Home » Forums » Forum Komuniti » Segalanya PHP
salam,mahu tanya pasal login yg lebih selamat
14 replies [Last post]
Thu, 02/02/2012 - 14:47
yamani
1'or'1
yamani's picture
User offline. Last seen 1 week 1 day ago. Offline
Joined: 12/01/2011
Points: 62

mana lebih selamat?
1-login user dan login admin dalam satu page.Dengan guna tapis output berlainan.
2-login user dan login admin output page yang berlainan melalui $_session[].

Top
Thu, 02/02/2012 - 15:34
#1
hymns
I'm noob
hymns's picture
User offline. Last seen 7 weeks 1 day ago. Offline
Pro
Joined: 08/16/2009
Points: 975

tambah role dlm section. check role dlm page

Top
Thu, 02/02/2012 - 21:38
#2
eizim0007
blood
User offline. Last seen 11 weeks 1 day ago. Offline
Joined: 01/18/2012
Points: 37

session lagi selamat.. future expansion pun senang..

Top
Fri, 02/03/2012 - 06:05
#3
yamani
1'or'1
yamani's picture
User offline. Last seen 1 week 1 day ago. Offline
Joined: 12/01/2011
Points: 62

baru cuba nak buat login
nak tahu fungsi penuh session dan cookies
semua rujukan dalam BI lambat sikit faham
satu lagi spyware memang suka cookies Smile

Top
Fri, 02/03/2012 - 06:18
#4
hymns
I'm noob
hymns's picture
User offline. Last seen 7 weeks 1 day ago. Offline
Pro
Joined: 08/16/2009
Points: 975

baca manual mula dari www.php.net/session_start

Top
Fri, 02/03/2012 - 06:27
#5
eizim0007
blood
User offline. Last seen 11 weeks 1 day ago. Offline
Joined: 01/18/2012
Points: 37

secara sempoi.. session tu satu session.. kalau tutup browser, session akan mati sendiri.. kalau dah tutup kena login balik.. kalau cookies begantung kepada berapa lama cookie tu hidup..

lagi satu, session amat beguna kalau nk wat order cam buat shopping cart, orang shopping satu session bila dah habis, checkout, kalau nk shopping lagi. bukak session baru.. Wink

Top
Sat, 02/04/2012 - 11:24
#6
sepudin
Agak sibuk bulan ni..
sepudin's picture
User offline. Last seen 7 weeks 3 days ago. Offline
Joined: 03/13/2011
Points: 152

eizim0007 wrote:
lagi satu, session amat beguna kalau nk wat order cam buat shopping cart, orang shopping satu session bila dah habis, checkout, kalau nk shopping lagi. bukak session baru.. Wink

Salam,,nak tanya sikit. ape maksudnya "orang shopping satu session bila dah habis, checkout"??maksudnya session akan tamat dengan sendiri atau macam mana?
enggak paham dong Tongue

Top
Sat, 02/04/2012 - 12:47
#7
eizim0007
blood
User offline. Last seen 11 weeks 1 day ago. Offline
Joined: 01/18/2012
Points: 37

bila browser tutup atau log out.. session_destroy.. apa2 value yg simpan kat session hilang kalau x save ke database.. Big smile sorry x reti sangat nk explain

Top
Sat, 02/04/2012 - 18:53
#8
yamani
1'or'1
yamani's picture
User offline. Last seen 1 week 1 day ago. Offline
Joined: 12/01/2011
Points: 62

sebagai cth:

//... dari login.php

if ($num_rows > Innocent {
session_start();
$_SESSION['login'] = "1";
header ("Location: page1.php");
}else
{echo "WRONG PASSWORD";}
---------------------------------
//PAGE1.php
if ($_SESSION['login'] == "1") {
session_start();
echo "WELCOME PAGE1";
}else{
header ("Location: login.php");}

katakanlah,session membawa $_SESSION['login'] == "1" dari page bukan dari page login.php saya.
kebetulan dia masuk PAGE1.php saya. adakah dia boleh masuk tanpa melalui password LOGIN.php?

buat saya pening.. Puzzled

Top
Sat, 02/04/2012 - 20:08
#9
sepudin
Agak sibuk bulan ni..
sepudin's picture
User offline. Last seen 7 weeks 3 days ago. Offline
Joined: 03/13/2011
Points: 152

eizim0007 wrote:
bila browser tutup atau log out.. session_destroy.. apa2 value yg simpan kat session hilang kalau x save ke database.. Big smile sorry x reti sangat nk explain

yela,memang betul macam tu.maksudnya kalau kita masih dalam session tu kita masih boleh bershopping la??hehe Big smile tak perlu login balik bila dah shopping sekali,saya ingatkan session tu untuk sekali shopping..huhu CoolCool
jOOm Shopping..wakaka PartyParty

Top
Sat, 02/04/2012 - 20:19
#10
sepudin
Agak sibuk bulan ni..
sepudin's picture
User offline. Last seen 7 weeks 3 days ago. Offline
Joined: 03/13/2011
Points: 152

Buat satu page dah cukup,guna session la.user biasa,staf atau admin guna page yang sama untuk login.
kalau belum ada tambah ni dalam database,tambah satu column level:

set kan satu value yang khas untuk setiap peringkat,contoh:
admin = 9;
staf = 3;
user = 0;

bila login dah berjaya,check level user samada 9,3 atau 0. contoh level user tu adalah 9,secara automatiknya user tu adalah admin.

Top
Sun, 02/05/2012 - 06:23
#11
eizim0007
blood
User offline. Last seen 11 weeks 1 day ago. Offline
Joined: 01/18/2012
Points: 37

identify session macam sepudin explain.. and sini boleh asingkan role ngan identity.. and setiap role boleh masuk dekat tempat dibenarkan je.. nanti, user x leh masuk admin pnye, visitor x boleh tgk member area..etc... semua tu define kat atas setiap page Big smile

Top
Sun, 02/05/2012 - 19:49
#12
yamani
1'or'1
yamani's picture
User offline. Last seen 1 week 1 day ago. Offline
Joined: 12/01/2011
Points: 62

cam ni boleh tak?
_________________

if (isset($_POST['nama'])){
session_start();
$_SESSION['nama']=$_POST['nama'];
$_SESSION['password']=$_POST['password'];
header("location:sistem.php");
}
if (isset($_SESSION['nama'])){
$result_login = mysql_query("SELECT *FROM `login` where nama='{$_SESSION['nama']}' && password='{$_SESSION['password']}'");
$row = mysql_fetch_array( $result_login);
//echo $row['level'];
$num_login=mysql_num_rows($result_login);
if($num_login==0){echo "Wrong password"."
"; session_destroy();
}else{
echo "Right password"."



";
if ($row['level']==9){echo "You are admin"."
";}
if ($row['level']==3){echo "You are staff"."
";}
}
}

Top
Sun, 02/05/2012 - 21:36
#13
sepudin
Agak sibuk bulan ni..
sepudin's picture
User offline. Last seen 7 weeks 3 days ago. Offline
Joined: 03/13/2011
Points: 152

Cube run code ni,edit la yang mana patut.

<?php
include('include/config.inc'); //database
session_start();
?>
<html>
<head>
<title>Login Session Test</title>
</head>
<body>
<?php
if (!isset($_SESSION['nama'])){
?>
<form id="form1" name="form1" method="post" action="">
  <input name="nama" type="text" id="nama" />
  <input name="password" type="text" id="password" />
  <input type="submit" name="Submit" value="Submit" />
</form>
<?php
}
///////////////////////////////////////
///////////////////////////////////////
if (isset($_POST['Submit'])){
$result_login = mysql_query("SELECT * FROM login WHERE (nama = '". ($_POST['nama']) ."') and (password = '". ($_POST['password']) ."')");

    if (mysql_num_rows($result_login) == 1) {
     $_SESSION['nama'] = $_POST['nama'];
     echo "Right password";
    
     $result = mysql_query("SELECT * FROM login WHERE nama = '". $_SESSION['nama'] ."'")
     or die(mysql_error());
    
     while($row = mysql_fetch_array( $result )) {
     $level = $row['level'];
     echo "<br><b>".$row['level']."</b>";
    
     if($level=="9"){
      echo " = admin";
     }elseif($level=="3"){
      echo " = staf";
     }elseif($level=="0"){
      echo " = user";
     }
     }
    }else{
     echo "Wrong password";
    }
}
?>
<form id="form2" name="form2" method="post" action="">
  <input type="submit" name="Submit2" value="Logout" />
<?php
if(isset($_POST['Submit2'])){
session_destroy();
}
?>
</form>
</body>
</html>
Top
Thu, 02/09/2012 - 16:08
#14
GunSlider
does not have a status.
User offline. Last seen 16 hours 2 min ago. Offline
Joined: 01/27/2012
Points: 7

Aku rase session memang lagi sesuai dari cookies.. Big smile

Top