This is Version 1.3 of Login - Redirect. |
This script is not only a secure login script, it also allows great control and can be integrated easily into most sites as well as the following features:
Redirection based on the users login information
- The site administrator can dictate
the page that the user will be redirected to once the user has been
authenticated
Control Panel Administration
- The control panel administration
allows Administrators the following functions:
- Add Users
- Modify user information
- Add users to groups
- Delete users
- Undelete Users
- Ban Users
- Lift user bans
- Ban IP Addresses
- Lift IP Address bans
- View and sort login information
- Require users to change their password at next login
- Require users to activate their account as to verify their e-mail address
before they are able to login
- View all user information
Other functionality of this package:
- Control access to pages through
username or groups
- Allows users to request an e-mail
of their login information
- Allows users to change their own
password and e-mail address
- Allows users to self-register
All of the pages viewed by users have been written in html as to allow site
creators easy integration into their site.
All html pages can be altered, just do not change the functionality of the page.
For example, if the html page contains to fields named X and Y and the form is
posted to page.php, do not change the name of the field or the name of the page
that the information is posted to unless you know what you are doing.
Requirements:
- Website server with php
functionality.
- MySQL Database
The installation process is very simple. You will need the following
information to complete the installation:
- a MySQL database
- The username and password for that
database
- Knowledge of the database server
(typically localhost, but it could be different as with 1&1 hosted sites)
- FTP ability
That's it, the installation walks you through all of the steps and creates all
of the table required as well as the configurations settings and the
administrator account setup.
Package Contents and Description:
../ | |
*activate.html | This page allows the user to activate their account. If you has set the configuration to verify e-mail address, the user will register and an e-mail will be sent requesting the user to visit this page and activate the account. |
*banned.html | This page is displayed to user if either their IP Address or User account has been banned. |
check_login.php | This page is a server-side page that checks to see if the user still has an open session or has elected cookies to be set as to limit the number of times the user must login. You do not have to use this page - If you require your users to login in every time, I would suggest you remove the "Remember me from this computer" section from login.html and errorlogin.html. If you chose to use it and have a "Login" link somewhere on your page, have it link to check_login.php. |
config.php | This is the page with all of the configuration settings, the code for this page is generated during the installation process, you will simply need to copy and paste it into this page and upload. |
*email_change.html | This page allows users to change their own e-mail address. |
email_change.php | This is the server-side page that handles the changing of the user's e-mail address. |
*errorlogin.html | This is the page that the user is directed to should their be an error with their credentials. |
functions.php | This page contains various functions that are used throughout the package. |
*login.html | This is the main login page for the users. |
loglogin.php | This is a server-side page that records the login information to the log_login table. |
*no_access.html | This is the page that is displayed should a user try to gain access to a page that they are no allowed access to visit. |
*not_activated.html | This is the page that is displayed should a user try to login without activating their account, that is if you have required e-mail verification. |
*pass_change.html | This page allows users to change their own password. |
pass_change.php | This is the server-side page that handles the password change. |
redirect.php | This is the server-side page that sets the session and redirects the user to the page specified by the administrator. |
*register.html | This page allows user to register themselves for your site. |
register.php | This is the server-side page that handles the registration. |
**../install | |
**create_admin.php | This is the administrator interface to create the administrator's account. |
**install.html | The first installation page, requests configurations information. |
**install_1.php | The second installation page, allows for the naming of groups. |
**install_2.php | The third installation page, allows for the creation of the administrator's account. |
**install_3.php | The fourth installation page, installation is complete and provide the config.php code. |
../admin | |
adduser.php | This is the server-side page that handles the addition of a user. |
adminpage.php | This is the Administrator's Control Panel - very important. |
mod_user.php | This is the server-side page that handles the user modifications, deletions and banning. |
../logs | |
index.html | This is a frames page that includes the next two pages. |
log.php | This is the page that appears on the right of index.html and contains the login information. |
log.html | This is the page that appeats on the left of index.html and allows for sorting of the login information and also contain arin.net whois lookup for IP Addresses. |
* - indicates that this page is customizable
** - indicates that this file or folder can be deleted after installation is
complete
How-to restrict access to your pages:
1. All secure pages must be php pages. You can easily
create any page in html and simply save it with a .php extention.
2. This code must be added prior to any code on the page:
<?php
//prevents caching
header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: post-check=0, pre-check=0",false);
session_cache_limiter();
session_start();
//this should the the
absolute path to the config.php file
//(ie /home/website/yourdomain/login/config.php or
//the location in relationship to the page being protected - ie ../login/config.php
)
require('../config.php');
//this should the the
absolute path to the functions.php file - see the instrcutions for config.php
above
require('../functions.php');
//this is
group name or username of the group or person that you wish to allow access to
// - please be advise that the Administrators
Groups has access to all pages.
if (allow_access(Administrators) != "yes")
{
//this should the the
absolute path to the no_access.html file - see above
include ('no_access.html');
exit;
}
?>
For a more precise sample of the code you should use, please Click Here.
That should do it...