Vielen Dank für die Antwort. also nicht falsch verstehen, ich brauch keien Hoch Sicherheits Seite, alle Leute die sich da einloggen kenne ich, es muss also nur das Login passen, die Verbindung zur DB sicher sein und halt die Frage mit dem Hoster, aber das scheint ja nicht so das Problem zu sein ;)
Hier mal mein Code (wenn ich das so posten darf)
Login Seite:
PHP-Code:
session_start();
include_once('sessionhelpers.inc.php');
//ABMELDUNG RAHMEN
echo "<form method='post' action='index.php'>";
echo "<TD CLASS=TABLEHEADER1>";
echo "<SPAN ID=BLACK2>Sie sind nicht mehr angemeldet</SPAN><br><br>";
echo "<input type='submit'value='Zum Anmeldebildschirm'>";
echo "</form>";
echo "</TD>";
$_SESSION = array();
logout();
}
if ( isset($_POST['login']) )
{
$userid = check_user($_POST['username'], $_POST['userpass']);
if ( $userid )
{
login($userid);
$sqlab = "select UserID,UserLogin,UserDBName,UserNName,UserVName,UserPer,UserStatus from users where UserLogin = '$_REQUEST[username]'";
$res = mysql_db_query(DBNAME, $sqlab);
$num = mysql_num_rows($res);
if ($num==0) { }
while($row = mysql_fetch_array($res)) {
if (isset($row[UserID])) { $_SESSION[UserID] = $row[UserID]; }
if (isset($row[UserLogin])) { $_SESSION[UserLogin] = $row[UserLogin]; }
if (isset($row[UserDBName])) { $_SESSION[UserDBName] = $row[UserDBName]; }
if (isset($row[UserNName])) { $_SESSION[UserNName] = $row[UserNName]; }
if (isset($row[UserVName])) { $_SESSION[UserVName] = $row[UserVName]; }
if (isset($row[UserPer])) { $_SESSION[UserPer] = $row[UserPer]; }
if (isset($row[UserStatus])) { $_SESSION[UserStatus] = $row[UserStatus]; }
}
echo "<script language=\"javaScript\">top.document.location='$php_self'</script>";
}
else { echo '<script type="text/javascript">alert("Bitte Anmeldedaten prüfen!");</script>'; }
}
if ( !logged_in() ) {
echo "<form method='post' action='$php_self'>";
//ANMELDUNG RAHMEN
echo "<TD CLASS=TABLEHEADER1>";
echo "<SPAN ID=BLACK2>Sie sind nicht angemeldet</SPAN><br><br>";
echo "<SPAN ID=BLACK2>Benutzername:</SPAN> <input name='username' type='text'>";
echo "<SPAN ID=BLACK2>Password:</SPAN> <input name='userpass' type='password' id='userpass'><br><br>";
echo "<input name='login' type='submit' id='login' value='Anmelden'>";
echo "</form>";
echo "</TD>";
}
if ( logged_in() )
{
//Geschützter Inhalt
}
sessionhelper Datei fürs Login System
PHP-Code:
<?php
/**
* @return void
*/
function connect () {
$con = mysql_connect('localhost', 'root', 'root') or exit(mysql_error());
mysql_select_db('gebiet', $con) or exit(mysql_error());
}
/**
* @param string $name
* @param string $pass
* @return boolean
*/
function check_user ( $name, $pass ) {
// magic quotes anpassen
if ( get_magic_quotes_gpc() ) {
$name = stripslashes($name);
$pass = stripslashes($pass);
}
// escapen von \x00, \n, \r, \, ', " und \x1a
$name = mysql_real_escape_string($name);
// escapen von % und _
$name = str_replace('%', '\%', $name);
$name = str_replace('_', '\_', $name);
$sql = 'SELECT UserId FROM users WHERE UserLogin = \'' . $name . '\' AND UserPass=\'' . md5($pass) . '\'';
if ( !$result = mysql_query($sql) ) {
exit(mysql_error());
}
if ( mysql_num_rows($result) == 1 ) {
$user = mysql_fetch_assoc($result);
return ( $user['UserId'] );
} else {
return ( false );
}
}
/**
* @param int $userid
* @return void
*/
function login ( $userid ) {
$sql = 'UPDATE users SET UserSession = \'' . session_id() . '\' WHERE UserId = ' . ((int)$userid);
if ( !mysql_query($sql) ) {
exit(mysql_error());
}
}
/**
* @return boolean
*/
function logged_in () {
$sql = 'SELECT UserId FROM users WHERE UserSession = \'' . session_id() . '\'';
if ( !$result = mysql_query($sql) ) {
exit(mysql_error());
}
return (mysql_num_rows($result) == 1);
}
/**
* @return void
*/
function logout () {
$sql = 'UPDATE users SET UserSession = NULL WHERE UserSession = \'' . session_id() . '\'';
if ( mysql_query($sql) ) {
exit(mysql_error());
}
}
connect();
?>
Datenbankverbindung
PHP-Code:
<?
define('DBHOST', 'localhost');
define('DBUSER', 'root');
define('DBPASSWORD', 'root');
define('DBNAME', 'gebiet');
mysql_connect(DBHOST, DBUSER, DBPASSWORD);
?>