Creating your own content management system with php [Page 4 of 4]

Misc Links

Ads

Age of Valor - Ultima Online Free Shard
AoS/SE/ML/Custom - advanced code, dedicated staff, peerless bosses, non overpowered customs + much much more

Latest Forum Topics

Possibly shutting down forum in near future
Posted by Red Squirrel
on Jan 21 2012, 5:19:43 pm

How to solve "ZoneMinder Console - Stopped"
Posted by Red Squirrel
on Jan 14 2012, 12:28:31 am

had fun on last day of 2011
Posted by rovingcowboy
on Jan 01 2012, 5:30:47 pm

Merry Christmas!
Posted by rovingcowboy
on Jan 01 2012, 5:11:32 pm

How to solve SMF directory not writable
Posted by Red Squirrel
on Oct 15 2011, 12:03:38 am

Creating your own content management system with php
Better control of site content and access
By Red Squirrel

Since the examples did not use mysql, I figured I would show a real time example of a login system that does use mysql, since you now know the basics of login systems, and probably know mysql if you read my php data storage tutorial, I won't go in as much detail but rather point out the main parts.

if($_GET[act]=="logon")
{
//1: load the database and stuff
$scinfo = mysql_connect($global[sqlhost],$global[sqluser],$global[sqlpass]);
$scresult = mysql_select_db($global[scadadb],$scinfo);
$scresult = mysql_query("SELECT * FROM admin where username='".$_POST[user]."' and passwordhash='".md5(md5($_POST[pass]))."'") or die("<font color=\"red\">SQL Error: " . mysql_error()."</font>");

//2: get the number of results that match with the username/password supplied (0 or 1 results) and if it's 0 it means it's a bad login
$count = mysql_num_rows($scresult);

if($count<1)
{
//access denied! BAD LOGIN

//3: block the user off the site :)  some guy from 24.17.127.109 got nailed by this already and keeps trying to get on, hehe
SWScadaSetRule("IP",$_SERVER[REMOTE_ADDR],5,"Failed Login Attempt in Scada CP - Further attempts will result in legal action.",1,1,0,1,"Failed login to scada CP (".$_POST[user].",".$_POST[pass].")");

echo("access denied!");
exit();
}



//4: set session stuff
$session = md5(md5(rand(0,1000000)).rand(0,525723).$_SERVER[REMOTE_ADDR]);
$session .= rand(11,99).rand(1,9).rand(1111,9999);
$session .= md5(md5(rand(1211,99529)).md5(rand(141,73599)).md5(rand(11411,9242999)));


//5: Insert session in both the database and the cookie - they must match all the time for the session to be valid
$scresult = mysql_query("UPDATE admin set sessionhash='".$session."'where username='".$_POST[user]."' and passwordhash='".md5(md5($_POST[pass]))."'") or die("<font color=\"red\">SQL Error: " . mysql_error()."</font>");
setcookie("scadasession",$session);


//6: redirect back to the same page, but since we're logged in the auth module will take care of finding that out from the cookie
echo("Login Accepted.  Redirecting...<br>");
echo("<meta http-equiv=\"refresh\" content=\"1;url=index.php\">");


exit();
}

1: We do the usual mysql stuff, those vars are simply stored in some other file and well, the values are none of your business. :P

2: The query checked to see if a user matched with the username and password given so if there's 1 result, we keep going, but if there's 0 results, then we do stuff. Usually we'd give a chance, but since only admins use this particular system we're more strict.

3: Since the user got the password wrong, we block him off, don't mind what that function does, since it's one I made and use in that script, normally you would display a "bad username/password" message.

4: This is really interesting. Basically we want to generate a random string that we will use for the session string. But to make it super unique, we just MD5 a bunch of stuff together, including the IP address and random numbers, then make a super long string. The possibilities are endless here, just have fun!

5: Then we put the cookie (this is why doing the auth stuff before data output is a must) and also update the user record with that session.

6: Then we're ready to do whatever we want to do once we're logged in! There better not be security exploits in this since I'm screwed. :P

Well this ends the tutorial. I hope that you learned something from it. And with the knowledge gained from this article and my other php related ones, you should be able to make a rather advanced CMS system if you put all those skills together.

If you're wondering out of curiosity how this site is run, it is actually a very different system. Each page is somewhat independent of each other in terms of html. There are various reasons for this, one of them is that it is more flexible in terms of ad placements, as I can put different ads on different pages as easly as it would on fully static html pages.

This is something you should ask yourself, do you really need a CMS, or do you simply want to plug in php code in html pages? A full featured CMS where you can add modules etc and different sections is cool and all, but if you don't really need it, then stick with static html and php where needed.

But if you need to be able to password protect stuff, and make it easier to change the look then a CMS is the way to go, and coding it yourself is a good start.

Red Squirrel
IceTeks Owner

16789 Hits

Pages: [1] [2] [3] [4]

1 Comments

Latest comments (newest first)

Posted by Andy on October 10th 2004 (08:52)
LOL I was about to say. WOW this guest is smart. Why can't i find someone like that at my site.
spacer

View all comments
Post comment

Top Articles	Latest Articles
- What are .bin files for? (27968 reads) - Text searching in linux with grep (22573 reads) - SPFDisk (Special Fdisk) Partition Manager (17074 reads) - Creating your own content management system with php (16789 reads) - PSP User's Guide (16566 reads)	- How to Use MDADM Linux Raid (14858 reads) - What is Cloud Computing? (14887 reads) - Dynamic Forum Signatures (version 2) (15256 reads) - Successfully Hacking your iPhone or iTouch (15921 reads) - Ultima Online Newbie Guide (16385 reads)