Page 1 of 2
Posted: Wed Apr 19, 2006 3:03 pm
by Christopher
I edited the PHP to add closing ']' to the $_POST vars.
Code: Select all
<?php
$submitted = preg_replace('/[^a-zA-Z]/', '', (isset($_POST['submitted']) ? $_POST['submitted'] : null));
$errmsg = '';
$valid = false;
if ($submitted == 'yes') {
$username = preg_replace('/[^a-zA-Z0-9]/', '', (isset($_POST['username']) ? $_POST['username'] : null));
$password = preg_replace('/[^a-zA-Z0-9]/', '', (isset($_POST['password']) ? $_POST['password'] : null));
if ($username == 'John' && $password == 'password') {
$valid = true;
} else {
$errmsg = 'You must login to view logfile.txt';
}
}
if ($valid) {
?>
The text.
<?php
} else {
?>
<html>
<span style="color:red"><?php echo $errmsg; ?></span>
<form action="loginhandler.php" method="post">
<input type="hidden" name="submitted" value="yes">
<p><input type="text" name="username" size="24"></p>
<p><input type="password" name="password" size="24"></p>
<p><input type="submit"></p>
</form>
</html>
<?php
}
Posted: Wed Apr 19, 2006 4:05 pm
by m0u53m4t
Ive been talking to my friend and he made me a script and it works. Here it is:
Code: Select all
<?php
$username = $_GET["username"];
$password = $_GET["password"];
if ($username == 'John' && $password == 'password') {
//display text file
}
else {
echo 'You must login to view logfile.txt';
}
?>
With the html:
Code: Select all
<html>
<form action="loginhandler.php" method="get">
<input type="text" name="username">
<p><input type="password" name="password"></p>
<p><input type="submit"></p>
</form>
</html>
Now, this is my first idea on how to stop people accessing my file:
I make a file like this-
Code: Select all
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?google.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?google.com.*$ [NC]
RewriteRule \.(txt)$ - [F]
and saved it as .htaccess.txt , based on this script:
http://lissaexplains.com/html6.shtml#direct , but it still doesn't seem to be working.
Posted: Wed Apr 19, 2006 5:43 pm
by andym01480
You are using Apache as a server aren't you - htaccess doesn't work with windows servers!
.htaccess not .htaccess.txt
Also add
<Files .htaccess>
order allow,deny
deny from all
</Files>
which stops people looking at your .htaccess file to see what you are stopping them do!
Never used the Rewrite code, so couldn't tell if you that would work once .htaccess named right. Sorry!
Posted: Thu Apr 20, 2006 3:05 am
by Maugrim_The_Reaper
Forms should use the POST method unless there's a specific reason not to. Also bear in mind you must validate the username and password (or for simplicity amend it such as in aborint's example). Failing to do so, while not immediately a security threat is bad practice - it's not a habit you should fall into. aborint's example is far more robust IMO.
Posted: Thu Apr 20, 2006 8:35 am
by m0u53m4t
Whenever i call something .htaccess or .logfile.txt they just dissapear

Posted: Thu Apr 20, 2006 9:17 am
by d3ad1ysp0rk
They don't really disappear. They are hidden, like any file that begins with a period.
Posted: Thu Apr 20, 2006 9:49 am
by Maugrim_The_Reaper
Change your directory settings to view hidden files...

Posted: Thu Apr 20, 2006 3:36 pm
by m0u53m4t
Im using t35 hosting. I dont think I can do that. Any ideas how else I can do it?
Posted: Fri Apr 21, 2006 6:32 am
by Chris Corbyn
m0u53m4t wrote:Im using t35 hosting. I dont think I can do that. Any ideas how else I can do it?
In unix/linux files that begin with a dot are hidden files. You should still be able to access them over FTP if you check you FTP client's settings to show dot files or show hidden files.
Posted: Fri Apr 21, 2006 6:32 am
by Maugrim_The_Reaper
If you have ssh you can run the command:
ls -la
A fair number of FTP clients should have View settings to enable the viewing of hidden files. A google search for your ftp client and "view hidden files" should turn up the relevant tips.
Posted: Sat Apr 22, 2006 10:52 am
by m0u53m4t
I did that, but I still cant see it. how else can I block the viewing of the file? The only solution so far is with CHMOD.