Page 1 of 1
Executing php script in a secure directory
Posted: Wed Mar 12, 2003 9:27 pm
by fsanchez98
Hi,
I have created a login form from my main webpage, which prompts the user for their username and password. The webpage the executes a php script, which is located in a password protect directory. When the webpage/form is redirected to the php script, the user is then prompted the second time for the username and password for the directory. The php script is used to valid the username and password in a database...That is why it is in a password protect directory.
I want to know how I can have php script execute and still have the php script directory protect?
Regards,
Fernando
Posted: Wed Mar 12, 2003 11:27 pm
by McGruff
Include the file. You'll only be asked for a name / pass if you call the file directly, ie with
http://yoursite.com/filename.php.
Executing php script in a secure directory
Posted: Thu Mar 13, 2003 7:33 am
by fsanchez98
Hi McGruff.
Thanks for responding to my question.
I need to let you know that I am new to both HTML and PHP.
Question, how to I include the file within the HTML code? And once I do, can I still define in the form "Action=filename.php".
Regards,
Fernando
Posted: Thu Mar 13, 2003 8:15 am
by twigletmac
Executing php script in a secure directory
Posted: Thu Mar 13, 2003 9:01 am
by fsanchez98
twigletmac
Where in the sample code do I put the include()? The do_authuser.php is the php script that is in a secure directory, which verifies the username and password in the database.
***************** ACTUAL CODE ****************************
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Demo - Login</title>
</head>
<body>
<h1>Demo - Login</h1>
<form method="POST" action="do_authuser.php">
<table>
<tr>
<td><p><strong>Username:</strong></p></td>
<td><input type="text" name="USERNAME" size=25 maxlength=25></td>
</tr>
<tr>
<td><p><strong>Password:</strong></p></td>
<td><input type="text" name="PASSWORD" size=25 maxlength=25></td>
</tr>
<tr>
<td> </td>
<td> </td>
</tr>
<tr>
<tr><td><p><input type="SUBMIT" name="submit" value="Login"></p></td>
</tr>
</table>
</form>
</body>
</html>
Posted: Thu Mar 13, 2003 9:05 am
by daven
Code: Select all
<?php
include("/path/to/the/include/file.php");
?>
Executing php script in a secure directory
Posted: Thu Mar 13, 2003 9:46 am
by fsanchez98
Hi,
I am having a little trouble because I am doing development on the Web hosting server (yahoo). I am going through their interface that is provided to me. Plus, I am not familiar with php environment and how it is setup on the web hosting server. I don't know I even have to change some of parameters.
What I did was from the html web page,which contains the form to access the username and password, i call a php script that has the include file. Based on the if statement, I then call the actual php script, which verifies the username and password. However, I get an error message.
******* SAMPLER CODE OF LOGIN FORM (HTML)***************
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Demo - Login</title>
</head>
<body>
<h1>Demo - Login</h1>
<form method="POST" action="redirect_authuser.php">
<table>
<tr>
<td><p><strong>Username:</strong></p></td>
<td><input type="text" name="USERNAME" size=25 maxlength=25></td>
</tr>
<tr>
<td><p><strong>Password:</strong></p></td>
<td><input type="text" name="PASSWORD" size=25 maxlength=25></td>
</tr>
<tr>
<td> </td>
<td> </td>
</tr>
<tr>
<tr><td><p><input type="SUBMIT" name="submit" value="Login"></p></td>
</tr>
</table>
</form>
</body>
</html>
******* SAMPLE CODE(redirect_authuser.php)*******************
<?
include(database/do_authuser.php);
//check for required fields
if ((!$_POST[USERNAME]) || (!$_POST[PASSWORD])) {
header("Location:http://domain_name/database/do_authuser.php");
exit;
} else {
header("Location:http://domain_name/index.htm");
exit;
}
?>
******************ERROR MESSAGE ****************************
Warning: Division by zero in /redirect_authuser.php on line 2
Warning: Failed opening 'php' for inclusion (include_path='.:/include:/usr/lib/php') in /redirect_authuser.php on line 2
Warning: Cannot add header information - headers already sent by (output started at /redirect_authuser.php:2) in /redirect_authuser.php on line 9
Regards,
Fernando
Posted: Thu Mar 13, 2003 9:48 am
by twigletmac
You need to change:
Code: Select all
include(database/do_authuser.php);
to
Code: Select all
include 'database/do_authuser.php';
Mac
Executing php script in a secure directory
Posted: Thu Mar 13, 2003 10:06 am
by fsanchez98
twigletmac,
I am getting somewhere now...After I made the change, the form called the redirect_authuser.php and the do_authuser.php was executed. However, I got a access dialog to the protect area for username and password. Perhaps, how I have coded in the redirect_authuser.php is incorrect.
Regards,
Fernando
Posted: Thu Mar 13, 2003 1:26 pm
by McGruff
phpinfo() will give you information about the php on your server
I'm not quite sure where all your files are. Could you show me the directory structure, including any .htaccess stuff ie something like:
Code: Select all
(site root) -- folder1(.htaccess yes) -- file1.php, file2.php
(site root) -- folder2(.htaccess no) -- file3.php
Executing php script in a secure directory
Posted: Thu Mar 13, 2003 9:04 pm
by fsanchez98
McGruff,
Thanks for your respond...
FYI, I am using Yahoo Web Hosting services. The web server that is used is called Apache. My web server root directory looks like this...
root
|
-------------------------------------------------------------------------
| | | | |
database demo images logs tmp
All of my web pages that are to my website exist in the root directory. When I chose to install the MySQL that is available through Yahoo, I decided placed all of the PHP scripts and database files under database. Its is in this directory that keep all of my php scripts. However, both database and demo are protrect areas. The main web pages exist at the root. It is at the main page that the user is able to access the logon options. Once the user click the logon button, the code then call a script in the database directory to valid the username and password. If the user has access it then call the script that exist in the demo directory.
I want to point out that after PHP and MySQL was installed I did not change any parameters. I am wondering if I have to alter any after the installation. Also, I couldn't find the file called .htaccess. I don't understand what this file does.
Regards,
Fernando