Scripturile PHP apelate prin functia include() le gasiti in articolul despre versiunea 2 a formularului de contact.
Interogarea SQL care creeaza tabelul in care se vor stoca logurile despre autentificarile esuate sau reusite o gasiti in articolul despre prima versiune a formularului de autentificare a utilizatorilor.

loginf.php

<?php
/*
Cum fac un formular de autentificare a utilizatorilor? (versiunea 2)
Autor: Marian Barbu aka AccesInterzis
Website: http://www.accesinterzis.ro
2010 (c) Toate drepturile rezervate
*/

//-----specific EXACT cu ce campuri se va lucra
#1
$required_fields = array('username', 'password', 'login');
$sent_fields = array_keys($_POST);

//-----creez o sesiune pe server pentru a salva in ea, in caz ca autentificarea reuseste, numele utilizatorului si browserul si sistemul de operare folosite de utilizator
#2
session_start();

//-----ma conectez la baza de date
#3
include('includes/connect_to_db.inc.php');

//-----incarc fisierele include
#3.1
include('includes/validators.inc.php');
include('includes/filter_it.inc.php');
include('includes/validate_form.inc.php');
include('includes/filtered_urls_and_cookies.inc.php');

//------scriptul PHP se executa doar daca cererea a fost facuta de pe aceeasi pagina pe care se afla formularul si doar daca toate campurile formularului au fos trimise
#4
if ($referer == 'http://'.$_SERVER['HTTP_HOST'].$php_self && $required_fields == $sent_fields) {
	//-----procesez datele din formular; rezultatul va fi o lista de erori, o lista cu datele nevalide, o lista cu datele valide
	#5
	include('includes/process_form.inc.php');

	//-----infasor datele VALIDE in mysql_real_escape_string() deoarece urmeaza sa interoghez baza de date
	#6
	$processed_form['good_data'] = filter_it($processed_form['good_data'], array('mysql_real_escape_string'));

	//-----BEGIN - DATA HANDLING
	#7
	if (isset($processed_form['good_data']['username']) && isset($processed_form['good_data']['password'])) {
		$q = "SELECT username FROM ai_registrationform WHERE username='".$processed_form['good_data']['username']."' AND password=SHA('".$processed_form['good_data']['password']."')";
		$result = mysql_query($q) or die(mysql_error());
		$row = mysql_fetch_array($result);

		if ($row == false) {
			//-----daca datele de logare sunt valide dar nu se regasesc in baza de date se va inregistra in tabelul de loguri un log despre aceasta autentificare esuata
			$q2 = "INSERT INTO ai_authentication_logs(`username`, `password`, `server_authentication_date`, `client_authentication_date`, `ip`, `browser_os`, `screen_resolution`, `status`)"
				 ."VALUES('".$processed_form['good_data']['username']."', '".$processed_form['good_data']['password']."', NOW(), '".$cookie['client_authentication_date']."', '".$_SERVER['REMOTE_ADDR']."', '".$browser_os."', '".$cookie['screen_resolution']."', 'failed')";

			mysql_query($q2) or die(mysql_error());

			$processed_form['issues']['username'] = 'Your login data are wrong.';
			$processed_form['issues']['password'] = '';
		}
	}
	//-----END - DATA HANDLING

	//-----daca nu exista niciun fel de erori si autentificarea s-a efetuat cu succes
    #8
	if(count($processed_form['issues']) == 0) {
		//-----salvez in tabelul de loguri un log despre autetificare
		#8.1
		$q = "INSERT INTO ai_authentication_logs(`username`, `password`, `server_authentication_date`, `client_authentication_date`, `ip`, `browser_os`, `screen_resolution`, `status`)"
		     ."VALUES('".$processed_form['good_data']['username']."', SHA('".$processed_form['good_data']['password']."'), NOW(), '".$cookie['client_authentication_date']."', '".$_SERVER['REMOTE_ADDR']."', '".$browser_os."', '".$cookie['screen_resolution']."', 'succesful')";

		mysql_query($q) or die(mysql_error());

		//-----salvez in sesiune numele utilizatorului si numele browserului si sistemului de operare pe care le foloseste
		#8.2
		$_SESSION['username'] = $row['username'];
		$_SESSION['browser_os'] = sha1($_SERVER['HTTP_USER_AGENT']);

		//-----redirectez utilizatorul de pe pagina de login pe pagina principala a sectiunii de administrare
		#8.3
		header('Location:http://'.$_SERVER['HTTP_HOST'].dirname($php_self).'/backend.php');
		exit();
	}

	//-----infasor datele in htmlentities() deoarece urmeaza sa le afisez in formular
	#9
	$get_my_fields = filter_it($get_my_fields, array('htmlentities'));
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>How do I make a login form?</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="description" content="How do I make a login form?" />
<meta name="keywords" content="login,form,php,script,mysql,database,user,backend,admin,section,cms" />
<meta name="abstract" content="How do I make a login form?" />
<meta name="author" content="AccesInterzis" />
<meta name="copyright" content="AccesInterzis" />
<meta name="robots" content="index,follow" />
<meta name="revisit-after" content="7 days" />

<style type="text/css">
* {
	margin:0;
	padding:0;
	outline:none;
}

html {
	color:black;
	background-color:white;
	font: normal normal normal 12px  Verdana;
	/*font-style font-variant font-weight font-size font-family*/
}

/*INCEPUT - LINIILE CSS CARE CREEAZA SKINUL FORMULARULUI DE AUTENTIFICARE*/

div#loginf {
	width:285px;
	margin:0px auto;
}

div#loginf h1 {
	color:black;
	font: normal normal normal 24px  Verdana;
	/*font-style font-variant font-weight font-size font-family*/
	padding-bottom:5px;
}

div#loginf div {
	margin:0 0 5px 0;
}

div#loginf label {
	width:80px;
	float:left;
}

div#loginf label span {
	color:#c00;
}

div#loginf input {
	width:200px;
}

div#loginf textarea {
	width:300px;
	height:150px;
}

div#loginf input, div#loginf textarea {
	border:1px #ccc solid;
}

div#loginf input:hover, div#loginf textarea:hover {
	border:1px #666 solid;
}

div#loginf input#login {
	width:auto;
	color:#FFF;
	background-color:#333;
	border:1px #000 solid !important;
	cursor:pointer;
}

div#loginf input#login:hover {
	color:#333;
	background-color:#fff;
	border:1px #333 solid;
}

/*Inceput - stilurile erorilor*/

div#loginf p {
	color:#c00;
	padding:0 0 0 80px;
	font-size:10px;
	text-align:left;
}

div#loginf div#username_field label,
div#loginf div#password_field label {
	color:#c00;
}

div#loginf div#username_field input,
div#loginf div#password_field input {
	border:1px #c00 solid;
	color:#c00;
}

div#loginf div#username_field input:hover,
div#loginf div#password_field input:hover {
	border:1px #c00 solid;
}

/*Sfarsit - stilurile erorilor*/

/*SFARSIT - LINIILE CSS CARE CREEAZA SKINUL FORMULARULUI DE AUTENTIFICARE*/
</style>

<script type="text/javascript">
/*
Creez cookie-urile care vor stoca date despre utilizator.
Aceste cookie-uri se creeaza atunci cand se deschide prima oara pagina de login.
De abia cand se reincarca pagina, adica cand utilizatorul apasa butonul "login", scriptul PHP
se poate folosi de aceste cookie-uri.
*/
document.cookie = 'screen_resolution=' + screen.width + '*' + screen.height + ';';

var current_date = new Date();
var year = current_date.getFullYear();
var month = current_date.getMonth();
var day = current_date.getDate();
var hour = current_date.getHours();
var minutes = current_date.getMinutes();
var seconds = current_date.getSeconds();
var current_date = year + '-' + month + '-' + day + ' ' + hour + ':' + minutes + ':' + seconds;
document.cookie = 'client_authentication_date=' + current_date + ';';
</script>
</head>

<body>
<div id="loginf">
	<h1>
		<label>&nbsp;</label>
		Login
	</h1>

	<form action="<?php echo 'http://'.$_SERVER['HTTP_HOST'].$php_self; ?>" method="post">
		<?php echo (isset($processed_form['issues']['username'])) ? '<p>'.$processed_form['issues']['username'].'</p><div id="username_field">' : '<div>' ; ?>
			<label for="username">Username<span>*</span>:</label>
			<input name="username" type="text" id="username" value="<?php if (isset($get_my_fields['username'])) echo $get_my_fields['username']; ?>" />
		</div>

		<?php echo (isset($processed_form['issues']['password'])) ? '<p>'.$processed_form['issues']['password'].'</p><div id="password_field">' : '<div>' ; ?>
			<label for="password">Password<span>*</span>:</label>
			<input name="password" type="password" id="password" />
		</div>

		<div>
			<label> &nbsp; </label>
			<input name="login" type="submit" id="login" value="login" />
		</div>
	</form>
</div>
</body>
</html>

backend.php

<?php
//-----deschid sesiunea pentru a verifica daca utilizatorul s-a autentificat sau nu
#1
session_start();

//-----incarc include-urile care imi filtreaza URL-urile obtinute dinamic, http_user_agent-ul si cookie-urile
#2
include('includes/filter_it.inc.php');
include('includes/filtered_urls_and_cookies.inc.php');

//-----daca utilizatorul nu s-a autentificat va fi redirectionat catre pagina de login
#3
if (!isset($_SESSION['username']) || !isset($_SESSION['browser_os']) || $_SESSION['browser_os'] != sha1($browser_os)) {
		header('Location:http://'.$_SERVER['HTTP_HOST'].dirname($php_self).'/loginf.php');
		exit();
}

//-----scriptul care asigura functia de logout
#4
if (isset($_GET['action']) && $_GET['action'] == 'logout') {
	//-----distrug toate variabilele sesiunii de pe server reinitializind intregul tablou superglobal $_SESSION
	#4.1
	$_SESSION = array();

	//-----sterg de pe server toate datele sesiunii apeland functia session_destroy() si sterg de pe PC-ul utilizatorului cookie-ul care stocheaza identificatorul de sesiune
	#4.2
	if (session_destroy() && setcookie('PHPSESSID', '', time()-300, '/', '', 0)) {
		header('Location:http://'.$_SERVER['HTTP_HOST'].dirname($php_self).'/loginf.php');
		exit();
	}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Backend</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="description" content="How do I make a backend?" />
<meta name="keywords" content="backend,administration,section,admin,cms,content,managament,system,php,script,mysql,database" />
<meta name="abstract" content="How do I make a backend?" />
<meta name="author" content="AccesInterzis" />
<meta name="copyright" content="AccesInterzis" />
<meta name="robots" content="index,follow" />
<meta name="revisit-after" content="7 days" />

<link href="http://www.accesinterzis.ro/myportofolio/css/reset.css" type="text/css" rel="stylesheet" media="all" />
<style type="text/css">
* {
	margin:0;
	padding:0;
	outline:none;
}

html {
	color:black;
	background-color:white;
	font: normal normal normal 12px  Verdana;
	/*font-style font-variant font-weight font-size font-family*/
}

/*INCEPUT - LINIILE CSS CARE CREEAZA SKINUL SECTIUNII DE ADMINISTRARE*/

div#backend {
	width:1000px;
	margin:10px auto;
	overflow:auto;
	border:1px #ccc solid;
	padding:10px;
}

div#backend a {
	color:#900;
	text-decoration:none;
}

div#backend ul#welcome_message {
	overflow:auto;
	list-style-type:none;
}

div#backend ul#sidebar {
	width:10%;
	float:left;
	list-style-type:none;
	border-right:1px #ccc solid;
}

div#backend div#mainarea {
	width:80%;
	float:right;
}

div#backend div#mainarea p#confirmation_message {
	width:75%;
	margin:250px auto;
}

div#backend div#footer{
	width:100%;
	float:left;
	text-align:center;
}

div.splitter {
	width:100%;
	height:1px;
	clear:both;
	float:left;
	border-top:1px #ccc solid;
	margin: 10px 0 10px 0;
}

/*SFARSIT - LINIILE CSS CARE CREEAZA SKINUL SECTIUNII DE ADMINISTRARE*/
</style>
</head>

<body>

<div id="backend">
	<ul id="welcome_message">
		<li style="float:left;">Welcome <strong><?php echo $_SESSION['username']; ?></strong> to the administration section</li>
		<li style="float:right;"><a href="<?php echo 'http://'.$_SERVER['HTTP_HOST'].$php_self; ?>?action=logout" title="Logout">Logout</a></li>
	</ul>

	<div class="splitter"></div>

	<ul id="sidebar">
		<?php
		for ($i = 0; $i < 40; $i++) {
			echo '<li>sidebar</li>';
		}
		?>
	</ul>

	<div id="mainarea">
		<p id="confirmation_message">
		<strong><?php echo $_SESSION['username']; ?></strong>, esti aici deoarece ai dovedit ca esti un utilizator autorizat al acestei sectiuni de administrare.
		Acum delogheaza-te si incearca sa accesezi din nou <strong><?php echo 'http://'.$_SERVER['HTTP_HOST'].$php_self; ?></strong>.
		Vei vedea ce se intampla cand cineva neautentificat incearca sa intre in sectiunea de administrare.
		</p>
	</div>

	<div class="splitter"></div>

	<div id="footer">
		Designed and developed by <a href="http://www.accesinterzis.ro" title="Programare | Web development | Web design | Securitate IT | SEO" target="_blank">www.accesinterzis.ro</a> &copy; 2010. All rights reserved.
	</div>
</div>
</body>
</html>

Publica acest articol pe Twitter

Articole asemanatoare:

• Cum fac un formular de inregistrare a utilizatorilor? (versiunea 2)
• Cum fac un formular de autentificare a utilizatorilor?
• Cum fac un formular de contact? (versiunea 2)
• Cum fac un formular de comentarii? (versiunea 2)
• Cum fac un formular de inregistrare a utilizatorilor?

2. Birkoff says:

   Aprilie 5, 2010 at 7:14 pm

   validators.inc.php, filter_it.inc.php, validate_form.inc.php, filtered_urls_and_cookies.inc.php, process_form.inc.php le gasiti aici.

   AICI UNDE? ca nu vad link….
3. admin says:

   Aprilie 6, 2010 at 10:04 am

   Am sters acea propozitie fiindca e inutila. Spune acelasi lucru ca si prima propozitie din articol: “Scripturile PHP apelate prin functia include() le gasiti in articolul despre versiunea 2 a formularului de contact.”.