473,228 Members | 1,744 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,228 software developers and data experts.

multiple user password protection

Lou
Please can someone put me out my misery!
Im trying to find a multiple user/password protection script that will
redirect the specific user to a specific directory.

At the moment I have set up htaccess which is fine but can only
protect one directory unless I put htaccess on each directory which I
think is a bit long winded, but is there any other way I can do this
with using only one password script?

Any info would be greatly appreciated,

L
Jul 17 '05 #1
6 3313

"Lou" <lo****@msc-ltd.co.uk> wrote in message news:35**************************@posting.google.c om...
Please can someone put me out my misery!
Im trying to find a multiple user/password protection script that will
redirect the specific user to a specific directory. [...] L


make a link to a page call login.php?ref=X.php

where X.php is the referring page

then save the code below as login.php

It works for me..., but I am only a beginner.
<?php

$front = '<!--start-->'; //put the start of your html file here....

$end = '<!---end-->'; //put the end your html file here
?>
<?php
if ($HTTP_POST_VARS["username"]=="") {
echo $front;
?>
<H1>Login to myurl.com</H1>
Please enter your details below:<BR>
<FORM METHOD="post" ACTION="login.php?ref=<?php echo $ref; ?>" ID="frm">
<LABEL CLASS="mul">Username: <INPUT TYPE="text" NAME="username" SIZE="20" ID="username"></LABEL>
<LABEL CLASS="mul">Password: <INPUT TYPE="password" NAME="password" SIZE="15" ID="password"></LABEL><BR><BR>
<DIV STYLE="text-align: center;">
<INPUT TYPE="Submit" VALUE="log in" ID="submit" NAME="submit" CLASS="submit">
</FORM>
<?php echo $end; ?>
<?php
}
else{
// __________________________________________________ _____ clean out previous entries
session_register("permission");
session_register("username");

$username=$HTTP_POST_VARS["username"];
$password=$HTTP_POST_VARS["password"];
$permission = 0;
session_start();
if ($username=="login" AND $password=="password"){ $permission = 1;}
if ($username=="secondlogin" AND $password=="masterpassword"){ $permission = 2;}
//etc...
$username=$HTTP_POST_VARS["username"];
session_register("permission");
session_register("username");
if ($permission > 0){
session_start();
echo $front;
?>
<H1>welcome <?php echo $username; ?></H1>

<?php
if (strpos($ref, '.php') === false) {
$ref .= '.php?';
}
echo 'Congratulations, login correct. <A HREF="'.$ref.'&amp;PHPSESSID='.session_id().'">Ple ase continue</A>.';
echo $end;
?>
<?php
}
else{
?>
<?php echo $front; ?>
<H1>please try again <?php echo $username; ?></H1>
Sorry: login NOT correct. <A HREF="login.php<?php echo '?ref='.$ref; ?>">Please try again</A>.
<?php echo $end; ?>
<?php
}
?>
<?php
}
?>

Then, in other pages, that you want to password protect, you put.

<?php
session_start();
if ($permission < 1) {
echo 'please <A HREF="login.php?ref=mypage.php">login first</A>';
}
else {
[rest of the page.....]
}

Note that for this way you do need to use sessions... how they work, I have no idea, but they seem to work for me ... lol

- Nicolaas
Jul 17 '05 #2
Don't do it this way. If register globals is turned on, visitors can simply
go to one of your "password protected" pages, add "?permission=1" to the URI
and they will be allowed in.

- Kevin

"WindAndWaves" <ac****@ngaru.com> wrote in message
news:l5********************@news.xtra.co.nz...

"Lou" <lo****@msc-ltd.co.uk> wrote in message
news:35**************************@posting.google.c om...
Please can someone put me out my misery!
Im trying to find a multiple user/password protection script that will
redirect the specific user to a specific directory.

[...]
L


make a link to a page call login.php?ref=X.php

where X.php is the referring page

then save the code below as login.php

It works for me..., but I am only a beginner.
<?php

$front = '<!--start-->'; //put the start of your html file here....

$end = '<!---end-->'; //put the end your html file here
?>
<?php
if ($HTTP_POST_VARS["username"]=="") {
echo $front;
?>
<H1>Login to myurl.com</H1>
Please enter your details below:<BR>
<FORM METHOD="post" ACTION="login.php?ref=<?php echo $ref; ?>"
ID="frm">
<LABEL CLASS="mul">Username: <INPUT TYPE="text" NAME="username"
SIZE="20" ID="username"></LABEL>
<LABEL CLASS="mul">Password: <INPUT TYPE="password" NAME="password"
SIZE="15" ID="password"></LABEL><BR><BR>
<DIV STYLE="text-align: center;">
<INPUT TYPE="Submit" VALUE="log in" ID="submit" NAME="submit"
CLASS="submit">
</FORM>
<?php echo $end; ?>
<?php
}
else{
// __________________________________________________ _____ clean out
previous entries
session_register("permission");
session_register("username");

$username=$HTTP_POST_VARS["username"];
$password=$HTTP_POST_VARS["password"];
$permission = 0;
session_start();
if ($username=="login" AND $password=="password"){ $permission = 1;}
if ($username=="secondlogin" AND $password=="masterpassword"){
$permission = 2;}
//etc...
$username=$HTTP_POST_VARS["username"];
session_register("permission");
session_register("username");
if ($permission > 0){
session_start();
echo $front;
?>
<H1>welcome <?php echo $username; ?></H1>

<?php
if (strpos($ref, '.php') === false) {
$ref .= '.php?';
}
echo 'Congratulations, login correct. <A
HREF="'.$ref.'&amp;PHPSESSID='.session_id().'">Ple ase continue</A>.';
echo $end;
?>
<?php
}
else{
?>
<?php echo $front; ?>
<H1>please try again <?php echo $username; ?></H1>
Sorry: login NOT correct. <A HREF="login.php<?php echo
'?ref='.$ref; ?>">Please try again</A>.
<?php echo $end; ?>
<?php
}
?>
<?php
}
?>

Then, in other pages, that you want to password protect, you put.

<?php
session_start();
if ($permission < 1) {
echo 'please <A HREF="login.php?ref=mypage.php">login first</A>';
}
else {
[rest of the page.....]
}

Note that for this way you do need to use sessions... how they work, I
have no idea, but they seem to work for me ... lol

- Nicolaas

Jul 17 '05 #3

"Kevin" <ke***@wxREMOVE4SPAM3.com> wrote in message news:z8********************@comcast.com...
Don't do it this way. If register globals is turned on, visitors can simply
go to one of your "password protected" pages, add "?permission=1" to the URI
and they will be allowed in.


True Kevin - is there a way of preventing this from happening? Could I say something like if session("permission) < 1 then lockout?

Jul 17 '05 #4
This could be easily provented by referring the session variable as
$_SESSION["variable_name"] instead of $variable_name.

Jul 17 '05 #5
If you are using sessions for authentication, I would recommend revalidating
the session's login information on each request (i.e., put the username &
password submitted into the session and check it each time) for two reasons:

1) If, for some reason, a page fails to call session_start(), a user can
populate the $_SESSION array from a query.
- and -
2) Let's say you delete a user from wherever you're storing user data
(database, file, etc.) If you validate on every request, they next time
s/he tries to do something, they will be stopped. If you trust a permission
variable stored in their session, they can continue doing whatever they want
until their session expires.

So I would instead put the "username" and "password" submitted into the
session and check it every time. Alternately use PHP with HTTP
authentication:
http://us2.php.net/manual/en/features.http-auth.php

- Kevin

"WindAndWaves" <ac****@ngaru.com> wrote in message
news:Iz********************@news.xtra.co.nz...

"Kevin" <ke***@wxREMOVE4SPAM3.com> wrote in message
news:z8********************@comcast.com...
Don't do it this way. If register globals is turned on, visitors can
simply
go to one of your "password protected" pages, add "?permission=1" to the
URI
and they will be allowed in.


True Kevin - is there a way of preventing this from happening? Could I
say something like if session("permission) < 1 then lockout?

Jul 17 '05 #6
Lou wrote:
Please can someone put me out my misery!
Im trying to find a multiple user/password protection script that will redirect the specific user to a specific directory.


Google is your friend <http://www.google.com/search?q=php+login>

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/

Jul 17 '05 #7

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

7
by: Borked Pseudo Mailed | last post by:
Seeking feedback on Password Protection via Java/JavaScript ONLY (no cgi): SEE: http://online_tools.home.att.net/tools.html *AND* http://online_tools.home.att.net/extraCode.htm Thanks.
6
by: mark | last post by:
I have an asp.net ecommerce web application on a remote web server. I'm using an Access database on the back end. I've notice a few strange things. When I mimic an multiple user environment by...
1
by: Rob | last post by:
I have an ASP.NET application that uses forms-based authentication. A user wishes to be able to run multiple sessions of this application simultaneously from the user's client machine. The...
9
by: Graham | last post by:
I have been having some fun learning and using the new Controls and methods in .Net 2.0 which will make my life in the future easier and faster. Specifically the new databinding practises and...
11
by: xenophon | last post by:
I have a web site with forms authentication and a single logon page. I have 4 subdirectories, each that should be protected by a different username/password combination. For testing purposes, the...
6
by: James Radke | last post by:
Hello, I have a multithreaded windows NT service application (vb.net 2003) that I am working on (my first one), which reads a message queue and creates multiple threads to perform the processing...
6
by: thomson | last post by:
Hi All, i do hae a solution in which i do have mulitple projects including Web Projects,, Depending on the functionality it gets redirected to different web projects and it is working fine, ...
2
by: antonyliu2002 | last post by:
I am testing ASP.NET 2.0 Forms athentication with user credentials in SQL Server 2005. I don't want to put user credentials in web.config, so the credentials section is commented out. The...
2
by: knouphis | last post by:
Hello, First, I apologize for what's probably a novice question, but I haven't been able to find this specific issue previously addressed. I've successfully set up a password-protected webpage...
0
by: VivesProcSPL | last post by:
Obviously, one of the original purposes of SQL is to make data query processing easy. The language uses many English-like terms and syntax in an effort to make it easy to learn, particularly for...
0
by: jianzs | last post by:
Introduction Cloud-native applications are conventionally identified as those designed and nurtured on cloud infrastructure. Such applications, rooted in cloud technologies, skillfully benefit from...
0
by: fareedcanada | last post by:
Hello I am trying to split number on their count. suppose i have 121314151617 (12cnt) then number should be split like 12,13,14,15,16,17 and if 11314151617 (11cnt) then should be split like...
0
by: stefan129 | last post by:
Hey forum members, I'm exploring options for SSL certificates for multiple domains. Has anyone had experience with multi-domain SSL certificates? Any recommendations on reliable providers or specific...
0
Git
by: egorbl4 | last post by:
Скачал я git, хотел начать настройку, а там вылезло вот это Что это? Что мне с этим делать? ...
1
by: davi5007 | last post by:
Hi, Basically, I am trying to automate a field named TraceabilityNo into a web page from an access form. I've got the serial held in the variable strSearchString. How can I get this into the...
0
by: MeoLessi9 | last post by:
I have VirtualBox installed on Windows 11 and now I would like to install Kali on a virtual machine. However, on the official website, I see two options: "Installer images" and "Virtual machines"....
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.