[Answer ID: 14752]

How to: Setup secure page with simple login using PHP and MySQL hosted on LinkStation WEB Server.

Created 09/28/2012 12:16  |   Updated 04/24/2014 08:37
For Information on how to enable WEB hosting on TeraStation see this link.  

The following instructions is provided as an example on how to implement a PHP/MySQL authentication/login.

Specifically  :

  • how to access MySQL
  • MySQL logon table creation (Username and password)
  • Page password protection

1) To access my SQL, start a browser and enter your NAS IP address.

2) Login and navigate to  Network and click MySQL Server configuration button.


Image


3) Click [Open phpMyAdmin] button.


Image


4)Login to phpMyAdmin with same WEB UI username and password.

Alternatively, you could use any 3rd party GUI client of your choice. However, the client IP address should be granted right access.

you can access SQL web console from phpMyAdmin to issue SQL commands.

5) Go Database tab


Image


And create a new database. Enter database name and click [Create] button.


Image


6) Next tab to structure and create "user" table with 2 fields and click [Go].


Image


7) Next, Specify field names : Username and user password . Type to VARCHAR and length to 25 2nd 255 respectively.

Password is saved in MD5 format.


Image


8) Next populate the tables by entering some values for user name and password  ( for 2 users in this exaple):

Note the MD5 function is set for password.


Image


Click [Go] to proceed. End result shown bellow .


Image

 

Since access to MySQL is password protected, create a config.php file with connection details and copy the following files to htdocs subfolder.


File Name : config.inc                        
<?php

//config.inc   

$hostname = 'localhost';              // MySQL hostname. No Need to change

$dbname = 'PasswordDB';        // database name.  <- change as needed

$username = 'admin';               // database username. <- change as needed

$password = 'password';        // admin ( database ) password. <- change as needed

                                            //Next, attempt to connect to SQL server on NAS

mysql_connect($hostname, $username, $password) or DIE('Unable to connect to NAS, check if SQL server is enabled');

//select database

mysql_select_db($dbname) or DIE('Database is not available!');

?>


 

File Name : logout.php                      
<?php

//logout.php -- Log out clear session and go back to login

session_start();

unset($_SESSION['username']);

header('Location: index.php');

?>


 

File Name : index.php            
<?php

// Inialize session

session_start();

// If USER is already logged in , jump to secured page

if (isset($_SESSION['username']))

{

header('Location: securedpage.php');

}

?>

<html>

<head>

<title>My Login Page</title>

</head>

<body>

<h3>User Login</h3>

<table border="0">

<form method="POST" action="loginhandler.php">

<tr><td>Username</td><td>:</td><td><input type="text" name="username" size="20"></td></tr>

<tr><td>Password</td><td>:</td><td><input type="password" name="password" size="20"></td></tr>

<tr><td>&nbsp;</td><td>&nbsp;</td><td><input type="submit" value="Login"></td></tr>

</form>

</table>

</body>

</html>

 


 

 

 

File Name : loginhandler.php
<?php

// loginhandler.php - Init session

session_start();

// Include DB access settings

include('config.inc');

// query DB for username and password entery given by input. Note output from MD5 function passed as password:

$login = mysql_query("SELECT * FROM user WHERE (username = '" . mysql_real_escape_string($_POST['username']) . "') and (password = '" . mysql_real_escape_string(md5($_POST['password'])) . "')");

// Check username and password match

if (mysql_num_rows($login) == 1) {

// Set username session variable

$_SESSION['username'] = $_POST['username'];

//Go to secured page

header('Location: securedpage.php');

}

 

?>

<html>

<head>

<title>Autherazation Error</title>

</head>

<body>

<p>

ERROR : Re-Check PASSWORD for USERNAME.

</b>

<br>

RETRY: <a href="index.php">login</a> </p>

</body>

</html>

 





 


 

This is the secured page :

File Name : restrictedpage.php
<?php

//restrictedpage.php :Init session
session_start();

// Check, if username session is NOT set then this page will jump to login page
if (!isset($_SESSION['username'])) {
header('Location: index.php');
}

?>
<html>

<head>
<title>Secured Page</title>
</head>

<body>

<p><b><font size="4">Authentication is successful. </font></b></p>
<p>Access to this page is restricted. Only users with password account in data
base will be able to access this page.</p>
<p>Use this page as gateway to your restricted contents (such as pictures and
music files).</p>
<p><a href="logout.php">Logout</a></p>


</body>

</html>

Once the above .php files created and copied  to the htdocs, you may test the login page by opening a browser to http://x.x.x.x:81

 

 

 

 



Details


Products

OS / Hardware

Was this answer helpful?
Please tell us how we can make this answer more useful.

Refine your search

Select Product / OS & Hardware

      Enter Keywords or a specified ID