|
-
October 26th, 2008, 02:35 PM
#1
[RESOLVED] Simple PHP Login
Okay, I want to make a the most simplest login that takes a name and a pass, and if it equals a value, it takes you to just a page where can approve or deny submissions. I know how to do the forms and $_POST and stuff.
Now, can I have some secret page that is restricted to clients, and the script gets that page and displays it? Like file_get_contents, or something?
Um... yah.
-
October 26th, 2008, 09:27 PM
#2
Re: Simple PHP Login
Here is a simple authentication example.
PHP Code:
<?php
function login(){
header('WWW-Authenticate: Basic realm="Administration"');
header('HTTP/1.0 401 Unauthorized');
echo '<font face="arial" size="3"><b>Error 401: Access Denied!</b></font>';
exit;
}
if(!isset($_SERVER['PHP_AUTH_USER'])){login();}
else{
if(
$_SERVER['PHP_AUTH_USER'] == 'admin' &&
md5($_SERVER['PHP_AUTH_PW']) == 'someMD5hash'
){
unset($_SERVER['PHP_AUTH_USER']);
echo '<font face="arial" size="3"><b>Error 401: Access Denied!</b></font>';
}
else{login();}
}
?>
If the post was helpful...Rate it! Remember to use [code] or [php] tags.
-
October 27th, 2008, 04:14 PM
#3
Re: Simple PHP Login
So what is the 'someMD5hash'? Is that the password (i think it is)?
So I change that to whatever I want then?
-
October 27th, 2008, 06:59 PM
#4
Re: Simple PHP Login
Is that the password (i think it is)?
It's a md5 hash code of a normal text password.
You can get a hash of a text by running md5("myTextPassword");
Since hash of the same string is the same number always you can compare the the value saved in a database for ex. with the value from the input form.
One more thing: hash codes are irreversible, so you cannot use them to encrypt data that you will need to transform back. For more info google for md5.
Last edited by Xeel; October 27th, 2008 at 07:02 PM.
Wanna install linux on a vacuum cleaner. Could anyone tell me which distro sucks better?
I had a nightmare last night. I was dreaming that I’m 64-bit and my blanket is 32-bit and I couldn’t cover myself with it, so I’ve spent the whole night freezing. And in the morning I find that my blanket just had fallen off the bed. =S (from: bash.org.ru)
//always looking for job opportunities in AU/NZ/US/CA/Europe :P
willCodeForFood(Arrays.asList("Java","PHP","C++","bash","Assembler","XML","XHTML","CSS","JS","PL/SQL"));
USE [code] TAGS! Read this FAQ if you are new here. If this post was helpful, please rate it!
-
November 22nd, 2008, 04:16 PM
#5
Re: Simple PHP Login
Why is the $_SERVER["PHP_AUTH_PW"] encapsulated in the md5()? Is that a security measure for something?
Couldn't you have this?
PHP Code:
<?php
if(!isset($_SERVER['PHP_AUTH_USER'])){login();}
else{
if(
$_SERVER['PHP_AUTH_USER'] == 'myname' &&
$_SERVER['PHP_AUTH_PW'] == 'mypass'
){
unset($_SERVER['PHP_AUTH_USER']);
echo '<font face="arial" size="3"><b>Error 401: Access Denied!</b></font>';
}
else{login();}
}
?>
-
November 22nd, 2008, 05:28 PM
#6
Re: Simple PHP Login
It is a security precaution. If you don't use an MD5 hash, then anyone who sees your code will have compromised your password.
If the post was helpful...Rate it! Remember to use [code] or [php] tags.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote
