ACCES INTERZIS » web http://www.accesinterzis.ro Just another WordPress weblog Tue, 20 Apr 2010 12:08:34 +0000 http://wordpress.org/?v=2.9.1 en hourly 1 Cum fac un formular de autentificare a utilizatorilor? (versiunea 2) http://www.accesinterzis.ro/index.php/web/cum-fac-un-formular-de-autentificare-a-utilizatorilor-versiunea-2/ http://www.accesinterzis.ro/index.php/web/cum-fac-un-formular-de-autentificare-a-utilizatorilor-versiunea-2/#comments Wed, 17 Mar 2010 13:44:39 +0000 admin http://www.accesinterzis.ro/?p=387 Articole asemanatoare:]]> Scripturile PHP apelate prin functia include() le gasiti in articolul despre versiunea 2 a formularului de contact.
Interogarea SQL care creeaza tabelul in care se vor stoca logurile despre autentificarile esuate sau reusite o gasiti in articolul despre prima versiune a formularului de autentificare a utilizatorilor.

loginf.php

<?php
/*
Cum fac un formular de autentificare a utilizatorilor? (versiunea 2)
Autor: Marian Barbu aka AccesInterzis
Website: http://www.accesinterzis.ro
2010 (c) Toate drepturile rezervate
*/

//-----specific EXACT cu ce campuri se va lucra
#1
$required_fields = array('username', 'password', 'login');
$sent_fields = array_keys($_POST);

//-----creez o sesiune pe server pentru a salva in ea, in caz ca autentificarea reuseste, numele utilizatorului si browserul si sistemul de operare folosite de utilizator
#2
session_start();

//-----ma conectez la baza de date
#3
include('includes/connect_to_db.inc.php');

//-----incarc fisierele include
#3.1
include('includes/validators.inc.php');
include('includes/filter_it.inc.php');
include('includes/validate_form.inc.php');
include('includes/filtered_urls_and_cookies.inc.php');

//------scriptul PHP se executa doar daca cererea a fost facuta de pe aceeasi pagina pe care se afla formularul si doar daca toate campurile formularului au fos trimise
#4
if ($referer == 'http://'.$_SERVER['HTTP_HOST'].$php_self && $required_fields == $sent_fields) {
	//-----procesez datele din formular; rezultatul va fi o lista de erori, o lista cu datele nevalide, o lista cu datele valide
	#5
	include('includes/process_form.inc.php');

	//-----infasor datele VALIDE in mysql_real_escape_string() deoarece urmeaza sa interoghez baza de date
	#6
	$processed_form['good_data'] = filter_it($processed_form['good_data'], array('mysql_real_escape_string'));

	//-----BEGIN - DATA HANDLING
	#7
	if (isset($processed_form['good_data']['username']) && isset($processed_form['good_data']['password'])) {
		$q = "SELECT username FROM ai_registrationform WHERE username='".$processed_form['good_data']['username']."' AND password=SHA('".$processed_form['good_data']['password']."')";
		$result = mysql_query($q) or die(mysql_error());
		$row = mysql_fetch_array($result);

		if ($row == false) {
			//-----daca datele de logare sunt valide dar nu se regasesc in baza de date se va inregistra in tabelul de loguri un log despre aceasta autentificare esuata
			$q2 = "INSERT INTO ai_authentication_logs(`username`, `password`, `server_authentication_date`, `client_authentication_date`, `ip`, `browser_os`, `screen_resolution`, `status`)"
				 ."VALUES('".$processed_form['good_data']['username']."', '".$processed_form['good_data']['password']."', NOW(), '".$cookie['client_authentication_date']."', '".$_SERVER['REMOTE_ADDR']."', '".$browser_os."', '".$cookie['screen_resolution']."', 'failed')";

			mysql_query($q2) or die(mysql_error());

			$processed_form['issues']['username'] = 'Your login data are wrong.';
			$processed_form['issues']['password'] = '';
		}
	}
	//-----END - DATA HANDLING

	//-----daca nu exista niciun fel de erori si autentificarea s-a efetuat cu succes
    #8
	if(count($processed_form['issues']) == 0) {
		//-----salvez in tabelul de loguri un log despre autetificare
		#8.1
		$q = "INSERT INTO ai_authentication_logs(`username`, `password`, `server_authentication_date`, `client_authentication_date`, `ip`, `browser_os`, `screen_resolution`, `status`)"
		     ."VALUES('".$processed_form['good_data']['username']."', SHA('".$processed_form['good_data']['password']."'), NOW(), '".$cookie['client_authentication_date']."', '".$_SERVER['REMOTE_ADDR']."', '".$browser_os."', '".$cookie['screen_resolution']."', 'succesful')";

		mysql_query($q) or die(mysql_error());

		//-----salvez in sesiune numele utilizatorului si numele browserului si sistemului de operare pe care le foloseste
		#8.2
		$_SESSION['username'] = $row['username'];
		$_SESSION['browser_os'] = sha1($_SERVER['HTTP_USER_AGENT']);

		//-----redirectez utilizatorul de pe pagina de login pe pagina principala a sectiunii de administrare
		#8.3
		header('Location:http://'.$_SERVER['HTTP_HOST'].dirname($php_self).'/backend.php');
		exit();
	}

	//-----infasor datele in htmlentities() deoarece urmeaza sa le afisez in formular
	#9
	$get_my_fields = filter_it($get_my_fields, array('htmlentities'));
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>How do I make a login form?</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="description" content="How do I make a login form?" />
<meta name="keywords" content="login,form,php,script,mysql,database,user,backend,admin,section,cms" />
<meta name="abstract" content="How do I make a login form?" />
<meta name="author" content="AccesInterzis" />
<meta name="copyright" content="AccesInterzis" />
<meta name="robots" content="index,follow" />
<meta name="revisit-after" content="7 days" />

<style type="text/css">
* {
	margin:0;
	padding:0;
	outline:none;
}

html {
	color:black;
	background-color:white;
	font: normal normal normal 12px  Verdana;
	/*font-style font-variant font-weight font-size font-family*/
}

/*INCEPUT - LINIILE CSS CARE CREEAZA SKINUL FORMULARULUI DE AUTENTIFICARE*/

div#loginf {
	width:285px;
	margin:0px auto;
}

div#loginf h1 {
	color:black;
	font: normal normal normal 24px  Verdana;
	/*font-style font-variant font-weight font-size font-family*/
	padding-bottom:5px;
}

div#loginf div {
	margin:0 0 5px 0;
}

div#loginf label {
	width:80px;
	float:left;
}

div#loginf label span {
	color:#c00;
}

div#loginf input {
	width:200px;
}

div#loginf textarea {
	width:300px;
	height:150px;
}

div#loginf input, div#loginf textarea {
	border:1px #ccc solid;
}

div#loginf input:hover, div#loginf textarea:hover {
	border:1px #666 solid;
}

div#loginf input#login {
	width:auto;
	color:#FFF;
	background-color:#333;
	border:1px #000 solid !important;
	cursor:pointer;
}

div#loginf input#login:hover {
	color:#333;
	background-color:#fff;
	border:1px #333 solid;
}

/*Inceput - stilurile erorilor*/

div#loginf p {
	color:#c00;
	padding:0 0 0 80px;
	font-size:10px;
	text-align:left;
}

div#loginf div#username_field label,
div#loginf div#password_field label {
	color:#c00;
}

div#loginf div#username_field input,
div#loginf div#password_field input {
	border:1px #c00 solid;
	color:#c00;
}

div#loginf div#username_field input:hover,
div#loginf div#password_field input:hover {
	border:1px #c00 solid;
}

/*Sfarsit - stilurile erorilor*/

/*SFARSIT - LINIILE CSS CARE CREEAZA SKINUL FORMULARULUI DE AUTENTIFICARE*/
</style>

<script type="text/javascript">
/*
Creez cookie-urile care vor stoca date despre utilizator.
Aceste cookie-uri se creeaza atunci cand se deschide prima oara pagina de login.
De abia cand se reincarca pagina, adica cand utilizatorul apasa butonul "login", scriptul PHP
se poate folosi de aceste cookie-uri.
*/
document.cookie = 'screen_resolution=' + screen.width + '*' + screen.height + ';';

var current_date = new Date();
var year = current_date.getFullYear();
var month = current_date.getMonth();
var day = current_date.getDate();
var hour = current_date.getHours();
var minutes = current_date.getMinutes();
var seconds = current_date.getSeconds();
var current_date = year + '-' + month + '-' + day + ' ' + hour + ':' + minutes + ':' + seconds;
document.cookie = 'client_authentication_date=' + current_date + ';';
</script>
</head>

<body>
<div id="loginf">
	<h1>
		<label>&nbsp;</label>
		Login
	</h1>

	<form action="<?php echo 'http://'.$_SERVER['HTTP_HOST'].$php_self; ?>" method="post">
		<?php echo (isset($processed_form['issues']['username'])) ? '<p>'.$processed_form['issues']['username'].'</p><div id="username_field">' : '<div>' ; ?>
			<label for="username">Username<span>*</span>:</label>
			<input name="username" type="text" id="username" value="<?php if (isset($get_my_fields['username'])) echo $get_my_fields['username']; ?>" />
		</div>

		<?php echo (isset($processed_form['issues']['password'])) ? '<p>'.$processed_form['issues']['password'].'</p><div id="password_field">' : '<div>' ; ?>
			<label for="password">Password<span>*</span>:</label>
			<input name="password" type="password" id="password" />
		</div>

		<div>
			<label> &nbsp; </label>
			<input name="login" type="submit" id="login" value="login" />
		</div>
	</form>
</div>
</body>
</html>

backend.php

<?php
//-----deschid sesiunea pentru a verifica daca utilizatorul s-a autentificat sau nu
#1
session_start();

//-----incarc include-urile care imi filtreaza URL-urile obtinute dinamic, http_user_agent-ul si cookie-urile
#2
include('includes/filter_it.inc.php');
include('includes/filtered_urls_and_cookies.inc.php');

//-----daca utilizatorul nu s-a autentificat va fi redirectionat catre pagina de login
#3
if (!isset($_SESSION['username']) || !isset($_SESSION['browser_os']) || $_SESSION['browser_os'] != sha1($browser_os)) {
		header('Location:http://'.$_SERVER['HTTP_HOST'].dirname($php_self).'/loginf.php');
		exit();
}

//-----scriptul care asigura functia de logout
#4
if (isset($_GET['action']) && $_GET['action'] == 'logout') {
	//-----distrug toate variabilele sesiunii de pe server reinitializind intregul tablou superglobal $_SESSION
	#4.1
	$_SESSION = array();

	//-----sterg de pe server toate datele sesiunii apeland functia session_destroy() si sterg de pe PC-ul utilizatorului cookie-ul care stocheaza identificatorul de sesiune
	#4.2
	if (session_destroy() && setcookie('PHPSESSID', '', time()-300, '/', '', 0)) {
		header('Location:http://'.$_SERVER['HTTP_HOST'].dirname($php_self).'/loginf.php');
		exit();
	}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Backend</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="description" content="How do I make a backend?" />
<meta name="keywords" content="backend,administration,section,admin,cms,content,managament,system,php,script,mysql,database" />
<meta name="abstract" content="How do I make a backend?" />
<meta name="author" content="AccesInterzis" />
<meta name="copyright" content="AccesInterzis" />
<meta name="robots" content="index,follow" />
<meta name="revisit-after" content="7 days" />

<link href="http://www.accesinterzis.ro/myportofolio/css/reset.css" type="text/css" rel="stylesheet" media="all" />
<style type="text/css">
* {
	margin:0;
	padding:0;
	outline:none;
}

html {
	color:black;
	background-color:white;
	font: normal normal normal 12px  Verdana;
	/*font-style font-variant font-weight font-size font-family*/
}

/*INCEPUT - LINIILE CSS CARE CREEAZA SKINUL SECTIUNII DE ADMINISTRARE*/

div#backend {
	width:1000px;
	margin:10px auto;
	overflow:auto;
	border:1px #ccc solid;
	padding:10px;
}

div#backend a {
	color:#900;
	text-decoration:none;
}

div#backend ul#welcome_message {
	overflow:auto;
	list-style-type:none;
}

div#backend ul#sidebar {
	width:10%;
	float:left;
	list-style-type:none;
	border-right:1px #ccc solid;
}

div#backend div#mainarea {
	width:80%;
	float:right;
}

div#backend div#mainarea p#confirmation_message {
	width:75%;
	margin:250px auto;
}

div#backend div#footer{
	width:100%;
	float:left;
	text-align:center;
}

div.splitter {
	width:100%;
	height:1px;
	clear:both;
	float:left;
	border-top:1px #ccc solid;
	margin: 10px 0 10px 0;
}

/*SFARSIT - LINIILE CSS CARE CREEAZA SKINUL SECTIUNII DE ADMINISTRARE*/
</style>
</head>

<body>

<div id="backend">
	<ul id="welcome_message">
		<li style="float:left;">Welcome <strong><?php echo $_SESSION['username']; ?></strong> to the administration section</li>
		<li style="float:right;"><a href="<?php echo 'http://'.$_SERVER['HTTP_HOST'].$php_self; ?>?action=logout" title="Logout">Logout</a></li>
	</ul>

	<div class="splitter"></div>

	<ul id="sidebar">
		<?php
		for ($i = 0; $i < 40; $i++) {
			echo '<li>sidebar</li>';
		}
		?>
	</ul>

	<div id="mainarea">
		<p id="confirmation_message">
		<strong><?php echo $_SESSION['username']; ?></strong>, esti aici deoarece ai dovedit ca esti un utilizator autorizat al acestei sectiuni de administrare.
		Acum delogheaza-te si incearca sa accesezi din nou <strong><?php echo 'http://'.$_SERVER['HTTP_HOST'].$php_self; ?></strong>.
		Vei vedea ce se intampla cand cineva neautentificat incearca sa intre in sectiunea de administrare.
		</p>
	</div>

	<div class="splitter"></div>

	<div id="footer">
		Designed and developed by <a href="http://www.accesinterzis.ro" title="Programare | Web development | Web design | Securitate IT | SEO" target="_blank">www.accesinterzis.ro</a> &copy; 2010. All rights reserved.
	</div>
</div>
</body>
</html>

Post to Twitter Publica acest articol pe Twitter

Articole asemanatoare:

]]> http://www.accesinterzis.ro/index.php/web/cum-fac-un-formular-de-autentificare-a-utilizatorilor-versiunea-2/feed/ 2 Cum fac un formular de inregistrare a utilizatorilor? (versiunea 2) http://www.accesinterzis.ro/index.php/web/cum-fac-un-formular-de-inregistrare-a-utilizatorilor-versiunea-2/ http://www.accesinterzis.ro/index.php/web/cum-fac-un-formular-de-inregistrare-a-utilizatorilor-versiunea-2/#comments Wed, 17 Mar 2010 13:41:46 +0000 admin http://www.accesinterzis.ro/?p=386 Articole asemanatoare:]]> Scripturile PHP apelate prin functia include() le gasiti in articolul despre versiunea 2 a formularului de contact.
Interogarea SQL care creeaza tabelul in care se vor stoca utilizatorii o gasiti in articolul despre prima versiune a formularului de inregistrare a utilizatorilor.

registrationf.php

<?php
/*
Cum fac un formular de inregistrare a utilizatorilor? (versiunea 2)
Autor: Marian Barbu aka AccesInterzis
Website: http://www.accesinterzis.ro
2010 (c) Toate drepturile rezervate
*/

//-----specific EXACT cu ce campuri se va lucra
#1
$required_fields = array('username', 'email', 'password', 'retype_password', 'register');
$sent_fields = array_keys($_POST);

//-----ma conectez la baza de date
#2
include('includes/connect_to_db.inc.php');

//-----incarc fisierele include
#2.1
include('includes/validators.inc.php');
include('includes/filter_it.inc.php');
include('includes/validate_form.inc.php');
include('includes/filtered_urls_and_cookies.inc.php');

//------scriptul PHP se executa doar daca cererea a fost facuta de pe aceeasi pagina pe care se afla formularul si doar daca toate campurile formularului au fos trimise
#3
if ($referer == 'http://'.$_SERVER['HTTP_HOST'].$php_self && $required_fields == $sent_fields) {
	//-----procesez datele din formular; rezultatul va fi o lista de erori, o lista cu datele nevalide, o lista cu datele valide
	#5
	include('includes/process_form.inc.php');

	//-----infasor datele VALIDE in mysql_real_escape_string() deoarece urmeaza sa interoghez baza de date
	#6
	$processed_form['good_data'] = filter_it($processed_form['good_data'], array('mysql_real_escape_string'));

	//-----BEGIN - DATA HANDLING
	#7
	if (isset($processed_form['good_data']['username'])) {
		$q = "SELECT user_id FROM ai_registrationform WHERE LOWER(username)='".strtolower($processed_form['good_data']['username'])."'";
        $result = mysql_query($q) or die(mysql_error());

		if (mysql_num_rows($result) != 0) {
			$processed_form['issues']['username'] = 'The username <strong>'.$processed_form['good_data']['username'].'</strong> already exists in our database.';
		}
	}

	if (isset($processed_form['good_data']['email'])) {
		$q = "SELECT user_id FROM ai_registrationform WHERE LOWER(email)='".strtolower($processed_form['good_data']['email'])."'";
        $result = mysql_query($q) or die(mysql_error());

        if (mysql_num_rows($result) != 0) {
			$processed_form['issues']['email'] = 'The email address <strong>'.$processed_form['good_data']['email'].'</strong> already exists in our database.';
		}
	}

	if (isset($processed_form['good_data']['password'])) {
		if ($processed_form['good_data']['password'] != $_POST['retype_password']) {
			$processed_form['issues']['password'] = 'The two passwords don\'t match.';
		}
	}
	//-----END - DATA HANDLING

	//------daca nu exista niciun fel de erori bag datele in baza de date
    #8
	if(count($processed_form['issues']) == 0) {
		$q = "INSERT INTO ai_registrationform(`username`, `email`, `password`, `registration_date`, `ip`)"
			."VALUES('".$processed_form['good_data']['username']."', '".$processed_form['good_data']['email']."', SHA('".$processed_form['good_data']['password']."'), NOW(), '".$_SERVER['REMOTE_ADDR']."')";

		//-----daca intr-adevar datele au fost bagate in baza de date se va afisa pe monitor un mesaj de confirmare
		#8.1
		if (mysql_query($q)) {
			$confirmation = 'The user <strong>'.$processed_form['good_data']['username'].'</strong> was succesfully registered in our databse.';
		} else {
			$confirmation = 'Something is wrong with the server. The user <strong>'.$processed_form['good_data']['username'].'</strong> wasn\'t registered.';
		}

		$confirmation .= ' <a href="http://'.$_SERVER['HTTP_HOST'].$php_self.'" title="Back" id="back">Back to registration form</a>';

		#8.2
		$display = 'style="display:none;"';
	}

	//-----infasor datele in htmlentities() deoarece urmeaza sa le afisez in formular
	#9
	$get_my_fields = filter_it($get_my_fields, array('htmlentities'));
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>How do I make a registration form?</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="description" content="How do I make a registration form?" />
<meta name="keywords" content="registration,form,php,script,mysql,database,user,backend,admin,section,cms" />
<meta name="abstract" content="How do I make a registration form?" />
<meta name="author" content="AccesInterzis" />
<meta name="copyright" content="AccesInterzis" />
<meta name="robots" content="index,follow" />
<meta name="revisit-after" content="7 days" />

<style type="text/css">
* {
	margin:0;
	padding:0;
	outline:none;
}

html {
	color:black;
	background-color:white;
	font: normal normal normal 12px  Verdana;
	/*font-style font-variant font-weight font-size font-family*/
}

/*INCEPUT - LINIILE CSS CARE CREEAZA SKINUL FORMULARULUI DE INREGISTRARE*/

div#registrationf {
	width:335px;
	margin:0px auto;
}

div#registrationf h1 {
	color:black;
	font: normal normal normal 24px  Verdana;
	/*font-style font-variant font-weight font-size font-family*/
	padding-bottom:5px;
}

div#registrationf div {
	margin:0 0 5px 0;
}

div#registrationf label {
	width:130px;
	float:left;
}

div#registrationf label span {
	color:#c00;
}

div#registrationf input {
	width:200px;
}

div#registrationf textarea {
	width:300px;
	height:150px;
}

div#registrationf input, div#registrationf textarea {
	border:1px #ccc solid;
}

div#registrationf input:hover, div#registrationf textarea:hover {
	border:1px #666 solid;
}

div#registrationf input#register {
	width:auto;
	color:#FFF;
	background-color:#333;
	border:1px #000 solid !important;
	cursor:pointer;
}

div#registrationf input#register:hover {
	color:#333;
	background-color:#fff;
	border:1px #333 solid;
}

/*Inceput - stilurile erorilor*/
div#registrationf p {
	color:#c00;
	padding:0 0 0 130px;
	font-size:10px;
	text-align:left;
}

div#registrationf div#username_field label,
div#registrationf div#email_field label,
div#registrationf div#password_field label,
div#registrationf div#retype_password_field label {
	color:#c00;
}

div#registrationf div#username_field input,
div#registrationf div#email_field input,
div#registrationf div#password_field input,
div#registrationf div#retype_password_field input {
	border:1px #c00 solid;
	color:#c00;
}

div#registrationf div#username_field input:hover,
div#registrationf div#email_field input:hover,
div#registrationf div#password_field input:hover,
div#registrationf div#retype_password_field input:hover {
	border:1px #c00 solid;
}
/*Sfarsit - stilurile erorilor*/

div#registrationf a#back {
	color:#900;
	font-weight:bold;
	text-decoration:underline;
}

/*SFARSIT - LINIILE CSS CARE CREEAZA SKINUL FORMULARULUI DE INREGISTRARE*/
</style>
</head>

<body>
<div id="registrationf">
	<h1>
		<label>&nbsp;</label>
		Register an user
	</h1>

	<?php if (isset($confirmation)) echo '<p>'.$confirmation.'</p>'; ?>

	<form action="<?php echo 'http://'.$_SERVER['HTTP_HOST'].$php_self; ?>" method="post" <?php if (isset($display)) echo $display; ?>>
		<?php echo (isset($processed_form['issues']['username'])) ? '<p>'.$processed_form['issues']['username'].'</p><div id="username_field">' : '<div>' ; ?>
			<label for="username">Username<span>*</span>:</label>
			<input name="username" type="text" id="username" value="<?php if (isset($get_my_fields['username'])) echo $get_my_fields['username']; ?>" />
		</div>

		<?php echo (isset($processed_form['issues']['email'])) ? '<p>'.$processed_form['issues']['email'].'</p><div id="email_field">' : '<div>' ; ?>
			<label for="email">Email<span>*</span>:</label>
			<input name="email" type="text" id="email" value="<?php if (isset($get_my_fields['email'])) echo $get_my_fields['email']; ?>" />
		</div>

		<?php echo (isset($processed_form['issues']['password'])) ? '<p>'.$processed_form['issues']['password'].'</p><div id="password_field">' : '<div>' ; ?>
			<label for="password">Password<span>*</span>:</label>
			<input name="password" type="password" id="password" />
		</div>

		<div>
			<label for="retype_password">Retype password<span>*</span>:</label>
			<input name="retype_password" type="password" id="retype_password" />
		</div>

		<div>
			<label> &nbsp; </label>
			<input name="register" type="submit" id="register" value="register" />
		</div>
	</form>
</div>
</body>
</html>

Post to Twitter Publica acest articol pe Twitter

Articole asemanatoare:

]]> http://www.accesinterzis.ro/index.php/web/cum-fac-un-formular-de-inregistrare-a-utilizatorilor-versiunea-2/feed/ 0