REALLY simple login?
Moderator: General Moderators
REALLY simple login?
I want a really simple login thing, that, all it does is say, the file logfile.txt cant be accessed unless you login. I dont even care if the password is in the code!
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
Code: Select all
$username = 'John';
$password = 'password';
if ($username == 'John' && $password == 'password') {
//display text file
}
else {
echo 'You must login to view logfile.txt';
}So if I have a form like this:
and a php code like this:
Im getting the error "You must login to view logfile.txt" everytime...
Code: Select all
<html>
<form action="loginhandler.php" method="get">
<input type="text" name="username" size="24">
<p><input type="password" name="password" size="24"></p>
<p><input type="submit"></p>
</form>
</html>Code: Select all
<?php
if ($username == 'John' && $password == 'password') {
//display text file
}
else {
echo 'You must login to view logfile.txt';
}
?>- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
How about a form like this:
and PHP code like this (not tested):
Code: Select all
<html>
<span style="color:red"><?php echo $errmsg; ?></span>
<form action="loginhandler.php" method="post">
<input type="hidden" name="submitted" value="yes">
<p><input type="text" name="username" size="24"></p>
<p><input type="password" name="password" size="24"></p>
<p><input type="submit"></p>
</form>
</html>Code: Select all
<?php
$submitted = preg_replace('/[^a-zA-Z]/', '', $_POST['submitted']);
$errmsg = '';
$valid = false;
if ($submitted == 'yes') {
$username = preg_replace('/[^a-zA-Z0-9]/', '', $_POST['username']);
$password = preg_replace('/[^a-zA-Z0-9]/', '', $_POST['password']);
if ($username == 'John' && $password == 'password') {
$valid = true;
} else {
$errmsg = 'You must login to view logfile.txt';
}
}
if ($valid) {
//display text file
} else {
//display sign-in form with $errmsg
}
?>
Last edited by Christopher on Wed Apr 19, 2006 3:01 pm, edited 1 time in total.
(#10850)
I tweaked the script a bit to be
But im getting this error: Parse error: parse error, unexpected T_VARIABLE in /home/freehost/t35.com/j/u/juniorfiles/loginhandler.php on line 4
Code: Select all
<?php
$submitted = preg_replace('/[^a-zA-Z]/', '', $_POST('submitted')
$errmsg = '';
$valid = false;
if ($submitted == 'yes') {
$username = preg_replace('/[^a-zA-Z0-9]/', '', $_POST['username');
$password = preg_replace('/[^a-zA-Z0-9]/', '', $_POST['password');
if ($username == 'John' && $password == 'password') {
$valid = true;
} else {
$errmsg = 'You must login to view logfile.txt';
}
}
if ($valid) {
//display text file
} else {
//display sign-in form with $errmsg
}
?>- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
I edited the PHP to add closing ']' to the $_POST vars.
Code: Select all
<?php
$submitted = preg_replace('/[^a-zA-Z]/', '', (isset($_POST['submitted']) ? $_POST['submitted'] : null));
$errmsg = '';
$valid = false;
if ($submitted == 'yes') {
$username = preg_replace('/[^a-zA-Z0-9]/', '', (isset($_POST['username']) ? $_POST['username'] : null));
$password = preg_replace('/[^a-zA-Z0-9]/', '', (isset($_POST['password']) ? $_POST['password'] : null));
if ($username == 'John' && $password == 'password') {
$valid = true;
} else {
$errmsg = 'You must login to view logfile.txt';
}
}
if ($valid) {
?>
The text.
<?php
} else {
?>
<html>
<span style="color:red"><?php echo $errmsg; ?></span>
<form action="loginhandler.php" method="post">
<input type="hidden" name="submitted" value="yes">
<p><input type="text" name="username" size="24"></p>
<p><input type="password" name="password" size="24"></p>
<p><input type="submit"></p>
</form>
</html>
<?php
}(#10850)
Ive been talking to my friend and he made me a script and it works. Here it is:
With the html:
Now, this is my first idea on how to stop people accessing my file:
I make a file like this-
and saved it as .htaccess.txt , based on this script: http://lissaexplains.com/html6.shtml#direct , but it still doesn't seem to be working.
Code: Select all
<?php
$username = $_GET["username"];
$password = $_GET["password"];
if ($username == 'John' && $password == 'password') {
//display text file
}
else {
echo 'You must login to view logfile.txt';
}
?>Code: Select all
<html>
<form action="loginhandler.php" method="get">
<input type="text" name="username">
<p><input type="password" name="password"></p>
<p><input type="submit"></p>
</form>
</html>I make a file like this-
Code: Select all
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?google.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?google.com.*$ [NC]
RewriteRule \.(txt)$ - [F]- andym01480
- Forum Contributor
- Posts: 390
- Joined: Wed Apr 19, 2006 5:01 pm
You are using Apache as a server aren't you - htaccess doesn't work with windows servers!
.htaccess not .htaccess.txt
Also add
<Files .htaccess>
order allow,deny
deny from all
</Files>
which stops people looking at your .htaccess file to see what you are stopping them do!
Never used the Rewrite code, so couldn't tell if you that would work once .htaccess named right. Sorry!
.htaccess not .htaccess.txt
Also add
<Files .htaccess>
order allow,deny
deny from all
</Files>
which stops people looking at your .htaccess file to see what you are stopping them do!
Never used the Rewrite code, so couldn't tell if you that would work once .htaccess named right. Sorry!
- Maugrim_The_Reaper
- DevNet Master
- Posts: 2704
- Joined: Tue Nov 02, 2004 5:43 am
- Location: Ireland
Forms should use the POST method unless there's a specific reason not to. Also bear in mind you must validate the username and password (or for simplicity amend it such as in aborint's example). Failing to do so, while not immediately a security threat is bad practice - it's not a habit you should fall into. aborint's example is far more robust IMO.
-
d3ad1ysp0rk
- Forum Donator
- Posts: 1661
- Joined: Mon Oct 20, 2003 8:31 pm
- Location: Maine, USA
- Maugrim_The_Reaper
- DevNet Master
- Posts: 2704
- Joined: Tue Nov 02, 2004 5:43 am
- Location: Ireland