TavoxPeru
Jun 9 2006, 05:30 AM
Hi, there is sometimes that you need to password protect a directory in your site but you dont have access to a database or you dont need it because only a few users will access this directory, well the following script i develop will help in this situation. With only 2 files you can implement a basic security, the first file is a simple txt file where you store your users information and the second file is the php script. You can name the files whatever you want and can be used in any site with php support. The users.txt file: In this file simply put one line at the time your users information like this: username1|userpassword1 username2|userpassword2 . . usernamen|userpasswordn The chksec.php file: This file is the one that implements the basic security, here is the code: CODE <?php
if(!isset($_SERVER['PHP_AUTH_USER'])){
Header("WWW-Authenticate: Basic realm=\"Restricted Access\"");
Header("HTTP/1.1 401 Unauthorized");
echo "Authorization Required.";
exit();
}
$theFile=file("users.txt");
$nUsers=sizeof($theFile);
$i=0;
$validated=FALSE;
while ($i<$nUsers && !$validated){
$aFields=explode("|",$theFile[$i]);
if (($_SERVER['PHP_AUTH_USER']==$aFields[0])&&($_SERVER['PHP_AUTH_PW']==chop($aFields[1]))) $validated=TRUE;
$i++;
}
if(!$validated){
Header("WWW-Authenticate: Basic realm=\"Restricted Access\"");
Header("HTTP/1.1 401 Unauthorized");
echo "Authorization Required.";
exit();
}
?> Thats it, to work you just need to include this file in another php file. For example: CODE <?php
include("chksec.php");
echo "Welcome back " . $_SERVER['PHP_AUTH_USER'];
?> Best regards,
Comment/Reply (w/o sign-up)
Hercco
Jun 9 2006, 02:35 PM
Nice script. I like how you used http authentication, which IMO is the proper way of doing it. Cookies and sessions are a bit... Well you know , they work on some cases are not particularly secure.
Comment/Reply (w/o sign-up)
mastercomputers
Jun 10 2006, 02:46 AM
I like this except for the usage of the plain text file, if you were to do that, you should encode/encrypt your usernames and encrypt passwords, since having the username and password like this is not good, and encoding/encrypting the username eliminates half the problems while encrypting the password eliminates the other half. You should really be using htpasswd for this, that's what their purpose is for and that has it's own encrypting methods for the file. If you want the code for that method, I could write it up, strangely it's not different from your text file method, the only thing is we have encryption to work with. Cheers, MC
Comment/Reply (w/o sign-up)
TavoxPeru
Jun 10 2006, 04:19 AM
QUOTE(mastercomputers @ Jun 9 2006, 09:46 PM) 
I like this except for the usage of the plain text file, if you were to do that, you should encode/encrypt your usernames and encrypt passwords, since having the username and password like this is not good, and encoding/encrypting the username eliminates half the problems while encrypting the password eliminates the other half.
You should really be using htpasswd for this, that's what their purpose is for and that has it's own encrypting methods for the file.
If you want the code for that method, I could write it up, strangely it's not different from your text file method, the only thing is we have encryption to work with.
Cheers,
MC
Yes you are right, i know that limitation and if you know the name of the txt file you get the user/password information and your security is fall down, if you do and post the code for the encryption method i think every body will very grateful. regards,
Comment/Reply (w/o sign-up)
mastercomputers
Jun 10 2006, 04:26 AM
So I went ahead and created a method that can make use of .htpasswd. You can still use the above code the alterations just differ in the handling of the file, so I created the htpasswd checking in a separate file: htpasswd.inc.phpCODE <?php
define('HTPASSWD','.htpasswd');
function load_htpasswd()
{
if(file_exists(HTPASSWD) && filesize(HTPASSWD) > 0)
{
$htpasswd = file(HTPASSWD);
$auth = array();
foreach($htpasswd as $h)
{
$array = explode(':',$h);
$user = $array[0];
$pass = chop($array[1]);
$auth[$user] = $pass;
}
return $auth;
}
else
return array();
}
function sha1_htpasswd($pass)
{
return '{SHA}' . base64_encode(pack('H*', sha1($pass)));
}
//function md5mod_htpasswd($pass)
//{
// return 'I wonder where apache leaves this algorithm in their source, since I can not seem to work it out';
//}
function valid_user($userpass, $user, $pass)
{
if(!isset($userpass[$user]))
return false;
$test = $userpass[$user];
if(strcmp(substr($test,0,5),'{SHA}') == 0)
return (strcmp(sha1_htpasswd($pass),$test) == 0);
// else if(md5mod_htpasswd($pass))
// return (strcmp(md5mod_htpasswd($pass),$test) == 0);
else
return (strcmp(crypt($pass, substr($test,0,CRYPT_SALT_LENGTH)),$test) == 0);
}
?> and to use it as is: CODE <?php
// These are required...
function_exists('valid_user') || require('htpasswd.inc.php');
$userpass = load_htpasswd();
// ... End of requirements
// Below is just a test example.
if(valid_user($userpass, 'username', 'password'))
echo 'User is valid';
else
echo 'User is not valid';
?> The only problem I have with this code is Apache's modified MD5 algorithm, I don't seem to be able to figure this out, or locate anyone who has this, so the only other option would be using system calls, but I won't do this method. So it will only work with SHA-1 (strong) and Crypt (weak). This can be dropped into the above code (by TavoxPeru) which replaces everything after the first if(statement) and before the if(!validated) where you would change that to be: CODE if(!valid_user($userpass,$_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW'])) Hopefully there's no errors, I tweaked some of the code in this thread, so I could have caused some errors. I probably should have added a method to write an .htpasswd file and generate a hash for the password, though all it requires is creating/appending to .htpasswd a file that looks like: CODE username1:the_encoded_hash
username2:the_encoded_hash Where the encoded hash is basically sending the plain password to the sha1_htpasswod('plain password') function to generate the password and storing that in the file, you could use crypt but it is a weak encryption. Could use a plain text file too, but you do not want to allow access to it, which is why you use .htpasswd, since you can not view these files online (well you should not be able to). Cheers, MC
Comment/Reply (w/o sign-up)
TavoxPeru
Jun 11 2006, 09:05 AM
Thanks mastercomputers great code. I go ahead and implement your changes to my script and works fine and also i include the use of the defined() and define() functions to allow direct access to the included file only by the parent script as discussed here: CMS103 - Securing Your Website. The new chksec.php: CODE <?php
defined( 'MY_ACCESS_CODE' ) or die( 'Direct Access to this location is not allowed.' );
function_exists('valid_user') || require('htpasswd.inc.php');
$userpass = load_htpasswd();
if(!isset($_SERVER['PHP_AUTH_USER'])){
Header("WWW-Authenticate: Basic realm=\"Restricted Access\"");
Header("HTTP/1.1 401 Unauthorized");
echo "Authorization Required.";
exit();
}
if(!valid_user($userpass,$_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW'])){
Header("WWW-Authenticate: Basic realm=\"Restricted Access\"");
Header("HTTP/1.1 401 Unauthorized");
echo "Authorization Required.";
exit();
}
?>
This is the new test file: CODE <?php
define( "MY_ACCESS_CODE", true );
include("chksec.php");
echo "Welcome back " . $_SERVER['PHP_AUTH_USER'];
?> I have a couple of questions, how do you do to implement a counter of login attempts??? for example only allow 3 login attempts, and do you have the method to write an .htpasswd file and generate a hash for the password??? If its true please post it to complete the script. Best regards,
Comment/Reply (w/o sign-up)
TavoxPeru
Jun 14 2006, 08:52 PM
I dont know if this the correct way to post this enhancement so to the admins please let me know if im wrong ok???. In my previous post i drop a question related to how to implement a login counter attempts, for example 3 login attempts. Well, i go ahead and finish the script to support this behavior. So, if you want to implement this you only need to insert before line 2 of the chksec.php script the following code: CODE session_start();
if (!isset($_SESSION['access_count'])) {
$_SESSION['access_count']=1;
}
else {
$_SESSION['access_count']++;
}
if($_SESSION['access_count']>3) {
unset($_SESSION['access_count']);
$_SESSION = array(); // reset session array
session_destroy(); // destroy session.
die( 'You exceed the maximum number of login attempts.' );
} That's it  Best regards,
Comment/Reply (w/o sign-up)
(G)Priya
Jul 6 2009, 01:11 PM
Validating unix credential using PHP script
A Simple Checking & Validation PHP Script
Hi,
I have a simple html page where I get the username and password.
I have to validate this values against the username and password stored in UNIX /etc/passwd in the format username1:Password1 using some script..
Can you please help me with this.. Its really urgent..
Thanks you so much in advance..
-reply by Priya
Comment/Reply (w/o sign-up)
(G)Priya
Jul 6 2009, 01:05 PM
Validating unix credential using PHP script
A Simple Checking & Validation PHP Script
Hi ...
I have a simple htm page in which I get the username and password.
I am trying to validate this entered value with the user name and password stored in UNIX /etc/passwd in format username1|passwd1, using a simple java script.Can anyone please help me out in this..Its really urgent.
Thanks you in advance!
-reply by Priya
Comment/Reply (w/o sign-up)
Similar Topics
Keywords : simple, checking, and, validation, php, script
- Php Script Organizer
(3)
Checking Without Loading
(1) i like how some sites check the username you inputed and tells you if its not available without
loading. Like hotmail when trying to make an email. How do you do that?....
Myspacetv Download Php Script Help
(6) I was trying to make a php script that can view myspace videos with jw flv player and wont to know
how to do so if i put in
"http://vids.myspace.com/index.cfm?fuseaction=vids.individual&videoid=38105626" it show the video
"http://cache01-videos02.myspacecdn.com/11/vid_e382054c036835500bacfef1ebb5157e.flv(its the flv
video file from myspacetv), I cant see the similarity with the links please help, thanks for viewing
this topic /smile.gif" style="vertical-align:middle" emoid=":)" border="0" alt="smile.gif" />....
Php Login Script
(0) login script click the link to get your free php login script installer just follow the
instuctions the exe gives you and it will give you the script just place the code in the sever and
open index.html and follow on from there. what it has: it has reg page, login protection code ect.
it is simple to use and i think quite fun but im BORN TO BE WEIRD,you will need at least one working
mysql data base /biggrin.gif" style="vertical-align:middle" emoid=":D" border="0" alt="biggrin.gif"
/> hope you enjoy it. iknow i did from the alexmedia crew....
Make A Script Run Even If No User Is Online
(6) Hey! Is there any way to make a script run, even if no user is online. Because at the moment, my
scripts run, only when a user is online. And another thing: How can i make the following: (this is
just an example) mysql_query"SELECT maxhp FROM users WHERE username = 'allusers'"; How can I
select all users maxhp, in the same query? Thanks //Feelay....
Writing And Testing My Own Login Script [solved]
(20) i have this error QUOTE Warning: session_start() : Cannot send session cache limiter - headers
already sent (output started at /home/eggie/public_html/race.php:2) in
/home/eggie/public_html/race.php on line 5 in every page i have with session start...what's
the problem?? CODE Race include("style.css"); include("config.php"); session_start();
if(!session_is_registered(myusername)){ echo 'Your Session has Expired!'; exit;} //If you
click race... if ($_GET =='race') { $asa=$_POST ; if(!isset($asa)) { echo 'You
didn\'t select an....
Script Request
script request (2) another script request i am looking for a file manger tutorial with edit delete search upload move
copy and a WYSIWYG(What You See Is What You Get) editer like on on freewebs.com and css editor plz
help! i need on badly vmkrightpoint Edit"i keep search google and msn and yahoo i can't find
on!! lol"....
Free Forum Hosting Type Script Help!
Free forum hosting type script help!!! (2) i want to make something like http://invisionfree.com/ that makes an dir with your phpbb 3 forum
in it with an admin CP plz help i really want to make something like it!! i was thinking of coding
my own with file handling but i'm not good at some of it like "when u click submit to register
a forums it will move the phpbb3 file that leads to the users dir then it will rename the dir to
your username so like my.site.com/username it might work" with the admin username and pass and
admin's email it will open the config.php then edit all the data but it will ke....
Login Script
(8) I have another question--- i downloaded script of a game and it worked until my server changed to
newer version of php after which it didn't work... the most probable reason is that globals are
not enabled... now i need someone who can tell me what to put instead of what to make it work...
this is my login.php script CODE if (!$user || !$pass) { include("head.php"); print
"Please fill out all fields."; include("foot.php"); exit; } include("head.php"); $password =
md5($pass); $password2 = md5($password); $password3 = md5($password2); $password4 =....
Password Recovery Script
(7) While trying to make password recovery script for "bhupinunder" i run into a problem... i made this:
CODE $dbh = mysql_connect('localhost','jaskaran_gc','gc') or die
("Cannot Connect: " . mysql_error()); mysql_select_db('jaskaran_gc',$dbh); ?> ";?>
if ($recover=answer) print"$email"; ?> and it doesn't print anything...but if i put it
like this CODE $dbh = mysql_connect('localhost','jaskaran_gc','gc') or
die ("Cannot Connect: " . mysql_error()); mysql_select_db('jaskaran_gc',$dbh....
Warning: Mysql_result(): Supplied Argument Is Not A Valid Mysql Result Resource In ...
This Is for My attack Script. (4) Hey. I am making a "Version 2.0" For my attack script, but I can't make it work. This is the
error I am gettin: Warning: mysql_result(): supplied argument is not a valid MySQL result resource
in And here is the code: CODE $dbQueryHealth = mysql_query("SELECT temphealth FROM
characters WHERE user =". $_POST .""); $currentHealth = mysql_result($dbQueryHealth, 0);
$dbQueryExp = mysql_query("SELECT exp FROM characters WHERE user = ".$_POST ."");
$currentExp = mysql_result($dbQueryExp, 0); I have checked the PHP Manual,....
SQL Doesn't Connect In PHP Script
I made some code updates now the script is broken. (19) i have created a website and it is not working properly... i have had a website on sphosting.com and
everything worked fine till i got some errors(i got the errors because of the crappy host)...now the
fun part starts...they said they solved the problem but i got another one..i said them to repair it
again and they did...now i tried to login but as i entered the info it said the info isn't
correct...i checked the SQL and everything seemed fine..i tried again and again the error came...i
tried than to register,entered ALL info and when this was suppose to come out "Yo....
Php Script Help
help with scripting of php (1) Ok first a little back story of what happened and why I am asking for help. I have been playing text
based rpgs and found that I really like them. Well I have also found that most programers don't
want to listen to their clients in the sugestion box and when u make a content sughesstion they get
rude or make fun of your idea. So I decided I would sart my own and make it where the users had say
so in added content. Not saying all sugestions will get added but I will not make fun or get mad at
them. Any who when I bought the script I was under the impression it was fu....
Run A Script When Expires A Session
(6) For example, when a user logins to a page -with a login form- and after validating and verifying
it's credentials i store some information related to this user in session variables and a table
with his state -connected- is updated, then i use it in other pages, etc. When this user logouts
-by clicking a logout link- i release -unregister, destroy, etc- all the session variables stored
and the same table is updated with his state -disconnected-. All of this funcionality works very
well, the problem comes when the user do not click on the logout link and the session ....
Automated Product Suggestion Script
Compare user lists and suggest related items based on pattern matching (2) I recently got an idea for a project and one of the features I wanted the project to have was an
automated suggestion service. If anyone has been to Amazon, it would work much like their
recommended product feature. What I want to do is take several users lists of whatever but for this
example, I'll use web links like from the browser history. I would want to suggest links to a
user based on common links in many other users lists. User A: Amazon, Ebay, Excite, Google, Yahoo,
MySpace, Walmart User B: Amazon, Ebay, Google, Yahoo, You Tube, MySpace, CVS User C: Amazo....
Something Wrong With This Script?
Unexpected T_SRING (9) Here is the code that I have: CODE $con = mysql_connect("localhost","user","password"); if
(!$con) {die(' Could not connect: ' . mysql_error() . ' ');}
mysql_select_db("database", $con); $ip=$_SERVER ; echo "Adding MXP info..."; mysql_query (INSERT
INTO mxp (date, user, victim, turns, side, gold, lost, killed, mxp, points_b, points_a, type, power,
ip) VALUES ('$_POST ','$_POST ','$_POST ','$_POST ','$_POST
','$_POST ','$_POST ','$_POST ','$_POST ','$_POST
','$_POST ....
Automatic/remote Php Script Execution
(9) Hi, I was wondering, is it possible to execute a PHP script when a user isn't on the page with
it? Say for example, have it so that a script checks that if a certain time has passed since a user
was last active, it logs them off? So that if they've closed the window, it doesn't keep
them marked as logged in. Also, is there any way, with PHP to alert a user when something changes,
as soon as it happens? Say that if they recieve a new message, a box pops up telling them? You could
do this with Ajax I suppose, but (correct me if I'm wrong) continually runni....
Please Help (php Join Script)
(5) Ok as you all know by now I have been working on a php based game
to help me learn php. It has been going great and it is almost done. I got some very good help on is
sues here and along with sites like php.net. However I am stuck and can not find a solution to a
problem anywere. My Problem: I want users to join but I don't want some charicters to be in
there name (example I dont want Disallowed Charicters: , ', " I would array like: CODE
$string = array( , ', "); This for some reason does not work for. CODE if(strpos($name,
$string)){ //error s....
Xhtml Validation With Php In Cgi Mode
(0) Hi, Recently the host server of one of my clients change its PHP installation from the Apache mode
to the CGI mode so because of this change i got some problems. For example, whatever page i view it
shows these warnings at the top of the page: Warning: session_start() :
open(/tmp/sess_b05e459fe625d81a303b59982be3da39, O_RDWR) failed: Permission denied (13) in
/home/client_username/public_html/functions.php on line 9 Warning: session_start() : Cannot send
session cache limiter - headers already sent (output started at
/home/client_username/public_html/functions.php:9....
Login Script
PHP Help #3 - Need help creating one (5) It turns out that the authentication script that I copied from
http://www.php-mysql-tutorial.com/user-aut...on/database.php doesn't work even when it is left
unchanged. What a crappy piece of code. Now I am trying to build by own login script from scratch.
I already have a little knowledge on how to do this (connecting, echoing, retrieving) but I need
some more examples and/or tips. I know what I need and maybe this could help you out: Note: Green
items are fixed. No duplicate username in MySQL Database Authorized users only. I have to
authorize each....
Authentication Script
PHP Help #2 -- I need help tweaking it - it won't work (1) Okay, my first issue about the MySQL echo problem has been solved, thank you to those who helped.
/smile.gif" style="vertical-align:middle" emoid=":)" border="0" alt="smile.gif" /> Now I am focusing
on the login portion of my site, and I have this so far: CODE // we must never forget to start
the session session_start(); $errorMessage = ''; if (isset($_POST ) && isset($_POST ))
{ $username = $_POST ; $password = $_POST ; //Connect to database $con =
mysql_connect("localhost","myDatabaseUsername","myDatabasePassword"); if (!$con) { die('Co....
Problem With Xhtml Validation
(6) Hi, i have a problem when i try to validate a php page that includes a litlle form and use sessions
as a strict xhtml 1.1 page with the W3C XHTML VALIDATOR, the problem consists that everytime i send
it to the validator it creates a hidden input with the PHP PHPSESSID in the form and also adds to
the href attribute of every link this PHPSESSID, so if you have for example a link like this: CODE
page with session var equal 1 it results in this: CODE page with session var equal 1
and as you know it is recommended that always replace & with & to make yo....
Automated File Structure Creation Script
As Requested By Mark420 (3) While chatting with Mark420 today on the shoutbox, he mentioned that he was looking for a script to
create his entire folder structure with just a click of a button. For example, he wanted the
following folders created in his root folder by just clicking submit. /images /images/thumbs
/images/icons /css /javascripts /content /content/articles /content/tutorials Presumably this
would be used for some type of installation system or other quick server setup situation. Anyhow
here is what I threw together for him: /* ********************************************....
Online Multiplayer Chess Script
Online multiplayer chess script (2) Do you have any script for this?or where can i find this script. I wait your replies. ok.....
What Would Make A Good Registration Script?
(4) I see newbies all the time looking for either a login script or after a little querying you find
they really would like to have a registration script. The first thing for such a script for a
members area would of course be a form and being kind of old fashioned I still like to format my
forms with a table but I do use inline CSS to make it a little nicer. I never did like forms that
had an asterick * by a field and then a Note: Fields marked with * are required. So what I do
instead is add a background color to those areas and then use a CSS background color statin....
PHP Script To Upload A File
with password-protection. (15) Problem: Upload a file to the AstaHost account (that I have been granted here) throught the
webpage I would like to know, how should I proceed on this particular problem. I know this has
been done through cPanel, but I want to write a PHP functionality. The cPanel is accessed through
the 2082 port, and most of the places I access internet from does not give me access through that
port. I can access http://www.kmaheshbhat.astahost.com/ but not
http://www.kmaheshbhat.astahost.com/cpanel or http://www.kmaheshbhat.astahost.com:2082/ . I need
to go to one particu....
Need Help With A PHP - MySQL Registration Script
Wont INSERT into the database (13) hey well can some one helpme make this code work it won't INSERT INTO THE DATABSE CODE #
register1.php # common include file to MySQL include("DB.PHP"); $Username=$_POST ; $Password=$_POST
; $Name=$_POST ; $Last=$_POST ; $Sex=$_POST ; $Month=$_POST ; $Day=$_POST ; $Year=$_POST ;
$Adresse=$_POST ; $City=$_POST ; $State=$_POST ; $Zipcode=$_POST ; $Country=$_POST ; $Phone=$_POST ;
$Email=$_POST ; $Father_Name=$_POST ; $Mother_Name=$_POST ; $Parent_Phone=$_POST ;
$Parent_Email=$_POST ; $Level=$_POST ; $Academic=$_POST ; $Image_Link=$_POST ; $sql9="INSERT INTO
U....
Php Script To Download File From Another Site
(11) hi i need a php or java script code for downloading files from other sites to my site for example:
http://download.com/file.zip to http://mysite.com/file.zip thanks....
Trainable Anti-spam Filter Script
Any clues howto write one/get one ? (3) Hi all, Does anybody have ideas about writing trainable anti-spam mail filters - that you can
add onto any web-mail script ? Looking for something written in perl/php that'll allow me to
just check the checkboxes beside spam mails and click any button (say, "mark as spam") and the
script studies the mail headers and creates its own list of originating spammer domains/ips & blocks
out mails from 'em ? Thanks /smile.gif" style="vertical-align:middle" emoid=":)" border="0"
alt="smile.gif" />....
Tell-a-friend script
Make a tell-a-friend script with php!! (6) Hi!! I'll show you how to make a simple tell-a-friend script using php. If you put this on
your site, your visitors will be able to recommend your site to a friend. This can be good promotion
for your site. It's quite easy to set up too. Just copy and past the script below. Put this
where you want the form to appear: friendtell.php " method="get"> Tell a friend:
Put this in the file friendtell.php Your friend has been told! $myname = $from;
$myemail = $from; $contactemail = $to; $message = " Hi!! \nI wanted to tell y....
Looking for simple, checking, and, validation, php, script
|
See Also,
*SIMILAR VIDEOS*
Searching Video's for simple, checking, and, validation, php, script
|
advertisement
|
|
