This is very simple Login and Logout Script. It is a simple script so that you can understand the logic and modify the script easily. No script can fulfill all your requirements in working condition so it is a small and simple script for you to modify.
It has referrer functionality send users to landing page after login. A special target functionality also works when suppose in case user is admin.
<?php
session_start();
$defaultPage = 'index.php';
function aunthicate () {
// You will check username + password from database or others
if ('every thing is fine - test username and password etc then...') {
$_SESSION['loggedIn'] = 'youAreLogged';
$_SESSION['userName'] = $userName;
return true;
}
else {
echo 'Your Error Msg';
return false;
}
}
if(isset($_POST['submit1']))
{
if (!get_magic_quotes_gpc()) {
$s_loginid = addslashes($_POST['loginid']);$s_pwd = addslashes($_POST['pwd']);
} else {
$s_loginid = $_POST['loginid']; $s_pwd = $_POST['pwd'];
}
//$s_loginid = $_POST['loginid']; $s_pwd = $_POST['pwd'];
if(aunthicate($s_loginid, $s_pwd) == true)
{
session_regenerate_id();
if( isset($_SESSION['SpecialTarget']) )
{
$Target = $_SESSION['SpecialTarget'];
header("Location:$Targetrn") ;
}
else
{
header ("Location:$defaultPage");
}
}
else
{
echo '<html> <head> <link rel="stylesheet" type="text/css" href="style-sheet.css"/> </head> ';
echo "n<body>n<br/><br/><br/>";
echo '<P style="font-size:16px;font-weight:bold;text-align:center;color:maroon;">Either username or password is Incorrect.<br/>';
echo "n<br/><a href='javascript:window.location="login.php"' id="try" name="try">Try Again!</a><br/>";
echo '<br/></P>';
echo "n</html>";
exit;
}
mysql_close($conn->DBlink);
}
?>
<form name="form1" action="" method="post" >
<FIELDSET style="border-style:solid;border-width:3px;border-color:brown;noshade:noshade;" >
<LEGEND align="center" style="color:brown;padding-left:1px;padding-right:1px;font-size:14px;font-weight:bold;" >Please! Sign In</LEGEND>
<br />
<br />
<br />
<table align="center" cellspacing="0px" cellpadding="6px" border=0>
<tr>
<td align="left"><SPAN class="label">Login ID:</SPAN>
<td align="left"><input type="text" name="loginid" size=15 maxlength=40 tabindex="1" />
<tr>
<td align="left"><SPAN class="label">Password:</SPAN>
<td align="left"><input type="password" name="pwd" size=15 maxlength=40 tabindex="2" />
<tr align="center">
<td colspan=2><br>
<input type="submit" name="submit1" value="Ok" >
<tr align="center">
<td colspan=2><a href="frmgetpwd.php" STYLE="font-size:12px"><br>Forgot Password</a>
<tr>
<td >
<td align="center" >
</table>
</FIELDSET>
</form>
Page:Logout.php
<?php
if (isset($_SESSION['loggedIn')) {
$tmp = $_SESSION['userName'];
session_destroy();
session_regenerate_id();
$_SESSION['userName'] = $tmp;
}
?>
session_regenerate_id() is good for security.
Can you see $_SESSION['SpecialTarget'] in login page!
You can use that to redirect to a desired page from where a user is coming.
Like you have a privileged page 'admin.php'; Here you will check if user is logged in or not. If not logged in, then redirect him to login page. After login he will automatically be redirect to this page.
<?php
session_start();
if (!isset($_SESSION['loggedIn'])) {
$_SESSION['SpecialTarget'] = 'admin.php';
session_write_close();
header('Location:login.php');
exit;
}
?>