473,397 Members | 2,099 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > php password and redirect script...

Join Bytes to post your question to a community of 473,397 software developers and data experts.

PHP Password And Redirect Script...

eragon
431 256MB
Hello peoples. I have a voting system on my web site that uses 3 files. The first file is vote.php and has the vote form on it. This file passes the information to confirmation.php which has a thank you message on it. This file passes the information to vote.txt, which stores the information for me to tally up later. What i described to you works great, but theres one problem. I want users to have to log in first, using a login form on voteli.php. I have login scripts, but theyre not even close to secure. I want it so if they get smart and go directly to vote.php it will kick them back to voteli.php unless varaible $login is true. I would also like the login script to pass the username through all the pages as varaible $user. Then i wil echo the varaible in the page so it has a greeting message. I will also use this name in the results page to cancel out any double votes by the same user. I will provide the source codes i made using my small knowledge of php, and i will hope that you suggest some fixes.

vote.php:
[PHP]<?php
$login = $_GET['login'];
$user = $_GET['username']

if(!$login)
{
window.location=('voteli.htm');
}

else
{
echo('Hello, '$user'!');
}
?>[/PHP]The code above is the one i wrote to bounce the users back to the login page if they have not logged in. It also prints the hello message at the top of the vote page.

[HTML]
<?php echo('Voting as: '$user'.') ?>
<form name="poll" action="confirmation.php" method="get">
Lorem ipsum sit dolor amet?
<select name="q1">
<option value="q1a">Lorem</option>
<option value="q1b">Ipsum</option>
<option value="q1c">Dolor</option>
<option value="q1d">Amet</option>
</select>
</form>[/HTML]
The code above is the simplified vote form.

confirmation.php
[HTML]<?php
$q1 = $_GET['q1'];
//See notes below for username problem.

$filename = "vote.txt";
$content1 = "$v1\n";
$fp = fopen($filename, "a");
$fw = fwrite( $fp, $content1 );
fclose( $fp );

?>[/HTML]Tha code above writes to the text file. I need a way to get the username passed from vote.php to confirmation.php so i can display the name in the thanks message.

[HTML]Thank you for voting, <?php echo($user); ?>! Your vote will count. <br />
<!-- A logout link would be nice -->Click Here to log out.[/HTML]
Jun 13 '07 #1
26 2662
Motoma
3,237 Expert 2GB
First: Use POST instead of GET as your FORM METHOD. Check the Referer to ensure that the POST came from your server.
Second: You cannot do window.location as that is Javascript langauge for sending a user places. Instead, you want to use header('Location: voteli.htm');
Third: You will most likely want to check that the POST array is set before you go assigning their values to other variables.
Fourth: Have you performed any credential checking? You have not compared user and login to anything to ensure that these are the correct credentials. You should also ensure that the data coming from your select box is valid.

I am sure there is more, but this is a start. If you really wanted to be fancy, you could combine the whole set into one PHP page.
Jun 13 '07 #2
eragon
431 256MB
ill use post. i know window.location is javascript i was just putting that there cause i knew somebody would suggest a change, and thank you for that. and ill doo all that other stuff and see. also, i need the whole login script. i dont have one that works with php.
Jun 14 '07 #3
eragon
431 256MB
ok, i know what i need. i need a login script that passes the following information to the next page ONLY if the user and pass is correct:

Input to script:
Expand|Select|Wrap|Line Numbers
  1. Username: Admin
  2. Password: password
Output to vote.php:
Expand|Select|Wrap|Line Numbers
  1. $login=('true')
  2. $user=('admin')
Possible Form:
[HTML]<form method="post" action="confirmation.php">
Username:<input name="user" type="text"><br />
Password:<input name="pass" type="password">
</form>[/HTML]

What I need:
I need a php script to work with the above form to validate the usernames and passwords when the form is submitted. If the information does not check out to be valid, it should put "Invalid Username or Password" in a DIV tag. i also need the correct syntax for the below statements:
[PHP]<?php
if $login=('true')
{
//this would bypass the script (end, exit, , or goto... ?)
}
else
{
header('Location: voteli.htm');
}
?>[/PHP]

If you need more information just ask.
Jun 14 '07 #4
eragon
431 256MB
Also, if i was to incoorperate all this into a MySQL database (usernames, passwords, and what that user voted for) i would need another script. Could somebody please suggest sometihng to me??
Jun 14 '07 #5
eragon
431 256MB
one wheel said to the other, "Ill see you around, ay?"
Jun 14 '07 #6
Motoma
3,237 Expert 2GB
Expand|Select|Wrap|Line Numbers
  1. <html>
  2. <head><title>Motoma Rocks My Homework</title></head>
  3. <body>
  4. <?php
  5.  
  6. session_start();
  7.  
  8. if(!isset($_SESSION['userid']))
  9. {
  10.   if(!isset($_POST['username']) || !isset($_POST['password']))
  11.   {
  12.     echo '<form method="POST"><input type="text" name="username" /><input type="password" name="password" /><input type="submit" /></form>';
  13.   }
  14.   else if(authenticate($_POST['username'], $_POST['password']))
  15.   {
  16.     $_SESSION['userid'] = $_POST['username'];
  17.     header('Location: thispage.php');
  18.   }
  19. }
  20. else
  21. {
  22.   if(!isset($_POST['data1']) || !isset($_POST['data2'])) //fill with all question data objects
  23.   {
  24.     echo '<form method="POST"><select name="data1"><option value="q1a">Lorem</option><option value="q1b">Ipsum</option>
  25. </select><select name="data2"><option value="q1a">Lorem</option><option value="q1b">Ipsum</option></select></form>';
  26.   }
  27.   else
  28.   {
  29.     AppendDataToFile($_SESSION['userid'], $_POST['data1'], $_POST['data2']);
  30.     echo 'Thank you for your submission '.$_SESSION['userid'].'!';
  31.   }
  32. }
  33.  
  34. function authenticate($u, $p)
  35. {
  36.   if($u == 'admin' && $p == 'password') return true; //replace with the actual authentication.
  37.   return false;
  38. }
  39. ?>
  40. </body>
  41. </html>
  42.  
Jun 14 '07 #7
Motoma
3,237 Expert 2GB
Also, if i was to incoorperate all this into a MySQL database (usernames, passwords, and what that user voted for) i would need another script. Could somebody please suggest sometihng to me??
If you take a look at the PHP Articles (under the Articles Header) you will see a tutorial labeled " Creating a Data Abstraction Layer in PHP" which would be a great start.
Jun 14 '07 #8
eragon
431 256MB
thanks

..............
Jun 14 '07 #9
eragon
431 256MB
oh, ya, and i had vote.php seperate because of one little problem... the voting page has:
A) 15 questions
B) Is made up of pictures, tables, divs, and more...
C) If i was to tell a php script to echo the WHOLE source code, php will jump out and bite me.
4) I think i can customise the script. im a very fast learner.
Jun 14 '07 #10
Motoma
3,237 Expert 2GB
Well, good luck. Come back if you have more questions.
Jun 14 '07 #11
eragon
431 256MB
ok, for multiple users and passwords, would i duplicate the line like this:

[PHP]{
if($u == 'admin' && $p == 'password') return true;
if($u == 'admin2' && $p == 'authentication') return true;
if($u == 'admin3' && $p == 'fish') return true;

return false;
}[/PHP]
Jun 14 '07 #12
eragon
431 256MB
Error, error! Red alert! Emergency! Ah-wooo-ga!

what caused this? (using the exact code you sent me)
Expand|Select|Wrap|Line Numbers
  1. Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /www/110mb.com/p/l/a/y/e/r/-/k/player-killer-clan/htdocs/votealt.php:4) in /www/110mb.com/p/l/a/y/e/r/-/k/player-killer-clan/htdocs/votealt.php on line 6
  2.  
  3. Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /www/110mb.com/p/l/a/y/e/r/-/k/player-killer-clan/htdocs/votealt.php:4) in /www/110mb.com/p/l/a/y/e/r/-/k/player-killer-clan/htdocs/votealt.php on line 6
Jun 14 '07 #13
eragon
431 256MB
Well, good luck. Come back if you have more questions.

^^^^^ see above post ^^^^^
Jun 14 '07 #14
Motoma
3,237 Expert 2GB
Bah, you will have to put session_start() before any HTML.
Jun 14 '07 #15
eragon
431 256MB
you didnt tell me that... lol

so if i change your script to look like so:

[PHP]<?php

session_start();

?>
<html>
<head><title>Motoma Rocks My Homework</title></head>
<body>
<?php


if(!isset($_SESSION['userid']))
{
if(!isset($_POST['username']) || !isset($_POST['password']))
{
echo '<form method="POST"><input type="text" name="username" /><input type="password" name="password" /><input type="submit" /></form>';
}
else if(authenticate($_POST['username'], $_POST['password']))
{
$_SESSION['userid'] = $_POST['username'];
header('Location: thispage.php');
}
}
else
{
if(!isset($_POST['data1']) || !isset($_POST['data2'])) //fill with all question data objects
{
echo '<form method="POST"><select name="data1"><option value="q1a">Lorem</option><option value="q1b">Ipsum</option>
</select><select name="data2"><option value="q1a">Lorem</option><option value="q1b">Ipsum</option></select></form>';
}
else
{
AppendDataToFile($_SESSION['userid'], $_POST['data1'], $_POST['data2']);
echo 'Thank you for your submission '.$_SESSION['userid'].'!';
}
}

function authenticate($u, $p)
{
if($u == 'admin' && $p == 'password') return true; //replace with the actual authentication.
return false;
}
?>
</body>
</html>[/PHP]

i just might get it working?
Jun 14 '07 #16
eragon
431 256MB
could you split the script up into the different pages please? like i origionally intended... because the actual file requires this. please??
Jun 14 '07 #17
Motoma
3,237 Expert 2GB
Why don't you just split it up? All of the pieces are there, just take from the example I gave each section of the system. PHP.net is a great resource as well.
Jun 14 '07 #18
eragon
431 256MB
hmmm.... html is my second language. php is foreign (sp?). ill see what i can do and ill post it here.
Jun 14 '07 #19
Motoma
3,237 Expert 2GB
hmmm.... html is my second language. php is foreign (sp?). ill see what i can do and ill post it here.
Well, you know what they say about languages: the first seven are the hardest to learn.
Jun 14 '07 #20
eragon
431 256MB
Well, you know what they say about languages: the first seven are the hardest to learn.
i only know 6: English, Spanish, Japenese, HTML, Javascript, and CSS.

most of them i only know bits and pieces...

ayways, back to the subject:

i modified it a little so that it looks the way i want it to. theres still one problem. if i split it into pages, i cant pass the varaibles unless i put them into the value of a hidden form feild. so ill leave it on one page. i might just do includes with inc files. but now i have a script, a page, a style sheet, and i ran out of doughnuts. how do i get the style sheet linked properly with PHP? putting it into the head of this page is useless... it dosnt read untill... wait... at the beginning of the script i tell it to echo my head information. at the end i tell it to echo my foot information. well dont, thanks man! heres my finished script, and my stupid little error:

Error upon voting:
Expand|Select|Wrap|Line Numbers
  1. Fatal error: Call to undefined function appenddatatofile() in /www/110mb.com/p/l/a/y/e/r/-/k/player-killer-clan/htdocs/votealt.php on line 53
And my code:
[PHP]<?php

session_start();

echo('<html><head><title>Motoma Rocks My Homework</title><link href="basic-1.css" rel="stylesheet" type="text/css"><link href="css/poll.css" rel="stylesheet" type="text/css"></head><body><div id="body">') ;

if(!isset($_SESSION['userid']))
{
if(!isset($_POST['username']) || !isset($_POST['password']))
{
echo '<div class="frame wide_e">
<span style="float:right;"><a href="index.php">Main Page</a></span><div>You are not logged in.</div>
</div> <div style="text-align:center;">
<div class="polltitlebground">
<div class="polltitleframe">
<b>Poll Page</b><br>
<a href="index.php">Main Menu</a>
</div>
</div>
</div><div class="frame wide_e">
<center><b>Please log in to access this feature.</b><br />
<form method="post">Username:<input type="text" name="username" /><br />
Password:<input type="password" name="password" /><br />
<input type="submit" value="Login" /></form></center></div>';
}
else if(authenticate($_POST['username'], $_POST['password']))
{
$_SESSION['userid'] = $_POST['username'];
header('Location: thispage.php');
}
}
else
{
if(!isset($_POST['data1']) || !isset($_POST['data2'])) //fill with all question data objects
{
echo '<div class="frame wide_e">
<span style="float:right;"><a href="voteli.php">Main Page (Logout)</a></span><div>You are logged in as <span style="color:#FFBB22">'.$_SESSION['userid'].'.</span></div>
</div> <div style="text-align:center;">
<div class="polltitlebground">
<div class="polltitleframe">
<b>Poll Page</b><br>
<a href="index.php">Main Menu</a>
</div>
</div>
</div><div class="frame wide_e">
<center><b>Place write your responses below:</b><br />
<form method="post">Lorem?<input type="text" name="data1" /><br />
Ipsum?<input type="text" name="data2" /><br />
<input type="submit" value="Vote!" /></form></center></div>';
}
else
{
AppendDataToFile($_SESSION['userid'], $_POST['data1'], $_POST['data2']);
echo '<div class="frame wide_e">
<span style="float:right;"><a href="voteli.php">Main Page (Logout)</a></span><div>You are logged in as <span style="color:#FFBB22">'.$_SESSION['userid'].'.</span></div>
</div> <div style="text-align:center;">
<div class="polltitlebground">
<div class="polltitleframe">
<b>Poll Page</b><br>
<a href="index.php">Main Menu</a>
</div>
</div>
</div><div class="frame wide_e">
<center>Thank you for your submission '.$_SESSION['userid'].'!<br />
Your vote wil be tallied as soon as the week is over.</center></div>';
}
}

function authenticate($u, $p)
{
if($u == 'admin' && $p == 'password') return true; //replace with the actual authentication.
return false;
}

echo '<?php include(\'inc/foot.inc\'); ?></div></body></html>'

?>[/PHP]

It only partially works. Does this have persistency? Meaning, how come it always stays logged in when i load the page? please debug. also, i stripped the HTML you put in because this script writes it in now. im quick to learn PHP. thanks for all your help Motoma!
Jun 14 '07 #21
Motoma
3,237 Expert 2GB
Hey, wait: this is your assignment not mine. I gave you the basis for getting the system rolling, but you are going to have to implement appenddatatofile() yourself! I never wrote that function, I merely placed it there to show you the logic behind the page you are trying to create.

If you want to keep data between pages, (such as values from the previous post) just chuck them in the $_SESSION variable (hint: take a look at the userid).
Jun 14 '07 #22
eragon
431 256MB
i see, well, ill check out php.net to solve that error. or ill just use my origoinal write script.
Jun 14 '07 #23
eragon
431 256MB
all right mate, i got it working. thanks for your help. now, i have another concern. i want to use .inc files for another thing, using the login script (which after some time i now understand). how would i make it so that the .inc files only load on a ceratin file, say, user.php? meaning if somebody links directly to a inc file, it wont load or iw will be blank,, but if they load it using an include in user.php it will show?
Jun 14 '07 #24
Motoma
3,237 Expert 2GB
all right mate, i got it working. thanks for your help. now, i have another concern. i want to use .inc files for another thing, using the login script (which after some time i now understand). how would i make it so that the .inc files only load on a ceratin file, say, user.php? meaning if somebody links directly to a inc file, it wont load or iw will be blank,, but if they load it using an include in user.php it will show?
Well, if your .inc file contains only function definitions (as it should) then you don't have to do anything to have them display blank.
Jun 14 '07 #25
eragon
431 256MB
Well, if your .inc file contains only function definitions (as it should) then you don't have to do anything to have them display blank.

umm... ya, my .inc files contain portions of html pages (EX foot.ing just has the footer information...) i found that this is an easy way to update all the files on my site at once.
Jun 14 '07 #26
Motoma
3,237 Expert 2GB
Put them outside of your webroot.
Jun 14 '07 #27

Sign in to post your reply or Sign up for a free account.

Similar topics

9
How to send username/password to htaccess?
by: deko | last post by:
I want to use htaccess for authentication on my php site since I only have a few users who need access to secure areas. So, I created a new directory off public_html (secretDocs) and in that...
PHP
6
multiple user password protection
by: Lou | last post by:
Please can someone put me out my misery! Im trying to find a multiple user/password protection script that will redirect the specific user to a specific directory. At the moment I have set up...
PHP
10
JS password script
by: Max | last post by:
Hello all, I am trying to protect a page within my site with a JS password scheme. Now I know JS can be quite easily "circumvented", but I came by a code below. My question is: 1. Is there...
Javascript
8
ssh popen stalling on password redirect output?
by: supercomputer | last post by:
I have a script that I cycle through nodes connect to them and run uptime to get some information. I run the script as root so it doesn't require a password on the rest of the nodes. It does...
Python
10
Password Script Improvements
by: Karl Burrows | last post by:
Here's a simple script I have pulled from various sources and wondered if there was a way to improve it. First, if the type the wrong password, I would like to redirect them to another login page...
Javascript
15
Password Encryptor/Decryptor for ASP 3.0?
by: M P | last post by:
Hi! Im planning to encrypt the password that was stored on msaccess database and also the text inputed from a password textbox. Also, if I want to get the password from the database, I need to...
ASP / Active Server Pages
8
Username and Password
by: rhumphri | last post by:
I need a javascript that will accept the username "frederic" and the password "ozanam" on my page "member,html" that will allow those who input this data to access my page "member2.html". I had...
Javascript
1
Code for Change password in ASP for Windows XP, IIS server
by: roshina | last post by:
Hi Iam facing a problem in my project, developing a web site for online shopping in ASP on windows XP using IIS server. All the validations are ok but the new password is not upadated in the data...
ASP / Active Server Pages
1
Forgotten Password script
by: Andrew Murray | last post by:
I'm a novice at coding and cannot get the script below to work I'm receiving an Error 500 in the web browser when trying to run this script. The site is www.murraywebs.com and the link is...
ASP / Active Server Pages
7
Reset Password using ASP and MS Access
by: hotflash | last post by:
Hi All, I want to creat a script where I will allow user to reset their own password. I have tried different options but don't have any luck. Wonder what I want to do is kinda not valid or not. ...
ASP / Active Server Pages
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!