Page 1 of 1

need guidance on simple PHP admin login and re-direct

Posted: Thu Nov 20, 2008 9:10 pm
by xplore1
Basically I need help with creating the php and a simple change password script that will keep the data encrypted ( username / password ).

This is for the admin panel side of the site and it really only needs one username and the ability to set a different password as well.

As for the form itself it will look something like this ..

Code: Select all

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
 
<body>
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="checklogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="text" id="mypassword"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
 
 
</body>
</html>
 

A little info on my experience with PHP.

I bought a book that integrates a foundation for learning PHP, MySQL and Apache. I have read through most of the PHP parts and its really just fundamental programming concepts I already know with different syntax. Variables, functions, data types, classes etc etc. But as far as implementing the PHP and getting data I have had to simply look online for.

So heres where I'm hoping for some expert help. Thanks - xplore1

Re: need guidance on simple PHP admin login and re-direct

Posted: Fri Nov 21, 2008 5:34 am
by JAB Creations
I recommend reading about storing passwords as a hash...using salt and pepper.

All you really have to do is check the $_POST of the user name...encode using the same hash (and salt and pepper) and compare the hash to the hash in the database.

You'll get code in replies when you're already working with code...though right now all you've posted is some XHTML.

Since has been discussed so many times that I'm obligated to direct you to exactly what you need to do: use a search engine and make the inquiry of PHP and hashes followed up by salt and peppering that hash. :wink:

Good luck!

Re: need guidance on simple PHP admin login and re-direct

Posted: Fri Nov 21, 2008 1:07 pm
by EPX
Hi,

right first off you need to make sure your database is setup right.

Assuming you are using phpmyadmin

you will need a user table for example: tlb_user

you need two fields: tu_username, tu_password set both as varchar and make tu_username the primary key.

so you have something to play with once the table is there, go to the insert tab and put in a username and password. There should be a drop down list next to the password text box. in that list you can format how the information is inserted. i personally use MD5 to encrypt passwords. once you press insert, it will add the record and the password will be encrypted.

on your login page have something like below

<form name="form1" action="login.php" method="post">
<table>
<tr>
<td>Username</td>
<td><input type="text" name="username" value=""></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="password" value=""></td>
</tr>
<tr>
<tr>
<td></td>
<td><input type="submit" name="login" value="Login"></td>
</tr>
</table>
</form>

at the top of the page put in code like this

<?php
ob_start(); #this is to buffer the page
$conn = #you connection string details here

if($_REQUEST['login'])
{
$username = $_REQUEST['username'];
$password = md5($_REQUEST['password']); #converts password to md5 encryption

$sql = "select tu_username from tbl_user where tu_username = '$username' and tu_password = '$password'";
$rslogin = mysql_query($sql);

if($row = mysql_fetch_array($rslogin))
{
session_start();
$_SESSION['username'] = $row['username'];
header("Location: members_area.php");
}
else
{
echo "Your username or password is incorrect";
}
}
ob_flush(); #flushes the buffered info.


At the top of each page in the members area just put:

session_start();
if(!$_SESSION['username'])
{
header("Location: login.php"); #if there session is empty i.e they've not logged in or the session has timed out, kick them to the login page
}

thats a very simple login sript, hope thats the type of thing you are looking for

Re: need guidance on simple PHP admin login and re-direct

Posted: Fri Nov 21, 2008 4:34 pm
by xplore1
^ Very informative sadly I have no experience with sql so the syntax is difficult to follow.


An update from the person that wants this done:

He would like certain pages on his site to be password protected. This would mean for instance that I click a link that goes to a page he would first like prompted with a login. If you put in the right login, the page you clicked on is redirected and you can access it now.

I was thinking I could make a global string username & password and encrypt them in MD5. Of course the login will be complicated.

So first when someone goes to access the site a session variable is started that is equal to = false. Then if they click on a page that is private and it needs the correct login I will bring up the php login page. If they enter the correct details the session variable will = true and they will be able to access the page.

Is this a viable way to go about this because I don't know anything about sql at all. Nor do I know what you mean by 'phpmyadmin'. I'm pretty new to PHP so this is actually a bit overwhelming as to what method I use when gathering input.

so far I know of the super globals, $_POST $_REQUEST $_GET, but I don't know which to use or what they all do exactly.

I know C++ and basic so the word variable is a really sparse heard word in PHP.

If i had an input box like

' <input type="text" method="$_POST">

and a button

' <input type="submit" name="enter" action="submit">

and suppose the user entered text into the box and clicked submit

would the text he entered be within the variable name="text" ???

like to reference in an echo the text he input would i simply go

echo $_POST["name"];

I'm rather confused as to why the attribute 'name' is used to reference something like a variable in PHP ..

Re: need guidance on simple PHP admin login and re-direct

Posted: Fri Nov 21, 2008 5:39 pm
by EPX
Right it sounds like you only need to have a secure folder. This is were you can put php pages into a folder and set up a username and password list. when you try and access a page in the secured folder a login box would appear.

to do this you will need to create a htaccess file and upload it to the root of your ftp folder. there fairly simple to create and here is a link to a htaccess generating tool:

http://tools.dynamicdrive.com/password/

That should do want you want, if you want a php solution let me know.

----------------------------------------
xplore1 wrote: If i had an input box like

' <input type="text" method="$_POST">

and a button

' <input type="submit" name="enter" action="submit">

and suppose the user entered text into the box and clicked submit

would the text he entered be within the variable name="text" ???
as for above, the text box dosen't need 'method="$_POST"' but it does need a name attribute e.g 'name="username"'
when you pull information through from text boxes, it does that based upon the name attribute e.g $username = $_REQUEST['username'];

so a submitting information needs to look something like this:

Code: Select all

<form name="form1" method="post" action="[i]page_name.php[/i]">
<input type="text" name="username" value="">
<input type="submit" name="login" value="Login">
</form>

Re: need guidance on simple PHP admin login and re-direct

Posted: Fri Nov 21, 2008 8:08 pm
by xplore1
EPX wrote:Right it sounds like you only need to have a secure folder. This is were you can put php pages into a folder and set up a username and password list. when you try and access a page in the secured folder a login box would appear.

to do this you will need to create a htaccess file and upload it to the root of your ftp folder. there fairly simple to create and here is a link to a htaccess generating tool:

http://tools.dynamicdrive.com/password/

That should do want you want, if you want a php solution let me know.
Yes this is exactly what I'm looking for thanks. I need some clarification and i have a problem though with using this.

For some reason I have followed the directions perfectly and yet Its not accepting my login.

Here is what the site says for me to do.

<b>
Modify or generate another set of passwords:

1) Enter the desired username(s) and corresponding password(s) used to authenticate entry into the protected directory or files. Must consist of alphanumeric characters only.
Enter Usernames:
Press "enter" after each username.
user
Enter Corresponding Passwords:
Press "enter" after each password.
pass

2) Path to .htpasswd file relative to your server's root directory: (e.g. - /home/site_name/)

---

here i tell it is located at

/genn/secure/

is this right ^ ???
---
3) File names to protect (Optional: leave empty if protecting folder):
Separate multiple files with a comma. ie: protected.htm, protected2.htm
</b>

Notice I specify nothing under 3 because I want the folder secure and all documents under it to be prompted with a password before it can be accessed.

The only reason I can think of for this not working ( when i try to log in it just repeats the prompt ) is that I am using an FTP account under someone elses. My FTP account is a sub-account under the main FTP account. (The reason being is that a friend gave me this account to use as i wish ).

The username - 'user' the password - 'pass'

If you go to ukanadian.com/genn/

click 'private'

you should be prompted with the login

but the information isn't working.

Can someone help ??

Re: need guidance on simple PHP admin login and re-direct

Posted: Sun Nov 23, 2008 5:27 am
by EPX
Right, i'm not 100% on my htaccess files, but can you post the code within the file?

Re: need guidance on simple PHP admin login and re-direct

Posted: Mon Nov 24, 2008 3:20 pm
by xplore1
the page I want to make private is 'private.html' it is located exactly from MY root as /secure/.

So my .htaccess file has this exact code

'
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /secure/.htpasswd
AuthGroupFile /dev/null
<Files private.html>
require valid-user
</Files>
'

and my .passwd looks like this
'
username:UQpzrPi/wnUMA
'

the username I chose: 'username'
the password I chose: 'password'



now here is where this is implemented, <a href="www.ukanadian.com/genn/"my site</a>

if you click public page you will see you can access it. If you click private the prompt should come up. But it doesn't work.

The .htaccess is in the /secure/ folder and the .htpasswd is in the root. I know .htpasswd is supposed to be above root but in this case its purely for learning so I don't care. Why isn't this working.