0

Hi
I want to create a mobile website with a restricted login page. That is, such that to view the login page, a link with a protection code should first be sent to you via sms or other way. That is something like http://m.mobilesite.(com)/login.php/243948

The link should expire say after 24 hours. And if the user happened to type the link without the protection code, it would be redirected to a parking page.

Any one with an idea how to go about it?

5
Contributors
6
Replies
9
Views
7 Years
Discussion Span
Last Post by rajarajan07
0

You could build a page that checks for login credentials. Instead of user/pass, you would first enter your phone number or email address, depending on where you want to receive your confirmation code. After retrieving it, you can use it to login. Your database would contain a table with that email/phone and confirmation code, and an expiration date. When trying to login, you would have to check all three. You could even try to add an ip check, so you could only login from the pc where you requested the code. Hope this makes sense.

0

Thanks.It makes sense.
However, how can I create the page that automatically generates the confrimation code

0

Yes you can do it by using session , save the protection code in session with expiry limit of 24 hour and when user enter the url with the protection code. using the get method match the protection code with the session . if match fail redirect it to parking page .
same goes for the link with without protection code . even you can display message "your url link has been expired you had to register again "

0

However, how can I create the page that automatically generates the confrimation code

For example, you could create a hash from the current datetime.

0

You could build a page that checks for login credentials. Instead of user/pass.logical step is configure user to use rssh. All you have to do is set a user account shell to /usr/bin/rssh.

Create a new user with /usr/bin/rssh
Login as the root user
Type the following command to create a new user called didi:
# useradd -m -d /home/didi -s /usr/bin/rssh didi
# passwd didi

0

Sample Script

$name = mysql_real_escape_string($_POST['user']);
$pw = mysql_real_escape_string($_POST['password']);
$r = mysql_query("SELECT user_name FROM user WHERE user_name='$name' AND  password = '$pw'");
if(mysql_num_rows($r)>0){
//user exists - keep data in session/cookie or whatever
}else{
//failed login
}
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.