Sessions and User Authentication
Create a PHP file called ex3login.php that does the following:
- If the user is NOT logged in -- Display a form
with fields for a user to enter a username and password
and a submit button labeled "Login".
The form action should be to call itself (ex3login.php).
Use POST for the form submission.
- If user is NOT logged in, but the
username and password are set in $_POST --
then the page should check to see if the username is
"fred" and the password is "ethel". For now, hardcode
this into the PHP code. Later in this exercise you
will move this into a database (if there is time).
If the username and password are good, then start a
session and set a session variable to indicate that
the user is logged in.
- If the user is ALREADY logged in --
The page should display "Wecome <username>! You are logged in."
at the top of the page.
The page should
also have a "logout" button. If pressed,
the action should be to call a separate page
called ex3logout.php that logs the user out and
the prints a message indicating that the user is logged out.
In addition, there should be a "login" button on the page
in case the user wants to go back to the login page.
Feel free to add other status messages to the
display for users who are logged in, not logged in,
or for failed login attempts.
If there is time...
Store the username and password information in a database.
Create a MySQL table called "ex3users" with the following fields:
uid, uname, password. Store the passwords using sha1 encryption.
Add two accounts:
uname = fred, password = ricky
uname = ethel, password = lucy
When a user tries to log in, send a query to the database
to verify if they have the correct password.
|