|
|
|
|
Thread title: Free secure PHP login system |
|
|
|
|
|
Thread tools
Search this thread
Display Modes
|
|
08-26-2007, 07:57 PM
|
#11
|
Status: Request a custom title
Join date: Feb 2005
Location: The Netherlands
Expertise:
Software:
Posts: 2,616
|
Originally Posted by Xuxa
I own the book. It looks exactly like it except the names of the some functions are changed along with variables and all of that sort.
|
Could you refer to a page number so i can look in my book too? Is it volume one or two?
|
|
08-26-2007, 08:00 PM
|
#12
|
Status: Request a custom title
Join date: Feb 2006
Location: USA
Expertise:
Software:
Posts: 1,076
|
two
can you just own up to it? You have the book and the code looks almost identical except the names of some stuff and I believe you copied the code.
|
|
08-26-2007, 08:19 PM
|
#13
|
Status: Request a custom title
Join date: Feb 2005
Location: The Netherlands
Expertise:
Software:
Posts: 2,616
|
Originally Posted by Xuxa
two
can you just own up to it? You have the book and the code looks almost identical except the names of some stuff and I believe you copied the code.
|
Well, I paid my programmer $100 to code this.... Hope he didnt copy it, I have the book but only recently. Had this code for a while.
|
|
08-26-2007, 08:50 PM
|
#14
|
Status: Request a custom title
Join date: Feb 2005
Location: The Netherlands
Expertise:
Software:
Posts: 2,616
|
You mean this?
PHP Code:
<?php
/**
* @package SPLIB
* @version $Id: Auth.php,v 1.7 2003/12/09 06:06:13 kevin Exp $
*/
/**
* Constants to modify behaviour of Auth Class
*/
# Modify these constants to match the $_POST variable used in login form
// Name to use for login variable e.g. $_POST['login']
@define ( 'USER_LOGIN_VAR','login');
// Name to use for password variable e.g. $_POST['password']
@define ( 'USER_PASSW_VAR','password');
# Modify these constants to match your user login table
// Name of users table
@define ( 'USER_TABLE','user');
// Name of login column in table
@define ( 'USER_TABLE_LOGIN','login');
// Name of password column in table
@define ( 'USER_TABLE_PASSW','password');
/**
* Authentication class<br />
* Automatically authenticates users on construction<br />
* <b>Note:</b> requires the Session/Session class be available
* @access public
* @package SPLIB
*/
class Auth {
/**
* Instance of database connection class
* @access private
* @var object
*/
var $db;
/**
* Instance of Session class
* @access private
* @var Session
*/
var $session;
/**
* Url to re-direct to in not authenticated
* @access private
* @var string
*/
var $redirect;
/**
* String to use when making hash of username and password
* @access private
* @var string
*/
var $hashKey;
/**
* Are passwords being encrypted
* @access private
* @var boolean
*/
var $md5;
/**
* Auth constructor
* Checks for valid user automatically
* @param object database connection
* @param string URL to redirect to on failed login
* @param string key to use when making hash of username and password
* @param boolean if passwords are md5 encrypted in database (optional)
* @access public
*/
function Auth ( & $db, $redirect, $hashKey, $md5=true ) {
$this->db=& $db;
$this->redirect=$redirect;
$this->hashKey=$hashKey;
$this->md5=$md5;
$this->session=& new Session();
$this->login();
}
/**
* Checks username and password against database
* @return void
* @access private
*/
function login() {
// See if we have values already stored in the session
if ( $this->session->get('login_hash') ) {
$this->confirmAuth();
return;
}
// If this is a fresh login, check $_POST variables
if ( !isset($_POST[USER_LOGIN_VAR]) ||
!isset($_POST[USER_PASSW_VAR]) ) {
$this->redirect();
}
if ( $this->md5 )
$password=md5($_POST[USER_PASSW_VAR]);
else
$password=$_POST[USER_PASSW_VAR];
// Escape the variables for the query
$login=mysql_escape_string($_POST[USER_LOGIN_VAR]);
$password=mysql_escape_string($password);
// Query to count number of users with this combination
$sql="SELECT COUNT(*) AS num_users
FROM ".USER_TABLE."
WHERE ".USER_TABLE_LOGIN."='".$login."'
AND ".USER_TABLE_PASSW."='".$password."'";
$result=$this->db->query($sql);
$row=$result->fetch();
// If there isn't is exactly one entry, redirect
if ( $row['num_users']!=1 )
$this->redirect();
// Else is a valid user; set the session variables
else
$this->storeAuth($login,$password);
}
/**
* Sets the session variables after a successful login
* @return void
* @access protected
*/
function storeAuth($login,$password) {
$this->session->set(USER_LOGIN_VAR,$login);
$this->session->set(USER_PASSW_VAR,$password);
// Create a session variable to use to confirm sessions
$hashKey = md5($this->hashKey.$login.$password);
$this->session->set('login_hash',$hashKey);
}
/**
* Confirms that an existing login is still valid
* @return void
* @access private
*/
function confirmAuth() {
$login=$this->session->get(USER_LOGIN_VAR);
$password=$this->session->get(USER_PASSW_VAR);
$hashKey=$this->session->get('login_hash');
if (md5($this->hashKey.$login.$password) != $hashKey ) {
$this->logout(true);
}
}
/**
* Logs the user out
* @param boolean Parameter to pass on to Auth::redirect() (optional)
* @return void
* @access public
*/
function logout ($from=false) {
$this->session->del(USER_LOGIN_VAR);
$this->session->del(USER_PASSW_VAR);
$this->session->del('login_hash');
$this->redirect($from);
}
/**
* Redirects browser and terminates script execution
* @param boolean adverstise URL where this user came from (optional)
* @return void
* @access private
*/
function redirect($from=true) {
if ( $from ) {
header ( 'Location: '.$this->redirect.'?from='.
$_SERVER['REQUEST_URI'] );
} else {
header ( 'Location: '.$this->redirect );
}
exit();
}
}
?>
|
|
08-26-2007, 08:57 PM
|
#15
|
Status: Request a custom title
Join date: Feb 2006
Location: USA
Expertise:
Software:
Posts: 1,076
|
|
|
08-26-2007, 09:05 PM
|
#16
|
Status: Community Archaeologist
Join date: Jul 2004
Location: Scotland
Expertise: Software Development
Software: vim, PHP
Posts: 3,820
|
Yeah, I see how that's identical. Sorry Xuxa but (correct me if I'm wrong) I see nothing wrong, in terms of potentially copied code. Would you perhaps highlight more precisely what you think the issue is?
|
|
08-26-2007, 09:25 PM
|
#17
|
Status: Request a custom title
Join date: Feb 2006
Location: USA
Expertise:
Software:
Posts: 1,076
|
I was saying if he sold it for the $5 that he said he would
|
|
08-27-2007, 04:36 AM
|
#18
|
Status: Request a custom title
Join date: Feb 2005
Location: The Netherlands
Expertise:
Software:
Posts: 2,616
|
Originally Posted by Xuxa
I was saying if he sold it for the $5 that he said he would
|
?? B ut what part of the code is copied? What would be wrong about letting people use it for free for personal use only?
|
|
08-27-2007, 09:23 AM
|
#19
|
Status: Junior Member
Join date: Aug 2007
Location:
Expertise:
Software:
Posts: 34
|
Nothing wrong about letting it be used for free, but if he were to sell it to anyone and it were copied, that would be illegal.
|
|
08-27-2007, 09:53 AM
|
#20
|
Status: Community Archaeologist
Join date: Jul 2004
Location: Scotland
Expertise: Software Development
Software: vim, PHP
Posts: 3,820
|
Actually neighberaaron, distributing material to which you don't own the rights is illegal, whether given away freely or commercially doesn't matter. The fact remains that Xuxa doesn't seem to want to detail what exactly has been stolen here and as far as I can tell, nothing has.
|
|
|
|
|
|
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
|
|