User-Login With One External PHP-Script

wingover · Post by **wingover** » Thu 2. Feb 2006, 21:45

Hi,

I made a php-script for user-login. I was searching for a solution, with only one external script and without editing the phpwcms-code. It´s easy to use and configure.
Maybe it`s helpful for someone...? Maybe not...

Here is an example:
http://spielwiese.wireframe.de

Name: user
Password: user

Put anywhere a link to the script like this:

Code: Select all

[PHP]include("stuff/scripts/user_login.php");[/PHP]

I have tested in 'html-content' and 'wysiwyg-content'.

You can choose if you want the user-data from the phpwcms-database or from an external file. If you use an external file, you can put and name the file anywhere. You only must tell the script the path to your file.
Define the users in the file like this:

Code: Select all

<?php

// real_name|user_name|email|password //

$login_user[1] = "User A|usera|a@b.com|apass";
$login_user[2] = "User B|userb|c@d.com|bpass";

?>

The first 4 items must be like in my example, but you can add more items.

The protected site you link after login, can be a link to an article or a category.
When you not logged in, it`s not possible to see the site be trying something like 'index.php?id=id=16,17,0,0,1,0'. You will always get redirected to the login-site.

You can choose, if the users can login with user-name or e-mail - and password.

You can choose, if a 'new - register' link is shown or not.
But, the new-register-form must be created by yourself. You can make an article or a hidden category and make your form.

You can choose, if a 'forgotten-password' link is shown or not.
So, the user can get his password by e-mail. If the users listed in a file, only the password will be sent to the user. If you get the user-information from the database, a new random-password will be written in the database and sent to the user.
For security it`s not possible to get a password from the database, when the user has admin-rights. (No frontend user should have admin-rights...)

Please always look for the latest version.
I created the script especially for a site and on this site it works perfect.
That means, you have a login site and a protected site. When you logged in, the script will redirect you to the protected site.
Now I will update the script step by step for more global needs...

Last Update: 09.02.2006, 11:15
I changed some variables, because I had some problems on different servers. Now it works on the servers I have tested.

Here is the php-code. Put it in a file...

Code: Select all

<?php

// php script for login and logout
// insert '[PHP]include("stuff/scripts/user_login.php");[/PHP]' anywhere you want the login with your own path
// if the login is ok, the script links to a category or an article if $auto_redirect=1 or $personal_redirect=1
// get the user-information from the phpwcms database or from a file
// if users listed in a file make a file like "user_data.php" or so
// write for every user a new line: '$login_user[1] = "name|login_name|email|password";'
// after this 4 items, you can add your own items
// decide to login with e-mail & password or user-name & password
// show or show not a link to register new users (link to a category or an article where you can make your own register-form)
// show or show not a link to mail password if forgotten
// if databese > the user gets a new random-password, if file > the user gets the current password
// if user-information is from database and user-status is 'admin', no password will be send
// Andi Platen, 04.02.2006, www.wireframe.de|www.gleitschirm-taxi.de|www.mountain-panorama.com

// start config //
$protected_site = "id=7,12,0,0,1,0|downloads"; // protected sites, if more separate with '|'
$login_site = "login"; // path of the login site
$logout_site = "login"; // path of the logout site
$error_site = "login"; // path of the error site
$auto_redirect = 1; // 0 or 1, if 1 the user gets redirected to the protected site after login and to a logout-site after logout
$personal_redirect = 0; // 0 or 1, if 1 after the login the user gets redirected to a site where article_alias=username
$user_login_type = "login"; // login or email, you can decide if login with login-name or email
$login_type = "file"; // database or file
$filePath = "stuff/scripts/user_data.php"; // if $login_type=file, path of file containing the user data

$label_login_button_head = "Login"; // header of login
$label_logout_head = "Logout"; // header of logout

$label_user = "Benutzername"; // label for user-name
$label_pass = "Passwort"; // label for password
$label_login_button = "Login"; // label for login button

$show_new_user = 1; // 1 or 0, if 1 > if a new user can register
$label_new_user = "Neu anmelden"; // label for new-user
$new_user_site = "newuser"; // path to new-user-register-site, can be category or article

$show_send_pass = 1; // 1 or 0, if 1 > if user can get password
$label_send_pass = "Passwort vergessen?"; // label for send-password
$label_send_pass_head = "Passwort anfordern"; // head of send-password
$label_send_pass_user = "Benutzername"; // label for send-password-user
$label_send_pass_email = "E-Mail"; // label for send-password-email
$label_send_pass_button = "Senden"; // label for send-password-button
$send_pass_ok = "Passwort gesendet"; // send-password-ok message
$send_pass_subject = "Benutzerdaten"; // subject of password-send-e-mail

$login_error = "Fehler"; // message if login or send-password-error
$message_style_start = '<span style="color:#FF0000; font-weight:bold;">'; // style for message
$message_style_end = '</span>'; // style for message

$site_prefix = "index.php?"; // name of the index site + '?'
$session_id = "userlogin"; // session-id or session-name
$session_time = 900; // session-time in seconds
// end config //



// some functions //
$protected_site = explode("|", $protected_site);

if($personal_redirect == 1 && $login_type == "database")
{
	$sql = "SELECT usr_login FROM " . $GLOBALS['phpwcms']["db_prepend"] . "_phpwcms_user";
	$result = mysql_query($sql);
	while($user_array = mysql_fetch_array($result))
	{
		$protected_site[] = $user_array['usr_login'];
	}
}
if($personal_redirect == 1 && $login_type == "file")
{
	include($filePath);
	foreach($login_user as $key => $value)
	{
		$login_array = explode("|", $login_user[$key]);
		$protected_site[] = $login_array[1];
	}
}

foreach($protected_site as $a => $b)
{
	foreach($GLOBALS['content']["struct"] as $key => $value)
	{
		if($GLOBALS['content']["struct"][$key]['acat_alias'] == $b)
		{
			$start_id = $GLOBALS['content']["struct"][$key]['acat_id'];
			$protected_id[] = "id=" . $start_id;
			$database_search[] = $start_id;
		}
	}
	foreach($GLOBALS['content']["struct"] as $key => $value)
	{
		if($GLOBALS['content']["struct"][$key]['acat_struct'] == $start_id && !strpos($protected_site[$a], '=') && !strpos($protected_site[$a], ','))
		{
			$protected_site[] = $GLOBALS['content']["struct"][$key]['acat_alias'];
		}
	}
	$x = explode(",", $protected_site[$a]);
	if(count($x) > 1)
	{
		$protected_article_id[] = $x[1];
	}
}
foreach($GLOBALS['content']["struct"] as $key => $value)
{
	if(array_search($GLOBALS['content']["struct"][$key]['acat_alias'], $protected_site))
	{
		$protected_id[] = "id=" . $GLOBALS['content']["struct"][$key]['acat_id'];
		$database_search[] = $GLOBALS['content']["struct"][$key]['acat_id'];
	}
}
if(is_array($protected_site) && is_array($protected_id))
{
	$protected_site = array_merge($protected_site, $protected_id);
}

if($database_search)
{
	foreach($database_search as $key => $value)
	{
		$sql = "SELECT ".
		"article_id, article_cid ".
		"FROM ".
		$GLOBALS['phpwcms']["db_prepend"] . "_phpwcms_article ".
		"WHERE ".
		"(article_cid = '" . $database_search[$key] . "')";

		$result = mysql_query($sql);
		if(mysql_num_rows($result) > 0)
		{
			$id_array = mysql_fetch_array($result);
			$protected_article_id[] = $id_array['article_id'];
		}
	}
}

$myquery = explode("&", $_SERVER['QUERY_STRING']);
$myquery = $myquery[0];
if(!in_array($myquery, $protected_site))
{
	$myquery = explode(",", $myquery);
	$myquery = $myquery[0];
}
$act_site = $myquery;

$act_id = explode("&", $_SERVER['QUERY_STRING']);
$act_id = explode(",", $act_id[0]);
$act_id = $act_id[1];

if($auto_redirect == 0)
{
	$goto_site[1] = $myquery;
	$goto_site[2] = $myquery;
	$goto_site[3] = $myquery;
}
else
{
	$goto_site[1] = $protected_site[0];
	$goto_site[2] = $login_site;
	$goto_site[3] = $logout_site;
}

if(isset($_SESSION[$session_id]) && $personal_redirect == 1)
{
	$goto_site[1] = $_SESSION[$session_id]["login_login"];
	array_unshift($protected_site, $_SESSION[$session_id]["login_login"]);
}
// some functions //


if($GLOBALS['HTTP_POST_VARS']['login'] == $label_login_button)
{
	if($login_type == "database")
	{
		$sql = "SELECT ".
    	"usr_name, usr_login, usr_email, usr_pass ".
  		"FROM ".
   	 	$GLOBALS['phpwcms']["db_prepend"] . "_phpwcms_user ".
  		"WHERE ".
  		"(usr_" . $user_login_type . " = '" . $GLOBALS['HTTP_POST_VARS']['name'] . "') AND ".
    	"(usr_pass = '" . md5($GLOBALS['HTTP_POST_VARS']['pass']) . "')";
		$result = mysql_query ($sql);
		if(mysql_num_rows($result) > 0)
		{
  			$login_array = mysql_fetch_array ($result);
  			session_start();
			$_SESSION[$session_id]["login_name"] = $login_array["usr_name"];
			$_SESSION[$session_id]["login_login"] = $login_array["usr_login"];
			$_SESSION[$session_id]["login_zeit"] = date("U");
			if($personal_redirect == 1)
			{
				header("Location: " . $site_prefix . $login_array[1]);
			}
			else
			{
				header("Location: " . $site_prefix . $goto_site[1]);
			}
  		}
  		else
  		{
  			header("Location: " . $site_prefix . $act_site . "&error=1");
  		}
	}
	else if($login_type == "file")
	{
		// name|login|email|pass //
		switch($user_login_type)
		{
			case "login": $key_num = 1; break;
			case "email": $key_num = 2; break;
		}
		include($filePath);
		foreach($login_user as $key => $value)
		{
			$login_array = explode("|", $login_user[$key]);
			if($login_array[$key_num] == $GLOBALS['HTTP_POST_VARS']['name'] && $login_array[3] == $GLOBALS['HTTP_POST_VARS']['pass'])
			{
				session_start();
				$_SESSION[$session_id]["login_name"] = $login_array[0];
				$_SESSION[$session_id]["login_login"] = $login_array[1];
				$_SESSION[$session_id]["login_zeit"] = date("U");
				if($personal_redirect == 1)
				{
					header("Location: " . $site_prefix . $login_array[1]);
				}
				else
				{
					header("Location: " . $site_prefix . $goto_site[1]);
				}
				break;
			}
			else
  			{
  				header("Location: " . $site_prefix . $act_site . "&error=1");
  			}
		}
	}
}
else if($GLOBALS['HTTP_POST_VARS']['password'] == $label_send_pass_button)
{
	if($login_type == "database")
	{
		$sql = "SELECT ".
    	"usr_name, usr_login, usr_email, usr_pass, usr_admin ".
  		"FROM ".
   	 	$GLOBALS['phpwcms']["db_prepend"] . "_phpwcms_user ".
  		"WHERE ".
  		"(usr_login = '" . $GLOBALS['HTTP_POST_VARS']['name'] . "') AND ".
    	"(usr_email = '" . $GLOBALS['HTTP_POST_VARS']['email'] . "') AND ".
    	"(usr_admin <> '1')";

		$result = mysql_query ($sql);
		if(mysql_num_rows($result) > 0)
		{
  			$login_array = mysql_fetch_array($result);

  			$random_pass = rand(1000000, 9999999);

  			$emailbody = $login_array["usr_name"];
			$emailbody .= "\n" . $login_array["usr_login"];
			$emailbody .= "\n" . $login_array["usr_email"];
			$emailbody .=  "\n" . md5($random_pass);

			$email_to = $login_array["usr_email"];
			$email_betreff = $send_pass_subject;
			$email_from_name = $GLOBALS['phpwcms']['SMTP_FROM_NAME'];
			$email_from_mail = $GLOBALS['phpwcms']['SMTP_FROM_EMAIL'];

			$header = "From:$email_from_name<$email_from_mail>\n";
			$header .= "Reply-To: $email_from_mail\n";
			$header .= "X-Mailer: PHP/" . phpversion(). "\n";
			$header .= "X-Sender-IP: $REMOTE_ADDR\n";
			$header .= "Content-Type: text/plain";

			$sql = "UPDATE " . $GLOBALS['phpwcms']["db_prepend"] . "_phpwcms_user ".
			"SET usr_pass='" . aporeplace(md5($random_pass)) .
			"' WHERE usr_login='" . $GLOBALS['HTTP_POST_VARS']['name'] . "'";

			mysql_query($sql);
			if(mysql_query($sql))
			{
				mail($email_to,$email_betreff,$emailbody,$header);
            	echo $message_style_start . $send_pass_ok . $message_style_end;
			}
  		}
  		else
  		{
  			header("Location: " . $site_prefix . $act_site . "&sendpass=1&error=1");
  		}
	}
	else if($login_type == "file")
	{
		// name|login|email|pass //
		include($filePath);
		foreach($login_user as $key => $value)
		{
			$user_array = explode("|", $login_user[$key]);
			if($user_array[1] == $GLOBALS['HTTP_POST_VARS']['name'] && $user_array[2] == $GLOBALS['HTTP_POST_VARS']['email'])
			{
				$login_array = $user_array;
			}
		}

		if($login_array)
		{
			$emailbody = $login_array[0];
			$emailbody .= "\n" . $login_array[1];
			$emailbody .= "\n" . $login_array[2];
			$emailbody .=  "\n" . $login_array[3];

			$email_to = $login_array[2];
			$email_betreff = $send_pass_subject;
			$email_from_name = $GLOBALS['phpwcms']['SMTP_FROM_NAME'];
			$email_from_mail = $GLOBALS['phpwcms']['SMTP_FROM_EMAIL'];

			$header = "From:$email_from_name<$email_from_mail>\n";
			$header .= "Reply-To: $email_from_mail\n";
			$header .= "X-Mailer: PHP/" . phpversion(). "\n";
			$header .= "X-Sender-IP: $REMOTE_ADDR\n";
			$header .= "Content-Type: text/plain";

			mail($email_to,$email_betreff,$emailbody,$header);
			echo $message_style_start . $send_pass_ok . $message_style_end;
		}
		else
  		{
  			header("Location: " . $site_prefix . $act_site . "&sendpass=1&error=1");
  		}
	}
}
else if(isset($_SESSION[$session_id]))
{
	if($_SESSION[$session_id]["login_zeit"] + $session_time < date("U") || $_REQUEST['logout'] == 1)
	{
		session_start();
		session_unset ();
		session_destroy ();
		if(in_array($goto_site[3], $protected_site))
		{
			$goto_site[3] = $logout_site;
		}
		header("Location: " . $site_prefix . $goto_site[3]);
	}
	else
	{
		echo $_SESSION[$session_id]["login_name"] . '[br]
		<b><a href="' . $site_prefix . $goto_site[2] . '&logout=1">' . $label_logout_head . '</a>[BR]</b>';
		$_SESSION[$session_id]["login_zeit"] = date("U");
		if(!in_array($act_site, $protected_site) && $act_site == $login_site)
		{
			header("Location: " . $site_prefix . $protected_site[0]);
		}
		if((in_array($act_site, $protected_site) || in_array($act_id, $protected_article_id)) && ($_SESSION[$session_id]["login_login"] != $act_site) && ($personal_redirect == 1))
		{
			header("Location: " . $site_prefix . $error_site);
		}
	}
}
else if($_REQUEST['newuser'] == 1 && $show_new_user == 1)
{
	header("Location: " . $site_prefix . $new_user_site);
}
else if($_REQUEST['sendpass'] == 1 && $show_send_pass == 1)
{
	echo '<form name="form" method="post" action="' . $site_prefix . $act_site . '" enctype="multipart/form-data">
		<b>' . $label_send_pass_head . ':</b>[br]
		{SPACER:1x2}[br]';
		if($_REQUEST['error'] == 1)
		{
			echo $message_style_start . $login_error . $message_style_end . '[br]';
			echo '{SPACER:1x2}[br]';
		}
		echo $label_send_pass_user . ':[br]
		<input type="text" name="name" style="width:120px;" />[br]
		' . $label_send_pass_email . ':[br]
		<input type="text" name="email" style="width:120px;" />[br]
		{SPACER:1x5}[br]
		<input type="submit" name="password" value="' . $label_send_pass_button . '" style="width:70px;" />
	</form>';
}
else
{
	echo '<form name="form" method="post" action="' . $site_prefix . $act_site . '" enctype="multipart/form-data">
		<b>' . $label_login_button_head . ':</b>[br]
		{SPACER:1x2}[br]';
		if($_REQUEST['error'] == 1)
		{
			echo $message_style_start . $login_error . $message_style_end . '[br]';
			echo '{SPACER:1x2}[br]';
		}
		echo $label_user . ':[br]
		<input type="text" name="name" style="width:120px;" />[br]
		' . $label_pass . ':[br]
		<input type="password" name="pass" style="width:120px;" />[br]
		{SPACER:1x5}[br]
		<input type="submit" name="login" value="' . $label_login_button . '" style="width:70px;" />[br]';
		if($show_new_user == 1)
		{
			echo '{SPACER:1x10}[br]
			<a href="' . $site_prefix . $act_site . '&newuser=1">' . $label_new_user . '</a>';
		}
		if($show_send_pass == 1)
		{
			echo '{SPACER:1x10}[br]
			<a href="' . $site_prefix . $act_site . '&sendpass=1">' . $label_send_pass . '</a>';
		}
	echo '</form>';
	if(in_array($act_site, $protected_site) || in_array($act_id, $protected_article_id))
	{
		header("Location: " . $site_prefix . $error_site);
	}
}

?>

trip · Post by **trip** » Fri 3. Feb 2006, 06:20

Hi
do you have a working example?

TriP

wingover · Post by **wingover** » Fri 3. Feb 2006, 09:55

Hi!

Here is an example:
http://spielwiese.wireframe.de

Name: user
Password: user

It´s my phpwcms-test-site.
You also can login to the backend and test how the tinyMCE works with phpwcms.

Please don`t erase something or change the user-name and user-password. Thanx.

Grüzli - Andi

trip · Post by **trip** » Fri 3. Feb 2006, 10:05

Thanks

Is it possible to redirect a user to a thank you page after logout?

TriP

Post by **update** » Fri 3. Feb 2006, 10:27

Hi wingover,
is it possible to protect complete structure levels too?
Claus

rushclub · Post by **rushclub** » Fri 3. Feb 2006, 10:35

sorry doubleposting ;(

rushclub · Post by **rushclub** » Fri 3. Feb 2006, 10:35

the part "Neu anmelden" isn´t working at the moment, right

will there be a registration in the future?

rush

rushclub · Post by **rushclub** » Fri 3. Feb 2006, 12:44

claus wrote:Hi wingover,
is it possible to protect complete structure levels too?
Claus

yes

$new_user_side = "index.php?id=16,17,0,0,1,0"; // path to new-user-register-side, can be category or article

Post by **update** » Fri 3. Feb 2006, 13:01

Ah I see...
...and all pages within this protected level and below (levels and pages) are automatically protected too? This sounds too simple to be true

but would be really

Claus

rushclub · Post by **rushclub** » Fri 3. Feb 2006, 13:14

uuups denkfehler, sorry.
uuups understand something wrong.

rush

palhano · Post by **palhano** » Fri 3. Feb 2006, 20:20

Hello, I tested the script and it works good, but what if I need to redirect every single user to its own page???

wingover · Post by **wingover** » Sat 4. Feb 2006, 15:30

Hi, now there are some more options and some changes in the script.

- personal_redirect >>> after login, users are redirected to a personal site. the site must be a categore and the alias the user_name

- you can define: login-site, logout-site and error-site

- you can define more than one protected sites like: "downloads|id=7,12,0,0,1,0"

- the next structure-level is also protected (only the next, i must change this next days, that the complete level is protected)

I have changed some things in the script. The problem was, when a category-alias was protected, it was possible to go to the category with index.php?id=7,12,0,0,1,0 or index.php?7 or index.php?id=7,alkdfaadf

Now everything is protected: article_alias, article_cid, article_id.

Grüzli - Andi

cyrano · Post by **cyrano** » Sat 4. Feb 2006, 16:37

great script you made andi.

i tried it too, and got some small problems/questions about (using dev.1.2.6):
I included in this way using html content-part:
{PHP:scripts/user_login.php}

Login is shown correct.

I'am be able to place this everywhere?
I defined a structure level like "index.php?id=76,0,0,0,1,0" for enter after logged in correct but still got error message displayed.

I used database as login and made a user in backend before.
I guess i still have overseen some small but important thing.

May be some one who is using this well can give me a hint.

Thank you.

EDIT: got it working when using file.

Will try to get it running also with database..

wingover · Post by **wingover** » Sat 4. Feb 2006, 20:15

Hi cyrano,

I also use 1.2.6 and got no problems.

Remember: it`s not a content-part, it`s a php-script.
You should include it this way:

Code: Select all

[PHP]include("scripts/user_login.php");[/PHP]

I included it in a template, a html-content-part and a wysiwyg-content-part and it was working well everywhere - with file and database.

Grüße - Andi

palhano · Post by **palhano** » Mon 6. Feb 2006, 12:54

Again about the personal redirect, two things happened:

1) error message:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in D:\web\localuser\bpk\htdocs\wcms\stuff\scripts\user_login.php on line 130

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in D:\web\localuser\bpk\htdocs\wcms\stuff\scripts\user_login.php on line 130

2) It seems to redirect to the correct pages but never show them,
login and logout works too.