Page 1 of 1

Need Help! Login Script [Simple]

Posted: Sun Jun 22, 2003 5:38 pm
by stonerifik
hello, i need some help with a login script i am coding...

its nothing advanced

Code: Select all

<?
  if (($_POST&#1111;user] == "user1") &&  ($_POST&#1111;pass] == "temp1")) &#123;
	header("Location: addmember.php");
	exit;
&#125;	
  else if (($_POST&#1111;user] == "user2") &&  ($_POST&#1111;pass] == "temp2")) &#123;
	header("Location: addmember.php");
	exit;
&#125;


  else if (($_POST&#1111;user] == "") || ($_POST&#1111;pass] == "")) &#123;
	header("Location: badlogin.php");
	exit;
&#125;
 	 else &#123;
		header("Location: badlogin.php");
		exit;
	&#125;
?>
it works fine and everything... but i need to know if it is possible to make this the only file accessible in the directory unless you log in. like... if i tried to go to addmember.php with out loging in first it would display an error or it would go back to the login script... if someone could help me.. that would be wonderful thank you

Posted: Sun Jun 22, 2003 6:26 pm
by McGruff
You can use .htaccess to protect files in a folder. Php scripts can still see them OK even if you have "deny from all" for example.

Login.php has to be accessible of course: either put the file outside the protected directory or create a "login" link from another file which is outside - eg index.php.

The next step would be control access to php scripts using cookies or sessions set / started at login.

I usually build all pages by including scripts within the index.php page. This makes a handy common "gateway" to the site and saves putting the authentication code in every script you want to restrict.

At the same time as a cookie test, I like to set constants for USER_NAME and ACCESS_LEVEL for later use, as required.

Sessions can be used instead of cookies.

Posted: Sun Jun 22, 2003 10:53 pm
by stonerifik
thanks for the reply
You can use .htaccess to protect files in a folder. Php scripts can still see them OK even if you have "deny from all" for example.
hmm ive seen .htaccess it comes with some scripts, but im not aware of what it is exactly.. is it like a universal file (uneditable) or do you have to create your own... and for the session thingy... i read something on it in the sticky post, but didnt understand completely... is there any example source code i could learn from somewhere??

thanks for the help

stoner

Posted: Sun Jun 22, 2003 11:21 pm
by McGruff
.htaccess info here: http://httpd.apache.org/docs-2.0/howto/htaccess.html

Google around for some sessions tutorials. Php.net has a downloadable manual with the gen on sessions etc - get the one with user comments if you don't have it already. Also lots of links out to pages where you can track down various tutorials.

A lot of things seem impossible at the first read but stick at it - it really does get easier.

Cookies can also do the job and might be easier to get started with.

If you're still stuck after trying some scripts post your problem and you should get more help.

Posted: Mon Jun 23, 2003 11:35 am
by stonerifik
thank you very much :)