<?
//scripted by Justin Adie, 4-4-2005
//this can be used by including the file in each of the pages you want to restrict to logged on users
session_start();
$file= "users.php"; //this is the variable for the user filename. use a php extension so that it gets parsed by the engine if accessed by a browser.
if ($_SESSION['loggedon'] != "true" || $_REQUEST['actiontype']="logout")
{
if (!isset($_REQUEST['actiontype']))
{
displayloginform();
exit;
}
else
{
switch ($_REQUEST['actiontype'])
{
case "logout":
logout();
exit;
break;
case "logon":
$g = logonuser($_POST['username'], $_POST['password']);
if ($g===false)
{
displayloginform("Username or password error");
exit;
}
//otherwise do nothing because login was successful!
break;
case "registerme":
displayregistrationform();
exit;
break;
case "processregistration":
if (!isset ($_POST['username']) || !isset($_POST['password'])) // test for illicit arrivals
{ die ("Invalid input"); }
else
{
$g = processregistration($_POST['username'], $_POST['password']);
if ($g === false)
{
die("There has been an error with your registration");
}
else
{
displayloginform();
exit;
}
}
}
}
}
//everything is either "die()"'d or exited above
//do other things here or leave blank and use this from calling page
die("You are logged in. Click <a href=$_SERVER[PHP_SELF]?actiontype=logout>here</a> to log out.");
function displayloginform($msg="")
{
if ($msg==="") {$disp="display:none";}else{$disp="";}
echo "
<html>
<head>
<style type='text/css'>
body {text-align:center;}
fieldset {border-style:groove; border-width:medium;}
.form {width:300px; margin: 0px auto; }
.row {clear:both;}
.label {width:80px; text-align:right; float:left;}
.field {width:100px; text_align:left; float:right;}
.msg {color:red; $disp}
</style>
</head>
<body>
<div class='form'>
<form name='logon' method='post' action=$_SERVER[PHP_SELF]>
<fieldset>
<legend>Login</legend>
<input type='hidden' name='actiontype' value='logon' /> \r\n
<div class='msg'>$msg</div>
<div class='row'><span class='label'><label for='username'>User Name</label></span><span class='field'><input type='text' name='username' /></span>\r\n</div>
<div class='row'><span class='label'><label for='password'>Password</label></span><span class='field'><input type='text' name='password' /></span> \r\n</div>
<div class='row'><span class='field'><input type='submit' value='Logon' name='submit' /></span>\r\n</div>
<div class='row'>Click <a href=$_SERVER[PHP_SELF]?actiontype=registerme>here</a> to register</div>
</fieldset>
</form>
</div>
</body>
</html>
";
}
function getuserdata()
{
//this function opens the password file and reads all data into
//an array which it hands back to the calling function
global $file; //make sure that this is in a protected directory
$fh = fopen($file,"a+"); //this sets the file handler.
$i=0;
while (($data[$i] = fgetcsv($fh)) !== FALSE) {
$i++;
}
fclose($fh);
// there will now be an array of arrays
foreach ($data as $key=>$val)
{
$users[$val[0]]=$val[1];
}
return $users;
}
function displayregistrationform()
{
//this function just displays a basic registration form
echo
"
<html>
<head>
<style type='text/css'>
body {text-align:center;}
fieldset {border-style:groove; border-width:medium;}
.form {width:300px; margin: 0px auto; }
.row {clear:both;}
.label {width:80px; text-align:right; float:left;}
.field {width:100px; text_align:left; float:right;}
</style>
</head>
<body>
<div class='form'>
<form name='register' method='post' action=$_SERVER[PHP_SELF]>
<fieldset>
<legend>Register User</legend>
<input type='hidden' name='actiontype' value='processregistration' /> \r\n
<div class='row'><span class='label'><label for='username'>User Name</label></span><span class='field'><input type='text' name='username' /></span>\r\n</div>
<div class='row'><span class='label'><label for='password'>Password</label></span><span class='field'><input type='text' name='password' /></span> \r\n</div>
<div class='row'><span class='field'><input type='submit' value='Register User' name='submit' /></span>\r\n</div>
</fieldset>
</form>
</div>
</body>
</html>
";
}
function processregistration($user, $pwd)
{
// this function takes the inputs and tests whether a user already exists with that name.
// if does not exist then write to file
global $file;
$users = getuserdata(); //reads the user data into the variable
$md5_user = md5($user); //store user names and password as md5 for security
$md5_pwd = md5($pwd);
if (array_key_exists($md5_user,$users) === true) //tests for existing user
{
return false;
}
else
{
$fh = fopen($file, "a+");
fwrite($fh,$md5_user.",".$md5_pwd); //write the new user into the file
fclose($fh);
return true;
}
}
function logonuser($user, $pwd)
{
$users = getuserdata(); //reads the user data into the variable
$md5_user = md5($user); //store user names and password as md5 for security
$md5_pwd = md5($pwd);
if (array_key_exists($md5_user,$users) === true)
{
if ($users[$md5_user] === $md5_pwd)
{
$_SESSION['loggedon'] = "true";
return true;
}
else
{
if (isset($_SESSION['loggedon']))
{
unset ($_SESSION['loggedon']);
}
return false;
}
}
else
{
if (isset($_SESSION['loggedon']))
{
unset ($_SESSION['loggedon']);
}
return false;
}
}
function logout()
{
if (isset($_SESSION['loggedon']))
{
unset ($_SESSION['loggedon']);
}
echo "You have been logged out. Click <a href=$_SERVER[PHP_SELF]>here</a> to log in.";
}
?>