Wie kan mij helpen, wat moet ik doen om een beveiligde login (af) te maken;
Ik heb:
LOGIN.PHP
<?
ob_start();
include('config.php');
$fout = 0;
if(isset($_POST['login']) && $_SERVER['REQUEST_METHOD'] == "POST")
{
$gebruikersnaam = $_POST['gebruikersnaam'];
$wachtwoord = $_POST['wachtwoord'];
$ip = $_SERVER['REMOTE_ADDR'];
$query = mysql_query("SELECT * FROM gebruikers WHERE gebruikersnaam='$gebruikersnaam' AND wachtwoord='$wachtwoord'");
if(mysql_num_rows($query) != 0)
{
session_destroy();
session_start();
$list = mysql_fetch_object($query);
$_SESSION['gebLogged'] = "true";
$_SESSION['gebId'] = "$list->id";
$_SESSION['gebName'] = "$gebruikersnaam";
$select = mysql_query("SELECT * FROM logins WHERE userid=".$_SESSION['gebId']."");
if(mysql_num_rows($select) == 0)
{
$insert = mysql_query("INSERT INTO logins(userid,session_id,ip) VALUES (".$_SESSION['gebId'].",'".session_id()."','$ip')");
}
else
{
$update = mysql_query("UPDATE logins SET session_id='".mysql_real_escape_string(session_id())."', ip='".mysql_real_escape_string("$ip")."' WHERE userid=".$_SESSION['gebId']."");
}
setcookie("geb_userid", $_SESSION["gebId"], time()+604800);
setcookie("geb_sessid", session_id(), time()+604800);
header("Location: beveiligd.php");
exit;
}
else
{
$fout = 1;
}
}
?>
<html>
<body>
<form method="post" action="<?=$_SERVER['PHP_SELF']?>">
<table border="0">
<?
if(isset($_POST['login']) && $fout == 1)
{
?>
<tr>
<td colspan="2"><font color="red">Onjuiste gebruikersnaam/wachtwoord combinatie!</font></td>
</tr>
<tr>
<td height="4"></td>
</tr>
<?
}
?>
<tr>
<td><b>Gebruikersnaam</b></td>
<td><input type="text" name="gebruikersnaam"></td>
</tr>
<tr>
<td><b>Wachtwoord</b></td>
<td><input type="password" name="wachtwoord"></td>
</tr>
<tr>
<td height="5"></td>
</tr>
<tr>
<td><input type="submit" name="login" value="Login!"></td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
</tr>
</table>
</form>
</body>
</html>
<?
ob_end_flush();
?>
Check_login.php
<?
$chkl = 0;
if(isset($_COOKIE['geb_sessid']) && isset($_COOKIE['geb_userid']) && isset($_SESSION['gebLogged']))
{
$chk_login = mysql_query("SELECT * FROM logins WHERE userid= '".mysql_real_escape_string($_COOKIE['geb_userid'])."' AND ip='" . $_SERVER['REMOTE_ADDR']."' AND session_id='".mysql_real_escape_string($_COOKIE['geb_sessid'])."' AND session_id='" . session_id() . "'");
if(mysql_num_rows($chk_login) == 0)
{
$chkl = 1;
}
}
else
{
$chkl = 1;
}
if($chkl == 1)
{
header("Location: index.php");
exit;
}
?>
Beveiligd.php
<?
session_start();
ob_start();
include('config.php');
include('check_login.php');
?>
<html>
<body>
Gefeliciteerd <?=$_SESSION['gebName']?>, je bent ingelogd!<br>
Je bent nu op een beveiligde pagina!<br><br><a href="logout.php">Klik hier om uit te loggen</a>
<br><br>© Dit is een script van <a href="http://www.gratizwebtoolz.nl/" target="_blank">Gratiz Webtoolz</a>
</body>
</html>
<?
ob_end_flush();
?>
Config.php
<?
$db_host = "localhost"; //host
$db_user = ""; //username vd db
$db_pass = ""; //pass vd user vd db
$db_name = ""; //naam van je db
mysql_connect("$db_host", "$db_user","$db_pass");
mysql_select_db("$db_name");
?>
Logout.php
<?
session_start();
$_SESSION['gebLogged'] = "";
$_SESSION['gebId'] = "";
$_SESSION['gebName'] = "";
$_SESSION = array();
setcookie("geb_userid", '', time()-604800);
setcookie("geb_sessid", '', time()-604800);
session_unset();
session_destroy();
header("Location: login.php");
?>
Tabellen.sql
CREATE TABLE `logins` (
`userid` int(10) NOT NULL,
`session_id` varchar(32) NOT NULL,
`ip` varchar(20) NOT NULL
) TYPE=MyISAM;
CREATE TABLE `gebruikers` (
`id` INT( 10 ) NOT NULL AUTO_INCREMENT PRIMARY KEY ,
`gebruikersnaam` VARCHAR( 225 ) NOT NULL ,
`wachtwoord` VARCHAR( 225 ) NOT NULL
) TYPE = MYISAM ;
Wat moet ik wijzigen, toevoegen om e.e.a werkend te krijgen
Alvast dank voor de moeite!
Ik heb:
LOGIN.PHP
<?
ob_start();
include('config.php');
$fout = 0;
if(isset($_POST['login']) && $_SERVER['REQUEST_METHOD'] == "POST")
{
$gebruikersnaam = $_POST['gebruikersnaam'];
$wachtwoord = $_POST['wachtwoord'];
$ip = $_SERVER['REMOTE_ADDR'];
$query = mysql_query("SELECT * FROM gebruikers WHERE gebruikersnaam='$gebruikersnaam' AND wachtwoord='$wachtwoord'");
if(mysql_num_rows($query) != 0)
{
session_destroy();
session_start();
$list = mysql_fetch_object($query);
$_SESSION['gebLogged'] = "true";
$_SESSION['gebId'] = "$list->id";
$_SESSION['gebName'] = "$gebruikersnaam";
$select = mysql_query("SELECT * FROM logins WHERE userid=".$_SESSION['gebId']."");
if(mysql_num_rows($select) == 0)
{
$insert = mysql_query("INSERT INTO logins(userid,session_id,ip) VALUES (".$_SESSION['gebId'].",'".session_id()."','$ip')");
}
else
{
$update = mysql_query("UPDATE logins SET session_id='".mysql_real_escape_string(session_id())."', ip='".mysql_real_escape_string("$ip")."' WHERE userid=".$_SESSION['gebId']."");
}
setcookie("geb_userid", $_SESSION["gebId"], time()+604800);
setcookie("geb_sessid", session_id(), time()+604800);
header("Location: beveiligd.php");
exit;
}
else
{
$fout = 1;
}
}
?>
<html>
<body>
<form method="post" action="<?=$_SERVER['PHP_SELF']?>">
<table border="0">
<?
if(isset($_POST['login']) && $fout == 1)
{
?>
<tr>
<td colspan="2"><font color="red">Onjuiste gebruikersnaam/wachtwoord combinatie!</font></td>
</tr>
<tr>
<td height="4"></td>
</tr>
<?
}
?>
<tr>
<td><b>Gebruikersnaam</b></td>
<td><input type="text" name="gebruikersnaam"></td>
</tr>
<tr>
<td><b>Wachtwoord</b></td>
<td><input type="password" name="wachtwoord"></td>
</tr>
<tr>
<td height="5"></td>
</tr>
<tr>
<td><input type="submit" name="login" value="Login!"></td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
</tr>
</table>
</form>
</body>
</html>
<?
ob_end_flush();
?>
Check_login.php
<?
$chkl = 0;
if(isset($_COOKIE['geb_sessid']) && isset($_COOKIE['geb_userid']) && isset($_SESSION['gebLogged']))
{
$chk_login = mysql_query("SELECT * FROM logins WHERE userid= '".mysql_real_escape_string($_COOKIE['geb_userid'])."' AND ip='" . $_SERVER['REMOTE_ADDR']."' AND session_id='".mysql_real_escape_string($_COOKIE['geb_sessid'])."' AND session_id='" . session_id() . "'");
if(mysql_num_rows($chk_login) == 0)
{
$chkl = 1;
}
}
else
{
$chkl = 1;
}
if($chkl == 1)
{
header("Location: index.php");
exit;
}
?>
Beveiligd.php
<?
session_start();
ob_start();
include('config.php');
include('check_login.php');
?>
<html>
<body>
Gefeliciteerd <?=$_SESSION['gebName']?>, je bent ingelogd!<br>
Je bent nu op een beveiligde pagina!<br><br><a href="logout.php">Klik hier om uit te loggen</a>
<br><br>© Dit is een script van <a href="http://www.gratizwebtoolz.nl/" target="_blank">Gratiz Webtoolz</a>
</body>
</html>
<?
ob_end_flush();
?>
Config.php
<?
$db_host = "localhost"; //host
$db_user = ""; //username vd db
$db_pass = ""; //pass vd user vd db
$db_name = ""; //naam van je db
mysql_connect("$db_host", "$db_user","$db_pass");
mysql_select_db("$db_name");
?>
Logout.php
<?
session_start();
$_SESSION['gebLogged'] = "";
$_SESSION['gebId'] = "";
$_SESSION['gebName'] = "";
$_SESSION = array();
setcookie("geb_userid", '', time()-604800);
setcookie("geb_sessid", '', time()-604800);
session_unset();
session_destroy();
header("Location: login.php");
?>
Tabellen.sql
CREATE TABLE `logins` (
`userid` int(10) NOT NULL,
`session_id` varchar(32) NOT NULL,
`ip` varchar(20) NOT NULL
) TYPE=MyISAM;
CREATE TABLE `gebruikers` (
`id` INT( 10 ) NOT NULL AUTO_INCREMENT PRIMARY KEY ,
`gebruikersnaam` VARCHAR( 225 ) NOT NULL ,
`wachtwoord` VARCHAR( 225 ) NOT NULL
) TYPE = MYISAM ;
Wat moet ik wijzigen, toevoegen om e.e.a werkend te krijgen
Alvast dank voor de moeite!