Page 1 of 1

help with password

Posted: Mon Aug 22, 2011 5:25 pm
by slack
I want to use multiple passwords for a webpage using an include link.
I am trying to use password= password1 or password2:
$password = ("sunju") || ("cancer");
but does not work, works with only one.
Using code below on the webpage
<?php

// If password is valid let the user get access
if (isset($_POST["password"]) && ($_POST["password"]=="$password")) {

?>

<?php
}
else
{
// Wrong password or no password entered display this message
if (isset($_POST['password']) || $password == "") {
print "<p align=\"left\"><font color=\"red\"><b>Incorrect Password</b><br>Please enter the correct password</font></p>";}
print "<form method=\"post\"><p align=\"left\">Please enter your password for access <b>(must be in lower case)</b><br>";
print "<input name=\"password\" type=\"password\" size=\"25\" maxlength=\"20\"><input value=\"Login\" type=\"submit\"></p></form>";
}

?>

Re: help with password

Posted: Mon Aug 22, 2011 6:00 pm
by twinedev

Code: Select all

if ($password=='sunju' || $password=='cancer') {

Re: help with password

Posted: Wed Aug 24, 2011 6:16 am
by slack
Thankyou
i have fixed the problem:
<?php

// If password is valid let the user get access

if (($_POST["password"])=='sunju' || ($_POST["password"])=='cancer') {


?>

Content here

<?php
}
else
{
// Wrong password or no password entered display this message

if (($_POST["password"] ) || $_POST["password"] ==="" ) {

print "<p align=\"left\"><font color=\"red\"><b>Incorrect Password</b><br><b>Or you did not enter anything</b><br></font><font color=\"yellow\">Please enter the correct password</font></p>";}

print "<form method=\"post\"><p align=\"left\">Please enter your password for access <b>(must be in lower case)</b><br>";
print "<input name=\"password\" type=\"password\" size=\"25\" maxlength=\"20\"><input value=\"Login\" type=\"submit\"></p></form>";
}

?>

Re: help with password

Posted: Wed Aug 24, 2011 6:38 am
by phphelpme
Your saving standard text passwords which is not secure at all. I suggest you md5/sha1 hash them at least even if you are not using a database. Then you can md5/sha1 the user input and check your md5/sha1 hash string for validation.

Best wishes