• This is a login that can be used on any existing PHP file. The login uses a single username/password set and does not require a database. Setup is as simple as adding a few lines of text to the top of any PHP page to force a login.

• ZIP with all files (Login.class.php, example login page)
• Quickview Login.class.php (already included in above zip)

• All versions of this script have been released under GNU General Public License. Basically this means you are free to use the script, modify it, and even redistribute versions of your own under the same license.

• 2.1 [2010-06-06] First public release. There are many older versions in existence, however this was the first version I fully documented and put up for download.

Instructions

Requiring the login on your PHP file

• At the very top of the PHP page where you need the login, add the following lines:
  <?php
session_start(); // start session cookies
require("Login.class.php"); // pull in file
$login = new Login; // create object login

$login->authorize(); // make user login
?>
• How it works:
  • session_start(); starts the temporary session cookies needed
  • require("Login.class.php"); grabs the file that includes the login class. If you place the file somewhere else, don't forget to change the path. eg; require("includes/Login.class.php");
  • $login = new Login creates the $login object from the class
  • $login->authorize(); this is where the actual work occurs. This checks if the user is already logged in. If they are, it checks if the login is valid. If they are not logged in or if the login is incorrect, the Login class will print out the login prompt and kill anything further on the page from being run. This means if the login is incorrect or incomplete, nothing past the $login->authorize(); point on your page is run. If the user is correctly logged in, the page continues loading as normal.

Settings and configuration

• You will also need to specify the username and the password. You can do this in several places. By default, they exist and are set before the class in Login.class.php but you can move them to a config.php file or even to the top of your existing PHP file. You set the username and password with (here set to "admin" and "secret"):
  <?php
// username to login into page
define('LOGIN_USER', "admin");

// password to login into page
define('LOGIN_PASS', "secret");
?>
• The Login class also contains two properties that are changeable:
  var $prefix = "login_";
  $prefix is a unique identifier for that specific login object. 98% of the time you can leave it set to the default. It was added because I often have multiple projects going at once out of the same client/projects sub-folder. The $prefix setting allows me to make each set of cookies unique so they do not conflict with logins from other projects. This setting could allow you to use multiple files and multiple user/pass sets using my script, however if you need to allow multiple usernames, please PLEASE use a different script better designed to handle it.
• The other Login class property controls the duration the cookie remains:
  var $cookie_duration = 21;
  This is the number of days the user will remained logged in if they check the "Remember me on this computer" checkbox on the login prompt. With this option, even if the browser is closed, they will still be logged in when the page is loaded again. Note that you can manually log out at any time by going your_pagename.php?action=clear_login. It is also safe to completely remove the "remember me" checkbox from the login prompt if you desire.

Changing the look of the login prompt

• The login prompt is basic HTML/CSS by default. You can however easily customize it to your template. Edit Login.class.php and near the bottom, you can change any of the HTML inside the prompt() function. There are a few things to remember however:
  • The field names need to remain the same. This means name="user" and name="pass" are required and can not be renamed.
  • name="remember" checkbox is optional and can safely be deleted. However, if you want to use it, the name must remain the same.
  • <form action="<?php echo $_SERVER['SCRIPT_NAME']; ?>" method="post"> must remain the same so the login class will work on any page name.
  • <?php echo $msg; ?> is optional, but if you remove it you will not receive any type of messages like "Incorrect username or password"
  • Messages come in two formats. Error messages come with class="warn" and feedback messages come with class="msg". With the default template, the "warn" are formatted to show in red, the "msg" to show in green. However you are welcome to use your own formatting or ignore it completely.