Member Avatar for riahc3

Hey

I want to make a website lets say http://www.mysite.com but before they view it, they have to login with username and password (those are stored in a DB). It doesnt matter if they access http://www.mysite.com/hello http://www.mysite.com/hello.html or http://www.mysite.com/hello/something/j.php ect the first time they access, they have to login, else they cannot view any content at all.

Once they are logged in, Im thinking of 2 alternatives (depends on which is more easy to implement and when has better security)

1: Once they log in, in a DB the date/time they login is stored. If in say 5 minutes, they dont do anything on the site, they have to input again their username and pass. If they do, the NEW date/time is stored and sofore.
2: A simple cookie that expires in a hour (or whatever time)

Thank you

  • 4 Contributors
  • 4 Replies
  • 349 Views
  • 2 Weeks Discussion Span
  • Latest Post Latest Post by Dragennd

Recommended Answers

All 4 Replies

Member Avatar for Octet

The simplest way would be to use a PHP SESSION variable, it also means you don't need to get involved with the new data protection laws (which cookies fall under).

You would want to querry your login SESSION like this:

<?php

    if(!isset($_SESSION['LoggedIn']))
    {
        die (Header('Location: Login.php'));
    }

    else
    {
        echo "Welcome!";
    }

?>

That would simply check if the session has been set and if not then send them to a login page (to which you would set your session).

Then to update the DB, simply in the login bit include a mysql_query which updates the Login Time to the current date and time.

I hope that is useful? Sorry for not being able to provide much more information.

Member Avatar for lps

In my opinion, instead of establishing db connection, why don't you try to use cache to set the time. What I mean is use php to establish a cache which will expire in a certain time. Then, use the login function to assign the cache data. If the data is not exist, display the login form.

Member Avatar for riahc3

instead

In my opinion, instead of establishing db connection, why don't you try to use cache to set the time. What I mean is use php to establish a cache which will expire in a certain time. Then, use the login function to assign the cache data. If the data is not exist, display the login form.

And I do this how?

Member Avatar for Dragennd

I'm not all that proficient in php so I can't help much with Ips's reply, however, what you could also do is simply password protect your server. You can make it so that it requires a password to access anything within a certain directory. Most webservers allow for password protection and this is a simple way to block access to information on your website.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.