|
P: n/a
|
<body><div align="center">
<?php
if (!isset($password)){
?><form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
type password here <input name="password" type="text" size="8"> then
<input name="submit" type="submit">
</form>
<?php
die;
}
if ($password != "secretword" ){
echo "wrong";
?>
<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
type password here <input name="password" type="text" size="8"> then
<input name="submit" type="submit">
</form>
<?php
die;
}
?>
// rest of admin script follows...
and yes, I realize anyone with access to the users' computer could probly
get in, but I'm not worried about that.
I looked for a way to use .htacess to protect just this file, but couldn't
find anything.
found some other scripts out there that used the auth headers, but they
didn't work, I could never get past the login...
thanks for your time,
juglesh
| |
Share this Question
|
P: n/a
|
In article <t9********************@comcast.com>,
"juglesh" <ju*****@nospamRadioKDUG.com> wrote: <body><div align="center">
<?php
if (!isset($password)){
?><form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
type password here <input name="password" type="text" size="8"> then
<input name="submit" type="submit">
</form>
<?php
die;
}
if ($password != "secretword" ){
echo "wrong";
?>
<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
type password here <input name="password" type="text" size="8"> then
<input name="submit" type="submit">
</form>
<?php
die;
}
?>
// rest of admin script follows...
and yes, I realize anyone with access to the users' computer could probly
get in, but I'm not worried about that.
I looked for a way to use .htacess to protect just this file, but couldn't
find anything.
found some other scripts out there that used the auth headers, but they
didn't work, I could never get past the login...
thanks for your time,
juglesh
AFAIK, you can't password protect files unless you use something like
ZIP or STUFFIT with a password. Or just encrypt the file.
You can use the Apache .htaccess feature on directories. It al boils
down to the web page sending the correct headers to the browser. If you
setup .htaccess, Apache will do it. Or you can setup php to send the
authentication headers.
If all this is gobbledgook, hire someone.
--
DeeDee, don't press that button! DeeDee! NO! Dee... | |
|
P: n/a
|
"juglesh" <ju*****@nospamRadioKDUG.com> wrote in message
news:t9********************@comcast.com... <body><div align="center">
<?php
if (!isset($password)){
?><form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
type password here <input name="password" type="text" size="8"> then
<input name="submit" type="submit">
</form>
<?php
die;
}
if ($password != "secretword" ){
echo "wrong";
?>
<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
type password here <input name="password" type="text" size="8"> then
<input name="submit" type="submit">
</form>
<?php
die;
}
?>
// rest of admin script follows...
and yes, I realize anyone with access to the users' computer could probly
get in, but I'm not worried about that.
I looked for a way to use .htacess to protect just this file, but couldn't
find anything.
found some other scripts out there that used the auth headers, but they
didn't work, I could never get past the login...
thanks for your time,
juglesh
Don't see why it wouldn't work. In fact, I've done something similiar in the
past. | |
|
P: n/a
|
"juglesh" <ju*****@nospamRadioKDUG.com> wrote in message
news:t9********************@comcast.com... <body><div align="center">
<?php
if (!isset($password)){
?><form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
type password here <input name="password" type="text" size="8"> then
<input name="submit" type="submit">
</form>
<?php
die;
}
if ($password != "secretword" ){
echo "wrong";
?>
<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
type password here <input name="password" type="text" size="8"> then
<input name="submit" type="submit">
</form>
<?php
die;
}
?>
// rest of admin script follows...
and yes, I realize anyone with access to the users' computer could probly
get in, but I'm not worried about that.
I looked for a way to use .htacess to protect just this file, but couldn't
find anything.
found some other scripts out there that used the auth headers, but they
didn't work, I could never get past the login...
thanks for your time,
juglesh
I presume you have
$password = $_POST['password'];
at the top of your page ?
--
---------------------------------------------------------------------------- http://www.clickonlingerie.com?SIG - Exotic Erotic Lingerie
---------------------------------------------------------------------------- | |
|
P: n/a
|
"MS" <Sp************************@hotmail.com> wrote in message
news:cv**********@titan.btinternet.com...
"juglesh" <ju*****@nospamRadioKDUG.com> wrote in message
news:t9********************@comcast.com... <body><div align="center">
<?php
if (!isset($password)){
?><form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
type password here <input name="password" type="text" size="8">
then
<input name="submit" type="submit">
</form>
<?php
die;
}
if ($password != "secretword" ){
echo "wrong";
?>
<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
type password here <input name="password" type="text" size="8">
then
<input name="submit" type="submit">
</form>
<?php
die;
}
?>
// rest of admin script follows...
and yes, I realize anyone with access to the users' computer could probly
get in, but I'm not worried about that.
I looked for a way to use .htacess to protect just this file, but
couldn't
find anything.
found some other scripts out there that used the auth headers, but they
didn't work, I could never get past the login...
thanks for your time,
juglesh
I presume you have
$password = $_POST['password'];
at the top of your page ?
no, and that reminds me of another question.
But first, would I need that for password protection? an intruder could put
the password in the query string, but he'd still have to know the password.
yeah, on that $_POST['password']; thing, its working fine without it, and
for that matter, I don't usually have to use $_GET either, my scripts
usually can 'get' the variable from the query string automagically. I just
use the variable that I have sent. what's up with that?
juglesh | |
|
P: n/a
| I presume you have
$password = $_POST['password'];
at the top of your page ?
no, and that reminds me of another question.
But first, would I need that for password protection? an intruder could
put the password in the query string, but he'd still have to know the
password.
yeah, on that $_POST['password']; thing, its working fine without it, and
for that matter, I don't usually have to use $_GET either, my scripts
usually can 'get' the variable from the query string automagically. I
just use the variable that I have sent. what's up with that?
juglesh
Im not sure about the automagically assigning values to variables
If you make your form POST instead of GET the passed variables of the form
are not visible within the URL
In which case you would use
$password = $_POST['password'];
to retrieve the passed value of password
If you use GET in your form the values are visible within the URL and you
would use
$password = $_GET['password'];
to retrieve the passed value of password
--
---------------------------------------------------------------------------- http://www.clickonlingerie.com?SIG - Exotic Erotic Lingerie
---------------------------------------------------------------------------- | |
|
P: n/a
|
"MS" <Sp************************@hotmail.com> wrote in message
news:cv**********@titan.btinternet.com... > I presume you have
>
> $password = $_POST['password'];
>
> at the top of your page ?
no, and that reminds me of another question.
But first, would I need that for password protection? an intruder could
put the password in the query string, but he'd still have to know the
password.
yeah, on that $_POST['password']; thing, its working fine without it, and
for that matter, I don't usually have to use $_GET either, my scripts
usually can 'get' the variable from the query string automagically. I
just use the variable that I have sent. what's up with that?
juglesh
Im not sure about the automagically assigning values to variables
If you make your form POST instead of GET the passed variables of the form
are not visible within the URL
In which case you would use
$password = $_POST['password'];
to retrieve the passed value of password
If you use GET in your form the values are visible within the URL and you
would use
$password = $_GET['password'];
to retrieve the passed value of password
well, yeah, I know all about that (and I am using obviously post in my
password form), what I'm saying is it works without $_POST['password']. the
script above is exactly what I'm using, from the top. yeah, I just tested
it, if I put "?password=secretword" in the address bar, I am 'logged in'.
So, I'm wondering if there's some special circumstances where you need to
use $_POST[] and $_GET[] to get those values. Maybe older versions of php?
--
juglesh | |
|
P: n/a
|
.oO(juglesh) well, yeah, I know all about that (and I am using obviously post in my
password form), what I'm saying is it works without $_POST['password']. the
script above is exactly what I'm using, from the top. yeah, I just tested
it, if I put "?password=secretword" in the address bar, I am 'logged in'.
So, I'm wondering if there's some special circumstances where you need to
use $_POST[] and $_GET[] to get those values. Maybe older versions of php?
Not older, but newer versions, where register_globals is disabled by
default. Using $_POST, $_GET etc. is the correct and recommended way.
Micha | | This discussion thread is closed Replies have been disabled for this discussion. | |  Question stats - viewed: 1733
- replies: 7
- date asked: Jul 17 '05
|
