Connecting Tech Pros Worldwide Forums | Help | Site Map
bytes > topic > php > answers

multiple user password protection

Lou
Guest
  
Posts: n/a
#1: Jul 17 '05
Please can someone put me out my misery!
Im trying to find a multiple user/password protection script that will
redirect the specific user to a specific directory.

At the moment I have set up htaccess which is fine but can only
protect one directory unless I put htaccess on each directory which I
think is a bit long winded, but is there any other way I can do this
with using only one password script?

Any info would be greatly appreciated,

L

WindAndWaves
Guest
  
Posts: n/a
#2: Jul 17 '05

re: multiple user password protection


"Lou" <louise@msc-ltd.co.uk> wrote in message news:35f5cc5f.0501280243.42d7497c@posting.google.c om...[color=blue]
> Please can someone put me out my misery!
> Im trying to find a multiple user/password protection script that will
> redirect the specific user to a specific directory.[/color]
[...][color=blue]
> L[/color]

make a link to a page call login.php?ref=X.php

where X.php is the referring page

then save the code below as login.php

It works for me..., but I am only a beginner.


<?php

$front = '<!--start-->'; //put the start of your html file here....

$end = '<!---end-->'; //put the end your html file here
?>
<?php
if ($HTTP_POST_VARS["username"]=="") {
echo $front;
?>
<H1>Login to myurl.com</H1>
Please enter your details below:<BR>
<FORM METHOD="post" ACTION="login.php?ref=<?php echo $ref; ?>" ID="frm">
<LABEL CLASS="mul">Username: <INPUT TYPE="text" NAME="username" SIZE="20" ID="username"></LABEL>
<LABEL CLASS="mul">Password: <INPUT TYPE="password" NAME="password" SIZE="15" ID="password"></LABEL><BR><BR>
<DIV STYLE="text-align: center;">
<INPUT TYPE="Submit" VALUE="log in" ID="submit" NAME="submit" CLASS="submit">
</FORM>
<?php echo $end; ?>
<?php
}
else{
// __________________________________________________ _____ clean out previous entries
session_register("permission");
session_register("username");

$username=$HTTP_POST_VARS["username"];
$password=$HTTP_POST_VARS["password"];
$permission = 0;
session_start();
if ($username=="login" AND $password=="password"){ $permission = 1;}
if ($username=="secondlogin" AND $password=="masterpassword"){ $permission = 2;}
//etc...
$username=$HTTP_POST_VARS["username"];
session_register("permission");
session_register("username");
if ($permission > 0){
session_start();
echo $front;
?>
<H1>welcome <?php echo $username; ?></H1>

<?php
if (strpos($ref, '.php') === false) {
$ref .= '.php?';
}
echo 'Congratulations, login correct. <A HREF="'.$ref.'&amp;PHPSESSID='.session_id().'">Ple ase continue</A>.';
echo $end;
?>
<?php
}
else{
?>
<?php echo $front; ?>
<H1>please try again <?php echo $username; ?></H1>
Sorry: login NOT correct. <A HREF="login.php<?php echo '?ref='.$ref; ?>">Please try again</A>.
<?php echo $end; ?>
<?php
}
?>
<?php
}
?>



Then, in other pages, that you want to password protect, you put.

<?php
session_start();
if ($permission < 1) {
echo 'please <A HREF="login.php?ref=mypage.php">login first</A>';
}
else {
[rest of the page.....]
}

Note that for this way you do need to use sessions... how they work, I have no idea, but they seem to work for me ... lol

- Nicolaas
Kevin
Guest
  
Posts: n/a
#3: Jul 17 '05

re: multiple user password protection

Don't do it this way. If register globals is turned on, visitors can simply
go to one of your "password protected" pages, add "?permission=1" to the URI
and they will be allowed in.

- Kevin

"WindAndWaves" <access@ngaru.com> wrote in message
news:l5pKd.12573$mo2.966995@news.xtra.co.nz...[color=blue]
>
> "Lou" <louise@msc-ltd.co.uk> wrote in message
> news:35f5cc5f.0501280243.42d7497c@posting.google.c om...[color=green]
>> Please can someone put me out my misery!
>> Im trying to find a multiple user/password protection script that will
>> redirect the specific user to a specific directory.[/color]
> [...][color=green]
>> L[/color]
>
> make a link to a page call login.php?ref=X.php
>
> where X.php is the referring page
>
> then save the code below as login.php
>
> It works for me..., but I am only a beginner.
>
>
> <?php
>
> $front = '<!--start-->'; //put the start of your html file here....
>
> $end = '<!---end-->'; //put the end your html file here
> ?>
> <?php
> if ($HTTP_POST_VARS["username"]=="") {
> echo $front;
> ?>
> <H1>Login to myurl.com</H1>
> Please enter your details below:<BR>
> <FORM METHOD="post" ACTION="login.php?ref=<?php echo $ref; ?>"
> ID="frm">
> <LABEL CLASS="mul">Username: <INPUT TYPE="text" NAME="username"
> SIZE="20" ID="username"></LABEL>
> <LABEL CLASS="mul">Password: <INPUT TYPE="password" NAME="password"
> SIZE="15" ID="password"></LABEL><BR><BR>
> <DIV STYLE="text-align: center;">
> <INPUT TYPE="Submit" VALUE="log in" ID="submit" NAME="submit"
> CLASS="submit">
> </FORM>
> <?php echo $end; ?>
> <?php
> }
> else{
> // __________________________________________________ _____ clean out
> previous entries
> session_register("permission");
> session_register("username");
>
> $username=$HTTP_POST_VARS["username"];
> $password=$HTTP_POST_VARS["password"];
> $permission = 0;
> session_start();
> if ($username=="login" AND $password=="password"){ $permission = 1;}
> if ($username=="secondlogin" AND $password=="masterpassword"){
> $permission = 2;}
> //etc...
> $username=$HTTP_POST_VARS["username"];
> session_register("permission");
> session_register("username");
> if ($permission > 0){
> session_start();
> echo $front;
> ?>
> <H1>welcome <?php echo $username; ?></H1>
>
> <?php
> if (strpos($ref, '.php') === false) {
> $ref .= '.php?';
> }
> echo 'Congratulations, login correct. <A
> HREF="'.$ref.'&amp;PHPSESSID='.session_id().'">Ple ase continue</A>.';
> echo $end;
> ?>
> <?php
> }
> else{
> ?>
> <?php echo $front; ?>
> <H1>please try again <?php echo $username; ?></H1>
> Sorry: login NOT correct. <A HREF="login.php<?php echo
> '?ref='.$ref; ?>">Please try again</A>.
> <?php echo $end; ?>
> <?php
> }
> ?>
> <?php
> }
> ?>
>
>
>
> Then, in other pages, that you want to password protect, you put.
>
> <?php
> session_start();
> if ($permission < 1) {
> echo 'please <A HREF="login.php?ref=mypage.php">login first</A>';
> }
> else {
> [rest of the page.....]
> }
>
> Note that for this way you do need to use sessions... how they work, I
> have no idea, but they seem to work for me ... lol
>
> - Nicolaas
>
>[/color]
WindAndWaves
Guest
  
Posts: n/a
#4: Jul 17 '05

re: multiple user password protection


"Kevin" <kevin@wxREMOVE4SPAM3.com> wrote in message news:z86dnelMReQwpmfcRVn-hw@comcast.com...[color=blue]
> Don't do it this way. If register globals is turned on, visitors can simply
> go to one of your "password protected" pages, add "?permission=1" to the URI
> and they will be allowed in.
>
>[/color]

True Kevin - is there a way of preventing this from happening? Could I say something like if session("permission) < 1 then lockout?
Allan
Guest
  
Posts: n/a
#5: Jul 17 '05

re: multiple user password protection

This could be easily provented by referring the session variable as
$_SESSION["variable_name"] instead of $variable_name.
Kevin
Guest
  
Posts: n/a
#6: Jul 17 '05

re: multiple user password protection

If you are using sessions for authentication, I would recommend revalidating
the session's login information on each request (i.e., put the username &
password submitted into the session and check it each time) for two reasons:

1) If, for some reason, a page fails to call session_start(), a user can
populate the $_SESSION array from a query.
- and -
2) Let's say you delete a user from wherever you're storing user data
(database, file, etc.) If you validate on every request, they next time
s/he tries to do something, they will be stopped. If you trust a permission
variable stored in their session, they can continue doing whatever they want
until their session expires.

So I would instead put the "username" and "password" submitted into the
session and check it every time. Alternately use PHP with HTTP
authentication:
http://us2.php.net/manual/en/features.http-auth.php

- Kevin

"WindAndWaves" <access@ngaru.com> wrote in message
news:IzrKd.12586$mo2.972056@news.xtra.co.nz...[color=blue]
>
> "Kevin" <kevin@wxREMOVE4SPAM3.com> wrote in message
> news:z86dnelMReQwpmfcRVn-hw@comcast.com...[color=green]
>> Don't do it this way. If register globals is turned on, visitors can
>> simply
>> go to one of your "password protected" pages, add "?permission=1" to the
>> URI
>> and they will be allowed in.
>>
>>[/color]
>
> True Kevin - is there a way of preventing this from happening? Could I
> say something like if session("permission) < 1 then lockout?
>
>
>[/color]
R. Rajesh Jeba Anbiah
Guest
  
Posts: n/a
#7: Jul 17 '05

re: multiple user password protection

Lou wrote:[color=blue]
> Please can someone put me out my misery!
> Im trying to find a multiple user/password protection script that[/color]
will[color=blue]
> redirect the specific user to a specific directory.[/color]

Google is your friend <http://www.google.com/search?q=php+login>

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/
Closed Thread

« previous question | next question »

Similar PHP bytes

/bytes/development

/bytes/it

Forums
Visit our community forums for general discussions and latest on Bytes

Our staff and community areas have moved to bytes.com/forums/

/bytes/about

We are a network of experts and professionals in IT and software development that help one another with answers to tough questions and share insights. Get the best answers to your questions from over 226,510 network members.

dev questions:
algorithms | asp | asp.net | c/c++ | coldfusion | c# | flash | html/css | java | javascript |
mobile dev | .net | perl | php | python | ruby | software dev | vb.net | visual basic | xml
it questions:
access | apache | careers | db2 | iis | macosx | mysql | networking | oracle | postgresql | sql server | unix | windows

About Bytes | Copyright 1995-2009 BYTES. All rights Reserved