[Answer ID: 14735]
How to: Setup secure page with simple login using PHP and MySQL hosted on TeraStation Web Server
For information on how to enable WEB hosting on TeraStation see this link.
The following instructions is provided as an example on how to implement a PHP/MySQL authentication/login.
Specifically :
- how to access MySQL
- MySQL logon table creation (Username and password)
- Page password protection
1) To access my SQL, start a browser and enter your NAS IP address.
2) Login and navigate to Services and click MySQL Server configuration button.
3) Click [Open phpMyAdmin] button.
4)Log in to phpMyAdmin with same WEB UI username and password.
Alternatively, you could use any 3rd party GUI client of your choice. However, the client IP address should be granted right access.
you can access SQL web console from phpMyAdmin to issue SQL commands.
5) Go Database tab
And create a new database. Enter database name and click [Create] button.
6) Next tab to structure and create "user" table with 2 fields and click [Go].
7) Next, Specify field names : Username and user password . Type to VARCHAR and length to 25 2nd 255 respectively.
Password is saved in MD5 format.
8) Next populate the tables by entering some values for user name and password ( for 2 users in this example):
Note the MD5 function is set for password.
Click [Go] to proceed. End result shown bellow .
Since access to MySQL is password protected, create a config.php file with connection details and copy the following files to htdocs subfolder.
File Name : config.inc |
<?php
//config.inc $hostname = 'localhost'; // MySQL hostname. No Need to change $dbname = 'PasswordDB'; // database name. <- change as needed $username = 'admin'; // database username. <- change as needed $password = 'password'; // admin ( database ) password. <- change as needed //Next, attempt to connect to SQL server on NAS mysql_connect($hostname, $username, $password) or DIE('Unable to connect to NAS, check if SQL server is enabled'); //select database mysql_select_db($dbname) or DIE('Database is not available!'); ?> |
File Name : logout.php |
<?php
//logout.php -- Log out clear session and go back to login session_start(); unset($_SESSION['username']); header('Location: index.php'); ?> |
File Name : index.php |
<?php
// Inialize session session_start(); // If USER is already logged in , jump to secured page if (isset($_SESSION['username'])) { header('Location: securedpage.php'); } ?> <html> <head> <title>My Login Page</title> </head> <body> <h3>User Login</h3> <table border="0"> <form method="POST" action="loginhandler.php"> <tr><td>Username</td><td>:</td><td><input type="text" name="username" size="20"></td></tr> <tr><td>Password</td><td>:</td><td><input type="password" name="password" size="20"></td></tr> <tr><td> </td><td> </td><td><input type="submit" value="Login"></td></tr> </form> </table> </body> </html>
|
File Name : loginhandler.php |
<?php
// loginhandler.php - Init session session_start(); // Include DB access settings include('config.inc'); // query DB for username and password entery given by input. Note output from MD5 function passed as password: $login = mysql_query("SELECT * FROM user WHERE (username = '" . mysql_real_escape_string($_POST['username']) . "') and (password = '" . mysql_real_escape_string(md5($_POST['password'])) . "')"); // Check username and password match if (mysql_num_rows($login) == 1) { // Set username session variable $_SESSION['username'] = $_POST['username']; //Go to secured page header('Location: securedpage.php'); }
?> <html> <head> <title>Autherazation Error</title> </head> <body> <p> ERROR : Re-Check PASSWORD for USERNAME. </b> <br> RETRY: <a href="index.php">login</a> </p> </body> </html>
|
This is the secured page :
File Name : restrictedpage.php |
<?php //restrictedpage.php :Init session session_start(); // Check, if username session is NOT set then this page will jump to login page if (!isset($_SESSION['username'])) { header('Location: index.php'); } ?> <html> <head> <title>Secured Page</title> </head> <body> <p><b><font size="4">Authentication is successful. </font></b></p> <p>Access to this page is restricted. Only users with password account in data base will be able to access this page.</p> <p>Use this page as gateway to your restricted contents (such as pictures and music files).</p> <p><a href="logout.php">Logout</a></p> </body> </html> |
Once the above .php files created and copied to the htdocs, you may test the login page by opening a browser to http://x.x.x.x:81
Details