PDA

View Full Version : a little help please



car'a'carn
4th March 2008, 02:10 PM
okay, so I'm working on this web. There are pages which should only be accessible after you put in the correct password. I was wondering how to do this.

The easiest way would be a textfield and some manipulation with javascript. I know how to do this, but anyone with half a brain and some knowledge could get the passwords out of the code.

So: now i was thinking doing a similar thing with php. I've been told this code does not show when you look up the page's coding. Problem: I've never used php. So how do I go about scripting this simple script?

my idea:

<?php
password= yadayada
if (document.textbox==password)
{
open correct page
}
else
{
echo "wrong password, try again"
}
?>

the textbox is of the password-type
and it has to happen on a click-event(button)
this code would go directly under the"<html>" right?

does my code make any sence or is there an easier/better way to do this?
ow: how do i make the browser open the correct page? (named: members)

FirePenguins
4th March 2008, 10:29 PM
Your code is a little javascripty at the moment and not very php-ish. What you'll need to do is create a form with the textbox and a submit button. The form's action will be a page with the php authentication script.

Basically there are 3 ways to send variables in php; the POST method which is what the link below is for and which is best for sending form data like passwords, the GET method which sends variables through the url so not good for passwords, and then storing variables in a session which is more complicated, but you once the user is authenticated you might want to store a value such as $SESSION[authenticated] = True so that the user only has to log in once to access all protected pages on your site. At the start of each page you can just check to make sure the user is authenticated and if so load the page, but if not send them to the log in page.

This is a link to short tutorial on the POST method + lots of other good tutorials on the site:
http://www.w3schools.com/php/php_post.asp

Here's some basic code as well that I wrote that should do what you want:



login page

<form action="authenticate.php" method="post">
<input type="password" name="password">
<input type="submit" name="submit" value="Submit">
</form>




authenticate.php

session_start(); // start the session

$password = $_POST[password]; // assign the value of the password text input from your form to a variable

if ($password == "password"){
$SESSION[authenticated] = True;
header('Location: protected content page'); // navigate browser the page you have to log in to
}
else {
$SESSION[authenticated] = False;
header('Location: login page'); // navigate browser back to log in page since log in failed

}




protected content page

session_start();
if ($SESSION[autheticated] == "False"){
header('Location: login page'); // navigate to login page since user is not logged in
}
else
{
//load the page since the user is logged in
}


Hope this all helps!!

car'a'carn
5th March 2008, 03:47 PM
okay, this is gonna make me look stupid, but where does that second piece of code go? It isn't a function as it would be in javascript, so I doubt it's like this.


<script language="php">
function submit()
authenticate.php

session_start(); // start the session

$password = $_POST[password]; // assign the value of the password text input from your form to a variable

if ($password == "password"){
$SESSION[authenticated] = True;
header('Location: protected content page'); // navigate browser the page you have to log in to
}
else {
$SESSION[authenticated] = False;
header('Location: login page'); // navigate browser back to log in page since log in failed

}
</script>
already thanx for your help. I understand what the code is supposed to do and everything, I just don't know where to put it.

FirePenguins
9th March 2008, 04:54 PM
The php script is a separate page on your site. Save the code in a file called authenticate.php just like if you were saving a .html file. Php code can be integrated almost seamlessly into html just the page has to have a .php extension instead of a .html (html will still work fine on the page) and you have to include the php tags ( <?php and ?> ) around the php code. This makes php great for doing things like:

<?php

if ($variable > 5){
?>

<table>
...
</table>

<?php
}
else{
?>

<a different table>
</table>

<? }
?>

car'a'carn
17th May 2008, 12:44 PM
well, here I am again with an other problem.

I used this code to log in:

<html dir="ltr">
<head>
<title></title>
<script language= php>
session_start();
$password = $_POST[password];
if ($password == [insert password here]){
$SESSION[authenticated] = True;
header('Location: kalender1.htm'); }
else {
$SESSION[authenticated] = False;
header('Location: leden_login.htm');
}
</script>
</head>
<body>
</body>
</html>

As you can see it's the one FirePinguin helped me with.
Now, I made a log out script too:


<html dir="ltr">
<head>
<title></title>
<?php
{
$SESSION[authenticated] = False;
header('Location: leden_login.htm');
}
?>
</head>
<body>
</body>
</html>

When clicking the log out button I get this error:


Warning: Cannot modify header information - headers already sent by (output started at /www/110mb.com/d/w/e/e/r/s/_/_/dweers/htdocs/loguit.php:4) in /www/110mb.com/d/w/e/e/r/s/_/_/dweers/htdocs/loguit.php on line 7

I'm probably using the header-statement wrong, but I don't know what's wrong about it.
Also: the server keeps adding the html-tags to my .php file. Is that normal?
1
on a totally different php-matter.

is it possible to post a premaid email (mail.php) which is a combination of simple text and posted values from a different form?

example: mail.php is

<script language="php">
<p>my name is <?php echo $_POST[naam] ?>
</script>

Shane-
18th May 2008, 02:12 PM
Your problem is simple...

You must send the header() before you send anything else (Anything visible to the browser, like html)...

So, To fix your code, Do:


<?
{
$SESSION[authenticated] = False;
header('Location: leden_login.htm');
}
?>As, When you visit this page, it will always goto leden_login.htm, We dont want to have any html/text in it...

If you wanted to though, You could either:


<?php
{
$SESSION[authenticated] = False;
header('Location: leden_login.htm');
}
?>
<html dir="ltr">
<head>
<title>MySite - Loged out.</title>
Successfully logged out
</head>
<body>
</body>
</html>But the text/html wouldnt be visible...

Or


<html dir="ltr">
<head>
<title></title>
<?php
{
$SESSION[authenticated] = False;
include('leden_login.htm');
}
?>
</head>
<body>
</body>
</html>This one would insert your file into the logout page, So instead of sending an header to redirect the user, You just display it direclly within the same page, Abit like an <iframe>, But in php...

Thats just a few fixes, But the problem itself is that if your going to send an header request, they cant be anything else browser wise send to it

<?
echo 'x';
header('Location: x.htm');
?> -> Fail

<?
header('Location: x.htm');
echo 'x';
?> -> Win


Shane


Edit:

on a totally different php-matter.

is it possible to post a premaid email (mail.php) which is a combination of simple text and posted values from a different form?This i dont 100% fully understand?... If its a .php mail script you want to write, Then something amongs the lines of this should work:


<?

if ($_POST['Send'] == 'Send') {

$email = 'Shane@giveupalready.com'; //Email to
$from = $_POST['email']; //Email from
$subject = $_POST['subject']; // The email subject
$message = $_POST['message']; //The message
$headers = 'From: ' . $from . '\r\n'; //Other headers

mail($email, $subject, $message,$headers); //Send the email

echo 'Thank you for using our mail form... We will be in touch with you soon.';


}
?>

(This just the simple html form)
<form action="email.php" method="post" name="email">
From: <input type="text" value="" name="email" /> <br>
Subject: <input type="text" value="" name="subject" /> <br>
Message: <textarea rows="10" cols="30" name="message">Message.</textarea> <br>
<input type="submit" name="Send" value="Send" /><br>
</form>Note, this is quickly wrote in here, Everything looks fine, but i cant be ased to upload and test it...

Other info about the mail() function can be found at http://uk.php.net/manual/en/function.mail.php

Edit again:
I forgot, Dont just use raw values from $_POST/$_GET, Phrase them with an php function to prevent abuse

Zeta-kun
19th May 2008, 01:05 PM
it seems you only need to protect a few files with a single password so the .htaccess file will be better for you, its simple yet more flexible than the PHP methods, protects not only html files but also images, movies or any other file and currently most web servers will let you use htaccess files.

create 2 files: ".htaccess" and ".htpasswd" notice they must start with a dot so they are hidden in a UNIX-like operating system

1.) the .htaccess file should be placed in the directory where the files you want to protect are located and should contain:

a) if you want to protect a few files in the same directory

AuthUserFile /path/to/.htpasswd
AuthType Basic
AuthName "SecretPage"

<Files "page1.html">
Require valid-user
</Files>
<Files "page2.html">
Require valid-user
</Files>
<Files "image.jpg">
Require valid-user
</Files>
<Files "extradirectory/">
Require valid-user
</Files>


b) if you want to protect the whole directory:

AuthUserFile /path/to/.htpasswd
AuthType Basic
AuthName "SecretFolder"
Require valid-user


2.) the .htpasswd file contains a list of pairs username:hashedpassword, can be located anywhere if the system (preferably outside of your public_ html) and its name can be changed to .htsomethingelse if you prefer (making it harder to find xD)

the .htpassword should look like:


userone:$1$Md16pcef$xeBFLSx8xVAMExtbr4Z3s1
mike:$1$SYfnZue5$K6pDZvjUKADmvQ7r1Bl/5/
tim:$1$WlrJHeL2$QVqRdcnXMr8zdi0dVKkN3.

only one line is required if you will use only one username/password combination.
the passwords can be hashed using some webtools like http://www.htmlite.com/HTA006a.php

more info:
http://www.elated.com/articles/password-protecting-your-pages-with-htaccess/
http://www.htmlite.com/HTAintro.php

car'a'carn
22nd May 2008, 09:53 AM
okay, that is most helpfull. ty guys, again, for the much needed information