By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,592 Members | 1,958 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,592 IT Pros & Developers. It's quick & easy.

password protection - does this work?

P: n/a
<body><div align="center">
<?php
if (!isset($password)){
?><form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
type password here&nbsp;<input name="password" type="text" size="8"> then
<input name="submit" type="submit">
</form>
<?php
die;
}
if ($password != "secretword" ){
echo "wrong";
?>
<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
type password here&nbsp;<input name="password" type="text" size="8"> then
<input name="submit" type="submit">
</form>
<?php
die;
}
?>
// rest of admin script follows...

and yes, I realize anyone with access to the users' computer could probly
get in, but I'm not worried about that.

I looked for a way to use .htacess to protect just this file, but couldn't
find anything.

found some other scripts out there that used the auth headers, but they
didn't work, I could never get past the login...

thanks for your time,
juglesh
Jul 17 '05 #1
Share this Question
Share on Google+
7 Replies


P: n/a
In article <t9********************@comcast.com>,
"juglesh" <ju*****@nospamRadioKDUG.com> wrote:
<body><div align="center">
<?php
if (!isset($password)){
?><form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
type password here&nbsp;<input name="password" type="text" size="8"> then
<input name="submit" type="submit">
</form>
<?php
die;
}
if ($password != "secretword" ){
echo "wrong";
?>
<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
type password here&nbsp;<input name="password" type="text" size="8"> then
<input name="submit" type="submit">
</form>
<?php
die;
}
?>
// rest of admin script follows...

and yes, I realize anyone with access to the users' computer could probly
get in, but I'm not worried about that.

I looked for a way to use .htacess to protect just this file, but couldn't
find anything.

found some other scripts out there that used the auth headers, but they
didn't work, I could never get past the login...

thanks for your time,
juglesh


AFAIK, you can't password protect files unless you use something like
ZIP or STUFFIT with a password. Or just encrypt the file.

You can use the Apache .htaccess feature on directories. It al boils
down to the web page sending the correct headers to the browser. If you
setup .htaccess, Apache will do it. Or you can setup php to send the
authentication headers.

If all this is gobbledgook, hire someone.

--
DeeDee, don't press that button! DeeDee! NO! Dee...

Jul 17 '05 #2

P: n/a
"juglesh" <ju*****@nospamRadioKDUG.com> wrote in message
news:t9********************@comcast.com...
<body><div align="center">
<?php
if (!isset($password)){
?><form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
type password here&nbsp;<input name="password" type="text" size="8"> then
<input name="submit" type="submit">
</form>
<?php
die;
}
if ($password != "secretword" ){
echo "wrong";
?>
<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
type password here&nbsp;<input name="password" type="text" size="8"> then
<input name="submit" type="submit">
</form>
<?php
die;
}
?>
// rest of admin script follows...

and yes, I realize anyone with access to the users' computer could probly
get in, but I'm not worried about that.

I looked for a way to use .htacess to protect just this file, but couldn't
find anything.

found some other scripts out there that used the auth headers, but they
didn't work, I could never get past the login...

thanks for your time,
juglesh


Don't see why it wouldn't work. In fact, I've done something similiar in the
past.
Jul 17 '05 #3

P: n/a
MS

"juglesh" <ju*****@nospamRadioKDUG.com> wrote in message
news:t9********************@comcast.com...
<body><div align="center">
<?php
if (!isset($password)){
?><form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
type password here&nbsp;<input name="password" type="text" size="8"> then
<input name="submit" type="submit">
</form>
<?php
die;
}
if ($password != "secretword" ){
echo "wrong";
?>
<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
type password here&nbsp;<input name="password" type="text" size="8"> then
<input name="submit" type="submit">
</form>
<?php
die;
}
?>
// rest of admin script follows...

and yes, I realize anyone with access to the users' computer could probly
get in, but I'm not worried about that.

I looked for a way to use .htacess to protect just this file, but couldn't
find anything.

found some other scripts out there that used the auth headers, but they
didn't work, I could never get past the login...

thanks for your time,
juglesh


I presume you have

$password = $_POST['password'];

at the top of your page ?
--
----------------------------------------------------------------------------
http://www.clickonlingerie.com?SIG - Exotic Erotic Lingerie
----------------------------------------------------------------------------
Jul 17 '05 #4

P: n/a

"MS" <Sp************************@hotmail.com> wrote in message
news:cv**********@titan.btinternet.com...

"juglesh" <ju*****@nospamRadioKDUG.com> wrote in message
news:t9********************@comcast.com...
<body><div align="center">
<?php
if (!isset($password)){
?><form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
type password here&nbsp;<input name="password" type="text" size="8">
then
<input name="submit" type="submit">
</form>
<?php
die;
}
if ($password != "secretword" ){
echo "wrong";
?>
<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
type password here&nbsp;<input name="password" type="text" size="8">
then
<input name="submit" type="submit">
</form>
<?php
die;
}
?>
// rest of admin script follows...

and yes, I realize anyone with access to the users' computer could probly
get in, but I'm not worried about that.

I looked for a way to use .htacess to protect just this file, but
couldn't
find anything.

found some other scripts out there that used the auth headers, but they
didn't work, I could never get past the login...

thanks for your time,
juglesh


I presume you have

$password = $_POST['password'];

at the top of your page ?


no, and that reminds me of another question.

But first, would I need that for password protection? an intruder could put
the password in the query string, but he'd still have to know the password.

yeah, on that $_POST['password']; thing, its working fine without it, and
for that matter, I don't usually have to use $_GET either, my scripts
usually can 'get' the variable from the query string automagically. I just
use the variable that I have sent. what's up with that?

juglesh
Jul 17 '05 #5

P: n/a
MS
I presume you have

$password = $_POST['password'];

at the top of your page ?
no, and that reminds me of another question.

But first, would I need that for password protection? an intruder could

put the password in the query string, but he'd still have to know the password.
yeah, on that $_POST['password']; thing, its working fine without it, and
for that matter, I don't usually have to use $_GET either, my scripts
usually can 'get' the variable from the query string automagically. I just use the variable that I have sent. what's up with that?

juglesh


Im not sure about the automagically assigning values to variables

If you make your form POST instead of GET the passed variables of the form
are not visible within the URL

In which case you would use
$password = $_POST['password'];
to retrieve the passed value of password

If you use GET in your form the values are visible within the URL and you
would use
$password = $_GET['password'];
to retrieve the passed value of password

--
----------------------------------------------------------------------------
http://www.clickonlingerie.com?SIG - Exotic Erotic Lingerie
----------------------------------------------------------------------------
Jul 17 '05 #6

P: n/a

"MS" <Sp************************@hotmail.com> wrote in message
news:cv**********@titan.btinternet.com...
> I presume you have
>
> $password = $_POST['password'];
>
> at the top of your page ?


no, and that reminds me of another question.

But first, would I need that for password protection? an intruder could

put
the password in the query string, but he'd still have to know the

password.

yeah, on that $_POST['password']; thing, its working fine without it, and
for that matter, I don't usually have to use $_GET either, my scripts
usually can 'get' the variable from the query string automagically. I

just
use the variable that I have sent. what's up with that?

juglesh


Im not sure about the automagically assigning values to variables

If you make your form POST instead of GET the passed variables of the form
are not visible within the URL

In which case you would use
$password = $_POST['password'];
to retrieve the passed value of password

If you use GET in your form the values are visible within the URL and you
would use
$password = $_GET['password'];
to retrieve the passed value of password


well, yeah, I know all about that (and I am using obviously post in my
password form), what I'm saying is it works without $_POST['password']. the
script above is exactly what I'm using, from the top. yeah, I just tested
it, if I put "?password=secretword" in the address bar, I am 'logged in'.
So, I'm wondering if there's some special circumstances where you need to
use $_POST[] and $_GET[] to get those values. Maybe older versions of php?

--
juglesh
Jul 17 '05 #7

P: n/a
.oO(juglesh)
well, yeah, I know all about that (and I am using obviously post in my
password form), what I'm saying is it works without $_POST['password']. the
script above is exactly what I'm using, from the top. yeah, I just tested
it, if I put "?password=secretword" in the address bar, I am 'logged in'.
So, I'm wondering if there's some special circumstances where you need to
use $_POST[] and $_GET[] to get those values. Maybe older versions of php?


Not older, but newer versions, where register_globals is disabled by
default. Using $_POST, $_GET etc. is the correct and recommended way.

Micha
Jul 17 '05 #8

This discussion thread is closed

Replies have been disabled for this discussion.