PHP - Login & Authentication

I'm new to this forum, and PHP in general. So, hello to everyone!

I'm having a problem verifying whether or not my authentication script works. I'm not new to programming...just PHP.

Here it is..
<?php
//check if user is already logged in
if(isset($_session['username']))
{
    //init database information
    $db_server = "";
    $db_user = "";
    $db_password = "";
    $db_name = "";

    //connect to the database
    $connection = mysql_connect($db_server, $db_user, $db_password);
    if(!$connection)
    {
        die('Failed to connect: ' . mysql_error());
    }
    mysql_select_db($db_name, $connection);
        
    //verify login information
    $username = $_POST['username'];
    $password = $_POST['password'];
    $query = mysql_query("SELECT * FROM users WHERE username='$username'");
    if($query)
    {
        $array = mysql_fetch_array($query);
        if($_POST['password'] = $array['password'])
        {
            $_session['username'] = $array['username'];
            $_session['email'] = $array['email'];
            $_session['user_level'] = $array['user_level'];
            $_session['ip'] = $array['ip'];
            $_session['date_registered'] = $array['date_registered'];
            echo $_session['username'];
        }
        else
        {
            echo 'Bad Login Information!';
        }
    }
    else
    {
        die('Failed to login: ' . mysql_error());
    }
}
?>

<form action="auth.php" method="post">
<input name="username" type="text" size="20" maxlength="16">
<input name="password" type="text" size="20" maxlength="20">
<input name="submit" type="submit" value="Submit">
</form>

Dera All,

SAMPLE TABLE FIELDS AND DATAS:

USER   PASSWORD   ACCNO   AMOUNT      INTEREST

JOE      JOE@123      1234      4500.00      250.00
SAM      SAM123      5678      12050.00      350.00
RAM      RAM987      8521      15698.00      568.00
MARY   MARY786      7542      14879.00      567.00
RAJ      RAJ876      8531      45622.00      1500.00


FIRST PAGE:


USER NAME  :    RAM

PASSWORD  :   ********   

   SUBMIT



SECOND PAGE:



ACCOUNT      NO    8521



THIRD PAGE:



HI WELCOME RAM  UR BALACE AND INTEREST IS

BALANCE :    15698.00
INTEREST :    568.00

HI AM NEW TO PHP. I need the code for above page. If the user only authenticate to view his accounts. Others not possible to view the other accounts

Okay, at the moment, when a user logs into my website a token is created. The token is made from a random code, their name and their email. This token is then stored next to their name in the DB.

If the user chooses to be remembered, the token is stored as a cookie, otherwise it's stored as a session var.

Every time a page is loaded, a comparison is made between the DB token and the session/cookie token to authenticate.

HOWEVER, this does not work if the user decides to login from different locations/ip addresses. How would I go about allowing this? Could I created a table and then store the IP address and the token for that IP address?

Pardon my noobness, but I'm learning to wrap AJAX into my work and use it to get XML instead of "static" PHP that generates the HTML.  The login/security portion has my head spinning, but it's probably not as difficult as I think and I'm probably just confusing myself. 

In the past, for each PHP page in my site, I would perform a quick salted login check based on the username/password stored in the $_SESSION variables.  Perhaps it was a bit overboard to check on each page, but, well, I did it.

With AJAX, I *NEED* to ensure that the php resulting from an AJAX POST request won't run if the user isn't authenticated, and I need to ensure that they didn't just somehow force a $_SESSION variable to reflect an authenticated session.  I also need to ensure that someone can't just load up the PHP page on it's own, somehow send a POST to it and run it without being authenticated. 

I suppose that beyond the larger picture of "How do I ensure that the user is authenticated, the POST request is authentic, and nobody has forced a change in the $_SESSION stored on the server, I have a few specific questions. 

I know that in part I'm confused about the whole cookie/SESSION process.  In my old PHP site, the SESSION number was stored on the cookie on the user's machine.  If the info is sent via AJAX, does the PHP get the SESSION info from the cookie or does it have to be explicitly sent?  With potentially several users sending AJAX requests at the same time, how will my PHP know which SESSION to use for each request?

Is is secure enough to set an "Autheticated" flag in $_SESSION once the user is authenticated the first time?   Is it really just as simple as sending a username/salted password hash as AJAX/POST and setting an authenticated flag in the SESSION to ensure that the rest of the AJAX application runs without allowing someone to back-door the PHP?

hey guys im after a bit of information regarding user authentication please...   now I have previously save a users session id in my database after they have logged in so when leaving and coming back to the site im able to compare session id's to get username etc...is this still the way or am I now a little old fashioned?   a few more things...do I save information such as username, access level as a session or cookie?...and what is the best way to encrypt passwords please?   thank you    

I have had a problem with people attacking my site and trying to gain access to users accounts so i beefed up security, however now users are complaining they keep getting logged out.

Here are the variables i use to validate the users and i dont want to strip them down any more can anyone give me any ideas for changing them so its still secure but not so strict as to keep logging the users out?

1. Username & password is encrypted into a cookie and verified on every page they visit.
2. There ip address is recorded on login and is checked against there current ip, on every page they visit via MySql.
3. When the user logs in a unix time stamp (mySql) is generated an updated of every page they visit and if it has not been updated in the last 60 mins the user is logged out.
4.I also generate a random key which is stored in the DB and is passed on every page via GET.
5.If a user tries to login and fails an email is sent to them and if 3 unsuccessful attempts user is locked out for 30mins.
 
 

The application that I want to build is quite simple. Here is a bit of the background of the work flow:

In my company, we create video for our client profile. After the video is done, we upload the video to our website and to youtube. It is done automatically.

After a period of time, the client can delete the video. Of course, it will delete the video in our system as well as the video in youtube. For now, the video in our system is deleted automatically. However, youtube video is deleted manually.

Our company has grown to have quite a lot of clients. It's hard for us to keep track clients that requested to delete their videos. We want to be able to have an application that will delete youtube video automatically.

I already tried to play around with youtube authentication in http://code.google.com/apis/youtube/2.0/developers_guide_php.html#Authentication but I have no luck with the authentication.

I want the application to be able to delete the video under my youtube account without having me to login to youtube. In my case right now, every time the application wants to delete the video, I have to send the request to youtube and ask for verification (i.e. I have to do application verification every time).

Here is what I have done so far:


ini_set('display_errors', 1);
ini_set('log_errors', 1);
ini_set('error_log', dirname(__FILE__) . '/error_log.txt');
error_reporting(E_ALL);


require_once('db_class.php');
require_once 'Zend/Loader.php';
Zend_Loader::loadClass('Zend_Gdata_YouTube');
Zend_Loader::loadClass('Zend_Gdata_AuthSub');
Zend_Loader::loadClass('Zend_Gdata_App_Exception');

session_start();
setLogging('on');
$_SESSION['developerKey'] = 'AI39si5H3hL9tcKOMl80IqzoC6nb87ka1QLgHxLp9nFi1l44dLa987_Gi0rbofLePQdFEWf1lrSB8KGs4lXIrcF8TR6PhUcO3Q';

function getAuthSubRequestUrl()
{
    $next = 'http://example.com/youtube_delete_video.php';
    $scope = 'http://gdata.youtube.com';
    $secure = false;
    $session = true;
    return Zend_Gdata_AuthSub::getAuthSubTokenUri($next, $scope, $secure, $session);
}

function updateAuthSubToken($singleUseToken)
{
    try {
        $sessionToken = Zend_Gdata_AuthSub::getAuthSubSessionToken($singleUseToken);
    } catch (Zend_Gdata_App_Exception $e) {
        print 'ERROR - Token upgrade for ' . $singleUseToken
            . ' failed : ' . $e->getMessage();
        return;
    }

    $_SESSION['sessionToken'] = $sessionToken;
        
    generateUrlInformation();
    
    header('Location: ' . $_SESSION['homeUrl']);
}

function getAuthSubHttpClient()
{
    try {
        $httpClient = Zend_Gdata_AuthSub::getHttpClient($_SESSION['sessionToken']);
    } catch (Zend_Gdata_App_Exception $e) {
        print 'ERROR - Could not obtain authenticated Http client object. '
            . $e->getMessage();
        return;
    }
    $httpClient->setHeaders('X-GData-Key', 'key='. $_SESSION['developerKey']);
    return $httpClient;
}

function generateUrlInformation()
{
    if (!isset($_SESSION['operationsUrl']) || !isset($_SESSION['homeUrl'])) {
        $_SESSION['operationsUrl'] = 'http://'. $_SERVER['HTTP_HOST']
                                   . $_SERVER['PHP_SELF'];
        $path = explode('/', $_SERVER['PHP_SELF']);
        $path[count($path)-1] = 'index.php';
        $_SESSION['homeUrl'] = 'http://'. $_SERVER['HTTP_HOST']
                             . implode('/', $path);
    }
}

function loggingEnabled()
{
    if ($_SESSION['logging'] == 'on') {
        return true;
    }
}

function setLogging($loggingOption, $maxLogItems = 10)
{
    switch ($loggingOption) {
        case 'on' :
            $_SESSION['logging'] = 'on';
            $_SESSION['log_currentCounter'] = 0;
            $_SESSION['log_maxLogEntries'] = $maxLogItems;
            break;

        case 'off':
            $_SESSION['logging'] = 'off';
            break;
    }
}

function logMessage($message, $messageType)
{
    if (!isset($_SESSION['log_maxLogEntries'])) {
        $_SESSION['log_maxLogEntries'] = 20;
    }

    if (!isset($_SESSION['log_currentCounter'])) {
        $_SESSION['log_currentCounter'] = 0;
    }

    $currentCounter = $_SESSION['log_currentCounter'];
    $currentCounter++;

    if ($currentCounter > $_SESSION['log_maxLogEntries']) {
        $_SESSION['log_currentCounter'] = 0;
    }

    $logLocation = 'log_entry_'. $currentCounter . '_' . $messageType;
    $_SESSION[$logLocation] = $message;
    $_SESSION['log_currentCounter'] = $currentCounter;
}

function printCacheWarning()
{
    return '<p class="note">'
         . 'Please note that the change may not be reflected in the API '
         . 'immediately due to caching.<br/>'
         . 'Please refer to the API documentation for more details.</p>';
}


function editVideoData($videoId)
{
    $httpClient = getAuthSubHttpClient();
    $youTubeService = new Zend_Gdata_YouTube($httpClient);
   $videoEntryToUpdate = $youTubeService->getFullVideoEntry($videoId);

    if (!$videoEntryToUpdate instanceof Zend_Gdata_YouTube_VideoEntry) {
        print 'ERROR - Could not find a video entry with id ' . $videoId
            . '<br />' . printCacheWarning();
        return;
    }

    try {
        $putUrl = $videoEntryToUpdate->getEditLink()->getHref();
    } catch (Zend_Gdata_App_Exception $e) {
        print 'ERROR - Could not obtain video entry\'s edit link: '
            . $e->getMessage() . '<br />';
        return;
    }

    $videoEntryToUpdate->setVideoTitle("My Test Movie - Private 10000012");
    $videoEntryToUpdate->setVideoDescription("My Test Movie - Private 10000012");
    $videoEntryToUpdate->setVideoPrivate();

    try {
        $updatedEntry = $youTubeService->updateEntry($videoEntryToUpdate, $putUrl);
        if (loggingEnabled()) {
            logMessage($httpClient->getLastRequest(), 'request');
            logMessage($httpClient->getLastResponse()->getBody(), 'response');
        }
    } catch (Zend_Gdata_App_HttpException $httpException) {
        print 'ERROR ' . $httpException->getMessage()
            . ' HTTP details<br /><textarea cols="100" rows="20">'
            . $httpException->getRawResponseBody()
            . '</textarea><br />'
            . '<a href="session_details.php">'
            . 'click here to view details of last request</a><br />';
        return;
    } catch (Zend_Gdata_App_Exception $e) {
        print 'ERROR - Could not post video meta-data: ' . $e->getMessage();
        return;
    }
        print 'Entry updated successfully.<br /><a href="#" onclick="'
            . 'ytVideoApp.presentFeed(\'search_owner\', 5, 0, \'none\'); '
            . 'ytVideoApp.refreshSearchResults();" >'
            . '(refresh your video listing)</a><br />'
            . printCacheWarning();
}


if (!isset($_GET['token'])) {

$returnURL = getAuthSubRequestUrl();
echo "<a href=".$returnURL.">Link To Google</a>";

} else {
$singleUseToken = $_GET['token'];
updateAuthSubToken($singleUseToken);

/* editVideoData('mJDRXXaFVGw'); */
}



This is how I call the function: http://example.com/youtube_delete_video.php

So, what I need basically is to know
1. how can I store the authentication after I verify it from youtube?
2. What function to populate after I store the authentication? <- I couldn't figure where this part is in the documentation.

PS: example.com is not a real url. It's just for the sake of writing the post he )

Hi, iam working on a curl based authentication and iam sending a curl request to one of my pages, like this:


<?php
$ch = curl_init("http://localhost/test.php");
        
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($curl, CURLOPT_USERPWD, 'myuser:mypwd'); 
// sending username and pwd.                   
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);                          
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);                           
curl_setopt($curl, CURLOPT_USERAGENT, 'Sample Code');
curl_setopt($curl, CURLINFO_HEADER_OUT, true);

$output = curl_exec($ch);
print_r(curl_getinfo($ch));      
curl_close($ch);
echo '<br><br>';
echo $output;
?>


But in my test.php page, iam not able to get the username and password values, in $_SERVER array.  What could be the problem? 

Hello everyone,

I have a site where users sign up using an email address as their username.  I want to be able to verify that their email address is valid without having to send them a confirmation email that they have to click some link in before they are allowed to sign in to the website.  Maybe something that pings the email server for a specific address, and if the address is not valid, alert the user to enter a valid address.  Does anyone have any ideas or information that you could point me to to assist me with this task?  Thanks in advance for any help or ideas.

Hello all,

I am extremely new with php, I just started learning it this week. I am tryin to make a secure login page that uses cookies for authentication. The problem I am having is that I cannot seem to get it to detect or read the set cookie properly. I want it to detect if its the correct username in the cookie and if so, allow to see the page, and if now, then return to the login screen.

The login screen is login.html, which directs the person to the php script login.php. That should in turn show them a message page and some short info, as well as a link to their control panel (index.php) . The problem is that even if i skip the login I can still reach the control panel (index.php) with or without the cookie.

Here is my code (please be gentle this is my first week with php):

login.html:
Code: [Select]
<html>
<head>
<Title>Admin Login</Title>
</head>
<body>
<center>
<br>
<br>
<br>
<br>
<img src="pk.png">
<form action="login.php" method="post">
<br>
Username: <input type="text" name="username" /><br>
Password:  <input type="text" name="password" /><br>
<input type="submit" value="Login" />
</form>
</center>





</body>
</html>
login.php:
Code: [Select]
<?php

// Print a cookie
//echo $_COOKIE["auth"];

// A way to view all cookies
//print_r($_COOKIE);

//global $verified;

$verified=NULL;
global $cookie;
$cookie=$HTTP_COOKIE_VARS['auth'];

if($_COOKIE["auth"] = "Verified_Power" )
{
echo "You have been verified as PowerHouse. <br><br>";
$verified="TRUE";
}
else if($_COOKIE["auth"] = "Verified_Thor")
{
echo "it's actually thor!<br><br>";
$verified="FALSE";
}
else
{
echo "Bad Chookie";
$verified="FALSE";
exit();
}


?>
<html>
<head>

<Title>Login Info</Title>
</head>
<body>
<center>
<img src="pk.png">
<br>
<br>
<br>
Hello <?php echo($username); ?>!<br />


<?php //header("Cache-Control:no-cache");






$msgfile = "messages.txt";
$msgf = fopen( $msgfile, "r");
$msgsize = filesize( $msgfile );
if( $msgsize <= 0)
{
$msg=NULL;
}
else
{
$msg = fread( $msgf, $msgsize);
fclose($msgf);
}



If( $username == "PowerHouse" )
{
If( $password == "test")
{
//read logon file
$powerlogfile="Admin_Checkin/logs/powerlogon.txt";
$logfile = fopen( $powerlogfile, "r");
$logfilesize = filesize ( $powerlogfile );
$logcountpower = fread( $logfile, $logfilesize );
$logcountpower++;
fclose($logfile);
//open file for writing
$logfile = fopen($powerlogfile, "w");
fwrite( $logfile, $logcountpower);

fclose($logfile);
echo("You are logged in. <br><br>");
echo("It is you master! <br><br>");
if( $msg == NULL )
{
echo("No New Messages<br><br><br>");
}
else
{
echo("You have a message: <br>");
echo "$msg <br><br><br>";
}

echo "Click <a href='" . "/Admin_Checkin/14795" . "'>Here</a> To access your control panel.<br><br><br>";  
echo "You have logged in $logcountpower times.";

//open logfile to write to 
$logfile=fopen("Admin_Checkin/logs/powerlog.html", "a");
//write the time of access
$time=date("H:i:s: dS F");
fwrite($logfile, "<b>Time of access:</b> $time<br>");
//write users ip
if( $REMOTE_ADDR != NULL )
{
fwrite($logfile, "<b>IP Address:</b> $REMOTE_ADDR <br>");
}
//write users forwarding url
if( $HTTP_REFERER != NULL)
{
fwrite($logfile, "<b>Referer:</b> $HTTP_REFERER <br>");
}
//write users browser info
fwrite($logfile, "<b>Browser Info:</b> $HTTP_USER_AGENT <hr><br>");

setcookie("auth","Verified_Power", time()+3600);
//header("Location:login.php"); exit();

//setcookie('login', $_REQUEST['username'].','.md5($_REQUEST['username'].$secret_word));




}
else if( $password != "test" )
{
$pwfail++;
echo("<hr>You have entered the wrong password, PowerHouse. <br>");
}
}
else if($username == "ThorSummoner")
{
If( $password == "test")
{
//read logon file
$thorlogfile="Admin_Checkin/logs/thorlogon.txt";
$logfile = fopen( $thorlogfile, "r");
$logfilesize = filesize ( $thorlogfile );
$logcountthor = fread( $logfile, $logfilesize );
$logcountthor++;
fclose($logfile);
//open file for writing
$logfile = fopen($thorlogfile, "w");
fwrite( $logfile, $logcountthor);

fclose($logfile);
echo("You are logged in. <br><br>");
echo("This is the Admin Portal Welcome Screen. <br><br>");
if( $logcountthor == 1)
{
echo "This is your first visit, yay! <br><br>";
}
//echo "$msg <br> <br>";

if( $msg == NULL )
{
echo("No New Messages<br><br><br>");

}
else
{
echo("You have a message: <br>");
echo "$msg <br><br><br>";
}

echo "Click <a href='" . "/Admin_Checkin/atfg4gc" . "'>Here</a> To access your control panel.<br><br><br>";  
echo "You have logged in $logcountthor times.";

//open logfile to write to 
$logfile=fopen("Admin_Checkin/logs/thorlog.html", "a");
//write the time of access
$time=date("H:i:s: dS F");
fwrite($logfile, "<b>Time of access:</b> $time<br>");
//write users ip
if( $REMOTE_ADDR != NULL )
{
fwrite($logfile, "<b>IP Address:</b> $REMOTE_ADDR <br>");
}
//write users forwarding url
if( $HTTP_REFERER != NULL)
{
fwrite($logfile, "<b>Referer:</b> $HTTP_REFERER <br>");
}
//write users browser info
fwrite($logfile, "<b>Browser Info:</b> $HTTP_USER_AGENT <hr><br>");

setcookie("auth","Verified_Thor", time()+3600);

}
else if( $password != "test" )
{
$pwfail++;
echo("You have entered the wrong password, ThorSummoner. <br>");
}

}
else if($username !== "PowerHouse" && $username !=="ThorSummoner")
{
echo("Who are you?");
}




?>
</center>
</body>
</html>

index.php
Code: [Select]
<?php


global $verified;
echo ($verified);

If( $verified == "TRUE" )
{
echo "You are verified";
}
else if( $verified != "TRUE" )
{
echo "You should not be here";
}
else if( $verified = NULL )
{
echo "Nulled out";
}
$cookie=$HTTP_COOKIE_VARS['auth'];

If( $cookie != "Verified_Power")
{
echo "No Cookie, or not correct cookie";
}

// A way to view all cookies
//print_r($_COOKIE);


?>
<html>
<head>
<Title>Power's Control Panel
</Title>
</head>
<body>
This is my control panel <BR>

test<br>
</body>
</html>
Any help would be greatly appreciated! Remember I am new so I am sure my code is poorly written. Please be polite.

Here I have three different pages. The first can be logged on as admin and you can choose to add entry and visit visitor log. (Do not use MySQL or other databases). All items and visitor log saved to file.
I am using sessions and what I have problem with is a password-protected administration section. (Authentication)
What I'm trying to make is that visitors will be able to see the items, but only admin can log in and only the admin should be able to add entries and visit visitor log.

what should I do?



index.php (where I log in with username: admin and pw:123)
<?php
session_start();

if(isset($_POST['LoutBtn']))
{
session_destroy();
}

if(isset($_POST['LoginBtn']))
{


//convert a string to all lower case letters.
//if user gives username with big letters still can login.
$user = strtolower($_POST['username']);
$pass = $_POST['password'];

if($user == 'admin' && $pass == '123')
{

$_SESSION['LogedIn'] = true;
print('Welcome admin');

?>

<table width="50"  align="right"  cellpadding="2" cellspacing="2">

<form method="POST" action="panel.php">
<tr>

<td><input type="submit" value="add post" name="PnlBtn" /></td>
</tr>
</form>

<form method="POST" action="stat.php">
<tr>

<td><input type="submit" name="showstat" value="visitorlog" /></td>
</tr>
</form>

</table>



<?php
     
}
elseif (empty($user) || empty($pass))
         
      
      {
  print('<font color="#FF0000">Please fill in username and password!<br/></font>');
    
      
      }
  
elseif ($_POST['username'] != 'admin'){
      
     
      print('<font color="#FF0000">wrong username<br/></font>');
    
      
      }
      
      elseif ($_POST['password'] != '123'){
      
   
      print('<font color="#FF0000">wrong password<br/></font>');

//elseif {

// print('<font color="#FF0000">The User Name And/Or Password is incorrect!
//  Please try again...<br/></font>');

//print('<a href="index.php">Back</a>');
}

  }

?>


<?PHP
/* define the blog content file name */
$filename = "myBlogContent.txt";
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>

<form method="post" action="index.php">

<table width="300" border="1" align="right" cellpadding="2" cellspacing="2">
<tr>
<td width="150">UserName:</td>
<td> <input type="text" name="username" size="20" />
</td>
</tr>
<tr>
<td width="150">Password</td>
<td><input type="password" name="password" size="20" /></td>
</tr>
<tr>
<td><input type="submit" value="Login" name="LoginBtn" />
</td>
</tr>
<tr>
<td><input type="submit" value="Logout" name="LoutBtn" /></td>
</tr>
</table>
</form>

<!-- CONTENT DIV -->
<div style="position:absolute; left: 100px; top: 100px; width: 400px;">

<?PHP

/* check to see if the file exists */
if (!file_exists($filename)) {

echo "The Blog Is Empty";

}else{

/* get the file lines into an array */

$BlogArray = file($filename);

/* count the number of blog entries */

$count = count($BlogArray);

$i=0;

while($i<$count) {

$new_array = explode("|", $BlogArray[$i]);

echo "Posted by: " . $new_array[1] . "<br>";

echo "Posted on: " .  date("m/d/y h:iA", time($new_array[0])) . "<br>";

echo 

"Title: " . $new_array[2] . "<br>";


echo $new_array[3] . "<hr>";


$i ++;


}
}
?>
</div>
</body>
</html>



panel.php (where I can add new items)

<?php
session_start();
   


//if(isset($_POST['LoutBtn'])){

//header ('Location: index.php');
//}

//print('<h1>Welcome admin</h1>');





?>





<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>



<form  action="content.php" method="post">
<table>


<tr><td>Blog entry posted by (Your name): </td><td><input type="text" name="who" size="20" maxlength="20" value=""></td></tr>

<tr><td>Title of this blog entry: </td><td><input type="text" name="title" size="40" maxlength="80" value=""></td></tr>


<tr><td>Content: </td><td><textarea name="content" rows="5" cols="40"></textarea></td></tr>


<tr><td clospan="2"><input type="submit" value="Submit"></td></tr>

<tr><td clospan="2"><input type="submit" name="showstat" value="visitorlog" /></td></tr>

<tr><td clospan="2"><input type="submit" value="Logout" name="LoutBtn" /></td></tr>
</table>







</form>
<a href="index.php">View</a><br>


</body>
</html>





content.php (Location: panel.php)


<?PHP
/* obtain the form data */
$who = $_POST['who'];
$title = $_POST['title'];
$content = $_POST['content'];
$content = str_replace(array("\r\n", "\r", "\n"), "<br>", $content); 

/* create timestamp variable for current date and time */
$when_ts = time(); 

/* define the blog content file name */
$filename = "myBlogContent.txt";

/* prepare the variables for adding to the file */

$new_line_content = $when_ts . "|" . $who . "|" . $title . "|" . $content . "\n";

/* open the file in the APPEND MODE */
$fh = fopen($filename, 'a+') or die("can't open file");

/* add the new content */
fwrite($fh, $new_line_content); 

/* close the file */
fclose($fh); 

 header("Location: panel.php");
//exit; // Closes further script execution . 
?>


stat.php (visitorlog)


<?php
 session_start();


if(isset($_POST['home'])){

?>
<p> <input type="submit" name="home" value="Hem" /></p>
 <?php
}
?>
        

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
   
  <form action="index.php" method="post">
<p> <input type="submit" name="home" value="Hem" /></p>
</form>


<?php
 
$ipaddress = $_SERVER['REMOTE_ADDR'];
$page = "http://{$_SERVER['HTTP_HOST']}{$_SERVER['PHP_SELF']}"; 
$referrer = $_SERVER['HTTP_REFERER'];
$datetime = mktime();
$useragent = $_SERVER['HTTP_USER_AGENT'];
$remotehost = @getHostByAddr($ipaddress);



?>

<?php
// Create log line
// Create log line
$logline = $ipaddress . '|' . $referrer . '|' . $datetime . '|' . $useragent . '|' . $remotehost . '|' . $page . "\n"; 
// Write to log file:
$logfile = 'logfile.txt';

// Open the log file in "Append" mode
if (!$handle = fopen($logfile, 'a+')) {
    die("Failed to open log file");
}

// Write $logline to our logfile.
if (fwrite($handle, $logline) === FALSE) {
    die("Failed to write to log file");
}
  
fclose($handle);  

?>
    <?php
// Open log file
$logfile = "logfile.txt";

if (file_exists($logfile)) {
    
    $handle = fopen($logfile, "r");
    $log = fread($handle, filesize($logfile));
    fclose($handle);
} else {
    die ("The log file doesn't exist!");
} 
// Seperate each logline
$log = explode("\n", trim($log)); 
// Seperate each part in each logline
for ($i = 0; $i < count($log); $i++) {
    $log[$i] = trim($log[$i]);
    $log[$i] = explode('|', $log[$i]);
} 

echo count($log) . " people have visited this website.". "<br>" . "<br>";  


?>
    
    <?php
// Show a table of the logfile

//echo 'IP Address'. "<br>" . "<br>";
//echo 'Referrer'. "<br>" . "<br>";
//echo 'Date'. "<br>" . "<br>";
//echo 'Useragent'. "<br>" . "<br>";
//echo 'Remote Host'. "<br>" . "<br>";

foreach ($log as $logline) {

    echo '' . $logline['0'] . "<br>" . "<br>";
    echo '' . urldecode($logline['1']) . "<br>" . "<br>";
    echo '' . date('d/m/Y H:i:s', $logline['2']) . "<br>" . "<br>";
    echo '' . $logline['3'] . "<br>" . "<br>";
    echo '' . $logline['4'] . "<br>" . "<br>";



}


?>

</body>
</html>

The title may be a bit misleading, but essentially what I have is a custom CMS I built in PHP.  What I want to do next is to build some sort of authentication to ensure my code was not copied and reused on another server.
I need some way to communicate between my CMS and an external script to ensure that it is valid.

I was thinking of putting a file on a domain. A simple function that accepts an url this function takes the url, searches the db, if it finds it, send back an result.

My CMS obviously queries this function with the current url of the domain and if the url is in my db, the software works, otherwise it displays a message saying it was illegally copied.

How do I build this interaction between the two?  I could use AJAX, but i need something a bit more robust so that your average developer doesn't figure it out too easily.