shown further below.
The next image shows the output from the html code above :
In the script above the cookie time is purposely set at only 30 seconds. During debugging, this avoided me having to manually clear cookies through the browser option when something went wrong.
The screen shot below shows the modified form.
The scripts where tested as follows :
The results showed that the scripts are working well under all the above conditions.
Changing to using Sessions
First of all I did some research about sessions. Once I figured out how they worked and I can now appreciate the major difference between them in that Cookies are client side while Sessions are server side. The question whether I should use Sessions or Cookies quickly came to mind. The major disadvantage of sessions is that they disappear when a user closes his browser window which means that anything stored in the session will be lost. Cookies are better in this respect as they persist regardless of what the user does with the browser unless he purposely deletes the cookie himself. Inherently cookies suffer from a related issue. If the user disables cookies in his browser then they obviously cannot be used. It seems that the best way would be to use a combination of both cookies and sessions on a practical project.
Sessions also have issues with clustered web servers when multiple web servers handle client requests for the same site. In the session is opened on another server the current one may not be aware of it.On the other hand, sessions offer more security as they are stored on the server and the users will not have access to them as they do for cookies. A user can easily modify the contents of a cookie as it is on his machine and being a simple text file he can easily edit the contents.
Research shows that it would be best to store sensitive data in a database and use sessions and cookies for less critical tasks.
The code below shows the new index5.php now using sessions. I have also added a new form so that the user is allowed to logout and clear the session.
The next code if for the checkloginsessions.php which now sets a session if the user checked the "remember me" checkbox in the index5.php form above.
Finally the code below is the new logout page that clears the session followed by the badloginsessions.php script.
To create the login form itself was simple html. I decided to use POST rather then GET. The code is displayed below creates an html table with 3 columns and collects the user name and password from the user and places them in form variables. The form is then parse by checklogin.php which is shown further below.
The next image shows the output from the html code above :
The code below shows the checklogin.php script. Lines 2 and 3 get the variables from the form using the $_POST. The next few lines create an associative array with sample logins and passwords.
The script then validates the credentials supplied by using array_search php function. If the credentials are correct the script will echo "Good login and pass" to the screen. If the credentials do not validate the user is taken back to index4.php which is the name of the main page which contains the form.
Adding the cookie proved to be very interesting. I spent several hours experimenting with setting, retreiving and deleting cookies as well as setting cookies with varying lifespans just to see how they work.
I modified index4.php to check if a cookie has already been set for this user. If it has then the form requesting the login and password is not shown. If a cookie was not previously set then the script will output the html to display the form.
index4.php
<html>
<head>
<title>Php Form</title>
</head>
<body>
<?php if (isset($_COOKIE["user"])) {echo "Welcome " . $_COOKIE["user"] . "!<br />";}
else {
echo "
<form name='login_form' method='post' action='checklogin.php'>
<table border='1' width='30%'><tr><td>
<table width='100%' cellpadding='10' cellspacing='1'>
<tr><td colspan='2'><center>Login Form</center></td></tr>
<tr><td>Login Name</td><td><input name='user' type='text' id='user'></td></tr>
<tr><td>Password</td><td><input name='pass' type='password' id='pass'></td></tr>
<tr><td>Remember me</td><td>
<input type='checkbox' name='rememberme' id='rememberme' value='yes'></td></tr>
<tr><td colspan='2'><input type='submit' name='Submit' value='Login'></td></tr>
</table>
</td></tr></table>
";
}
?>
</body>
</html>
The code below shows the modified checklogin.php script which now sets a cookie for this user if the login and password are validated. If the credentials supplied are incorrect, then the script redirects to a new page called badlogin.html which is also shown below.
Checklogin.php
<?php
$user=$_POST['user'];
$pass=$_POST['pass'];
//create associative array for names and password
$username['marcel'] = "abc123";
$username['peter'] = "abc124";
$username['sergio'] = "123abc";
$username['marco'] = "111wwe";
$username['andrew'] = "asd223";
//Validate login and password
//Check if password exists
if (array_search($pass,$username)) {
//check if corresponding login is correct
if (array_search($pass,$username)==$user) {
echo "Welcome, you are now logged in";
//Remember me was checked so we set the cookie
if(isset($_POST['rememberme'])) {$rememberme=$_POST['rememberme'];
echo " and we will remember you too !";
setcookie("user", $user, time()+30);
setcookie("pss", array_search($pass,$username), time()+30);
}
}
}
else {header("Location: badlogin.html"); exit;}
?>
In the script above the cookie time is purposely set at only 30 seconds. During debugging, this avoided me having to manually clear cookies through the browser option when something went wrong.
badlogin.html
<html>
<head>
<title>Bad Login</title>
</head>
<body>
The credentials you supplied are incorrect
<a href='index4.php'>Click to try again</a>
</body>
</html>
The screen shot below shows the modified form.
The scripts where tested as follows :
- Bad Login and password
- Good Login and password
- Good login, bad password
- Bad login, good password
- 'Remember me' checked
- 'Remember me' not checked
The results showed that the scripts are working well under all the above conditions.
Changing to using Sessions
First of all I did some research about sessions. Once I figured out how they worked and I can now appreciate the major difference between them in that Cookies are client side while Sessions are server side. The question whether I should use Sessions or Cookies quickly came to mind. The major disadvantage of sessions is that they disappear when a user closes his browser window which means that anything stored in the session will be lost. Cookies are better in this respect as they persist regardless of what the user does with the browser unless he purposely deletes the cookie himself. Inherently cookies suffer from a related issue. If the user disables cookies in his browser then they obviously cannot be used. It seems that the best way would be to use a combination of both cookies and sessions on a practical project.
Sessions also have issues with clustered web servers when multiple web servers handle client requests for the same site. In the session is opened on another server the current one may not be aware of it.On the other hand, sessions offer more security as they are stored on the server and the users will not have access to them as they do for cookies. A user can easily modify the contents of a cookie as it is on his machine and being a simple text file he can easily edit the contents.
Research shows that it would be best to store sensitive data in a database and use sessions and cookies for less critical tasks.
The code below shows the new index5.php now using sessions. I have also added a new form so that the user is allowed to logout and clear the session.
index5.php
<html>
<head>
<title>Php Form</title>
</head>
<body>
<?php
session_start();
if(isset($_SESSION['user'])) {echo "Welcome " . $_SESSION['user'] . "!<br />";
echo "<form name='login_form' method='post' action='logout.php'>
<input type='submit' name='Logout' value='logout'>";
}
else {
echo "
<form name='login_form' method='post' action='checkloginsessions.php'>
<table border='1' width='30%'><tr><td>
<table width='100%' cellpadding='10' cellspacing='1'>
<tr><td colspan='2'><center>Login Form</center></td></tr>
<tr><td>Login Name</td><td><input name='user' type='text' id='user'></td></tr>
<tr><td>Password</td><td><input name='pass' type='password' id='pass'></td></tr>
<tr><td>Remember me</td><td>
<input type='checkbox' name='rememberme' id='rememberme' value='yes'></td></tr>
<tr><td colspan='2'><input type='submit' name='Submit' value='Login'></td></tr>
</table>
</td></tr></table>
";
}
?>
</body>
</html>
The next code if for the checkloginsessions.php which now sets a session if the user checked the "remember me" checkbox in the index5.php form above.
checkloginsessions.php
<?php
$user=$_POST['user'];
$pass=$_POST['pass'];
//create associative array for names and password
$username['marcel'] = "abc123";
$username['peter'] = "abc124";
$username['sergio'] = "123abc";
$username['marco'] = "111wwe";
$username['andrew'] = "asd223";
//Validate login and password
//Check if password exists
if (array_search($pass,$username)) {
//check if corresponding login is correct
if (array_search($pass,$username)==$user) {
echo "Welcome, you are now logged in";
//Remember me was checked so we set the cookie
if(isset($_POST['rememberme'])) {$rememberme=$_POST['rememberme'];
session_start();
echo " and we will remember you too !";
echo "<a href='index5.php'><br />Click to try again</a>";
$_SESSION['user'] = $user; // store session data
}
}}
else {header("Location: badloginsessions.html"); exit;}
?>
Finally the code below is the new logout page that clears the session followed by the badloginsessions.php script.
logout.php
<?php
session_start();
unset($_SESSION['user']);
echo "You are now logged out <br />";
echo "<a href='index5.php'>Click to login again</a>";
?>
badloginsessions.php<html>
<head>
<title>Bad Login</title>
</head>
<body>
The credentials you supplied are incorrect
<a href='index5.php'>Click to try again</a>
</body>
</html>
0 comments:
Post a Comment