Index
 |
Password protect your site! - Make a simple password protection! | ||
Discussion by websaint with 19 Replies.
Last Update: December 14, 2011, 8:52 am (View Latest) | Page 1 of 2 pages. | ||
 |
|||
If you need to password protect a page on your site, then you should take a look at this. I'll show you how to make a simple password protection for your site right here!! Just copy and paste the php script below:
Put this in a file you call login.html
<input type="text" name="login">
<input type="password" name="passwd">
<input type="Submit">
</form>
Put this in a file you call login.php (you'll have to embed the content of your secret page with this script)
<?
if (empty($_POST['login']))
{
exit();
}
if(strcmp($_POST['login'],"correct username here")==0 && strcmp($_POST['passwd'],"correct password here")==0)
{
?>
<html>
<body>
<p>Bla..bla..bla...You're secret page content should be added here!!</p>
</body>
</html>
<?
}
else
{
echo "Wrong username or password";
}
?>
That's all you have to do and you have a password protected page!!
Put this in a file you call login.html
CODE
<form action="login.php" method="post"><input type="text" name="login">
<input type="password" name="passwd">
<input type="Submit">
</form>
Put this in a file you call login.php (you'll have to embed the content of your secret page with this script)
<?
if (empty($_POST['login']))
{
exit();
}
if(strcmp($_POST['login'],"correct username here")==0 && strcmp($_POST['passwd'],"correct password here")==0)
{
?>
<html>
<body>
<p>Bla..bla..bla...You're secret page content should be added here!!</p>
</body>
</html>
<?
}
else
{
echo "Wrong username or password";
}
?>
That's all you have to do and you have a password protected page!!
Fri Sep 24, 2004 Reply New Discussion
I just begin to learn PHP, and very happy to find that it's so similar as C. To save the time, I skiped most of PHP desription. However, now I have something not very sure:
1. How could I keep some pages can be called in the html or php, but could not be viewed from the website? Your method described here may have solved this obstacle already, would you describe it a little more.
2. How could php load the client files to the server?
3. May I display some image(jpg or gif) with php?
I'm anxious to get the help from you, thank you in advance.
1. How could I keep some pages can be called in the html or php, but could not be viewed from the website? Your method described here may have solved this obstacle already, would you describe it a little more.
2. How could php load the client files to the server?
3. May I display some image(jpg or gif) with php?
I'm anxious to get the help from you, thank you in advance.
Sat Sep 25, 2004 Reply New Discussion
I have a question... Is that password protection foolproof or not easily bypassed? I guess what I'm trying to ask is that is it of the same protection quality of say... the asta host password protection or an email password protection?
Sat Sep 25, 2004 Reply New Discussion
well, it's safe. as the username is stored in a php variable, it will not be visible to all users.
but if you're on a school network, they can intercept the traffic and your password can be read, not encrypted or anything. but maybe that's a little paranoia. if you want your password to be unreadable in the traffic, i can give you a script that does so. it encrypts your password before it is sent and then it is compared with the stored (also encrypted) version of your pw. it cannot be decrypted!
but if you're on a school network, they can intercept the traffic and your password can be read, not encrypted or anything. but maybe that's a little paranoia. if you want your password to be unreadable in the traffic, i can give you a script that does so. it encrypts your password before it is sent and then it is compared with the stored (also encrypted) version of your pw. it cannot be decrypted!
Sat Sep 25, 2004 Reply New Discussion
QUOTE (marijnnn)
well, it's safe. as the username is stored in a php variable, it will not be visible to all users.but if you're on a school network, they can intercept the traffic and your password can be read, not encrypted or anything. but maybe that's a little paranoia. if you want your password to be unreadable in the traffic, i can give you a script that does so. it encrypts your password before it is sent and then it is compared with the stored (also encrypted) version of your pw. it cannot be decrypted!
[post="3676"]<{POST_SNAPBACK}>[/post]
Are You speak about MD5 Hashing?if not, i'm interested, how do you make it?
Sat Sep 25, 2004 Reply New Discussion
I agree with marijnnn, I have tried to write something in my php file which store message to mysql database. It works and the operations in php file will not be viewed via web link. However, to be safe, we need not only the operation, but also must consider the transfer (which marijnnn has already talked about), one more issue we should consider is: we also need to protect our database and the password.
Sun Sep 26, 2004 Reply New Discussion
small tutorial for md5 hash using.
store your info like this in a database or file:
username :: md5hash of password.
i use a database and have about 25 users in it. if you want, you can even set different rights by a third column. i use the linux method:
read = 1, write, =2, read + write = 3, execute =4, execute +read = 5, execute + write = 6, execute + write + read = 7.
only, it means other things. some users can upload pictures, some can only read info,...
then search google for 'javascript md5'
you'll get a js file and a small document.
and then, before sending the information of the form, you do this:
password.value=md5(password.value);
or something like that. i'm sure you'll find some info on the net how to do it. if not, i'll post the entire code this weekend if you want it.
and then you post the username and md5 hashed password. serverside, you check if there is a match and set the rights with a cookie or something like that.
store your info like this in a database or file:
username :: md5hash of password.
i use a database and have about 25 users in it. if you want, you can even set different rights by a third column. i use the linux method:
read = 1, write, =2, read + write = 3, execute =4, execute +read = 5, execute + write = 6, execute + write + read = 7.
only, it means other things. some users can upload pictures, some can only read info,...
then search google for 'javascript md5'
you'll get a js file and a small document.
and then, before sending the information of the form, you do this:
password.value=md5(password.value);
or something like that. i'm sure you'll find some info on the net how to do it. if not, i'll post the entire code this weekend if you want it.
and then you post the username and md5 hashed password. serverside, you check if there is a match and set the rights with a cookie or something like that.
Tue Sep 28, 2004 Reply New Discussion
Let's do this but using HTML, PHP and MySQL. The improvements that you could make is that you create pages to help you manage your database which means you would have a registration page, a forgotten password page and a login page and whatever else you think you would require, concept behind it is a full feature membership login procedure. But for this I will only show you the basics and may provide the complete package in the HOWTO and TUTORIAL section.
So lets begin with setting up our database, hopefully you have a database already created, our one will be named MyDB for this example.
Next we will pass some MySQL query inside phpmyadmin to create the table and entries we require. Since it's only for a simple login, what would we require? We need the username and password. We should have some security features behind this, but for this simple login, we won't be needing that.
userid int(25) NOT NULL auto_increment,
username varchar(30) NOT NULL default '',
passwd varchar(255) NOT NULL default '',
PRIMARY KEY (userid),
UNIQUE KEY (username)
) TYPE = MyISAM COMMENT = 'MyDB Users';
That create our table we will use to store our username/password,
We then create our first user, using phpmyadmin once again to execute this query.
VALUES (
'', 'myUserName', PASSWORD('myPassWord')
);
What this does is add a user named myUserName and a password that is myPassWord as well as doing the auto_increment used for userid, which should get set to 1.
Next we write our connection to database file, this is the user that has permissions on the database to be able to access the required information we need, this file we will include in our login script to connect to our database and perform the required tasks. We will call this dbcon.inc.php
$dbhost = 'localhost';
$dbusername = 'MyDB_username';
$dbpassword = 'MyDB_password';
$database = 'MyDB';
$connection = mysql_connect("$dbhost", "$dbusername", "$dbpassword") or die('Error: Connection to Server failed');
$db = mysql_select_db("$database", $connection) or die('Error: Database selection failed');
?>
We then create our simple login.html form, not set up nicely, but I'll leave that up to you.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict //EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-NZ" lang="en-NZ">
<head>
<title>
Login Page
</title>
</head>
<body>
<form action="/php-bin/login.php" method="post" id="loginform">
<table summary="login information">
<tr>
<td>Username</td>
<td><input id="username" type="text" name="username" /></td>
</tr>
<tr>
<td>Password</td>
<td><input id="password" type="password" name="password" /></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" id="submit" value="Submit" name="submit" /></td>
</tr>
</table>
</form>
</body>
</html>
Now all we need to do is create our login.php script
include '../includes/db.inc.php';
$username = $_POST['username'];
$password = $_POST['password'];
if((!$username) || (!$password))
exit();
$sql = mysql_query("SELECT * FROM users WHERE userid = '1' AND username = '$username' AND passwd = PASSWORD('$password')");
$login_check = mysql_num_rows($sql);
if($login_check > 0)
{
echo '<' . '?xml version=1.0" encoding="iso-8859-1"?' . '>';
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict //EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-NZ" lang="en-NZ">
<head>
<title>
Secret Page
</title>
</head>
<body>
<p>blah blah blah blah blah SECRET PAGE blah blah blah</p>
</body>
</html>
<?php
}
else
echo "Your login was invalid, Either username or password were incorrect<br />";
?>
And that's it, You just have to make sure that you have a folder called includes (new folder created) for all your included files to go and that the path is correct, that the login.php exists in your php-bin (new folder created). There have been issues with using the word password in MySQL as I believe it's a reserved word, so you might want to change from using password to passwd as I have done in MySQL.
To login you would use myUserName and myPassWord.
This has been tested and verified that it works.
Cheers, MC
So lets begin with setting up our database, hopefully you have a database already created, our one will be named MyDB for this example.
Next we will pass some MySQL query inside phpmyadmin to create the table and entries we require. Since it's only for a simple login, what would we require? We need the username and password. We should have some security features behind this, but for this simple login, we won't be needing that.
CODE
CREATE TABLE users (userid int(25) NOT NULL auto_increment,
username varchar(30) NOT NULL default '',
passwd varchar(255) NOT NULL default '',
PRIMARY KEY (userid),
UNIQUE KEY (username)
) TYPE = MyISAM COMMENT = 'MyDB Users';
That create our table we will use to store our username/password,
We then create our first user, using phpmyadmin once again to execute this query.
CODE
INSERT INTO `users` (`userid`, `username`, `passwd`)VALUES (
'', 'myUserName', PASSWORD('myPassWord')
);
What this does is add a user named myUserName and a password that is myPassWord as well as doing the auto_increment used for userid, which should get set to 1.
Next we write our connection to database file, this is the user that has permissions on the database to be able to access the required information we need, this file we will include in our login script to connect to our database and perform the required tasks. We will call this dbcon.inc.php
CODE
<?php$dbhost = 'localhost';
$dbusername = 'MyDB_username';
$dbpassword = 'MyDB_password';
$database = 'MyDB';
$connection = mysql_connect("$dbhost", "$dbusername", "$dbpassword") or die('Error: Connection to Server failed');
$db = mysql_select_db("$database", $connection) or die('Error: Database selection failed');
?>
We then create our simple login.html form, not set up nicely, but I'll leave that up to you.
CODE
<?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict //EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-NZ" lang="en-NZ">
<head>
<title>
Login Page
</title>
</head>
<body>
<form action="/php-bin/login.php" method="post" id="loginform">
<table summary="login information">
<tr>
<td>Username</td>
<td><input id="username" type="text" name="username" /></td>
</tr>
<tr>
<td>Password</td>
<td><input id="password" type="password" name="password" /></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" id="submit" value="Submit" name="submit" /></td>
</tr>
</table>
</form>
</body>
</html>
Now all we need to do is create our login.php script
CODE
<?phpinclude '../includes/db.inc.php';
$username = $_POST['username'];
$password = $_POST['password'];
if((!$username) || (!$password))
exit();
$sql = mysql_query("SELECT * FROM users WHERE userid = '1' AND username = '$username' AND passwd = PASSWORD('$password')");
$login_check = mysql_num_rows($sql);
if($login_check > 0)
{
echo '<' . '?xml version=1.0" encoding="iso-8859-1"?' . '>';
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict //EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-NZ" lang="en-NZ">
<head>
<title>
Secret Page
</title>
</head>
<body>
<p>blah blah blah blah blah SECRET PAGE blah blah blah</p>
</body>
</html>
<?php
}
else
echo "Your login was invalid, Either username or password were incorrect<br />";
?>
And that's it, You just have to make sure that you have a folder called includes (new folder created) for all your included files to go and that the path is correct, that the login.php exists in your php-bin (new folder created). There have been issues with using the word password in MySQL as I believe it's a reserved word, so you might want to change from using password to passwd as I have done in MySQL.
To login you would use myUserName and myPassWord.
This has been tested and verified that it works.
Cheers, MC
Tue Sep 28, 2004 Reply New Discussion
QUOTE (bx93)
I just begin to learn PHP, and very happy to find that it's so similar as C. To save the time, I skiped most of PHP desription. However, now I have something not very sure:1. How could I keep some pages can be called in the html or php, but could not be viewed from the website? Your method described here may have solved this obstacle already, would you describe it a little more.
2. How could php load the client files to the server?
3. May I display some image(jpg or gif) with php?
I'm anxious to get the help from you, thank you in advance.
[post="3608"]<{POST_SNAPBACK}>[/post]
1. just save the file in html if you want it in html if in php just put these lines "<?php ?>" in the header before your content and save in php that will be bloop php pages. take note that if your file contains php code you must save it in php or it will not be parse.
2. just a client and server relations
3. yes with php gd functions
and for the code if you want to add some security to your password you could do this
CODE
INSERT INTO `users` (`userid`, `username`, `passwd`)VALUES (
'', 'myUserName', password('myPassWord')
);
Tue Sep 28, 2004 Reply New Discussion
QUOTE (r3d)
1. just save the file in html if you want it in html if in php just put these lines "<?php ?>" in the header before your content and save in php that will be bloop php pages. take note that if your file contains php code you must save it in php or it will not be parse.2. just a client and server relations
3. yes with php gd functions
and for the code if you want to add some security to your password you could do this
CODE
INSERT INTO `users` (`userid`, `username`, `passwd`)VALUES (
'', 'myUserName', password('myPassWord')
);
[post="3900"]<{POST_SNAPBACK}>[/post]
I took r3d's advice and altered the script to use PASSWORD('myPassWord') as well as altering the check for it to use PASSWORD as well. Script has been tested and works.
Cheers, MC
Wed Sep 29, 2004 Reply New Discussion
no need of so much circus. just in every control panel this feature will be there. if you cannot fine just go throug help in cpanel
Mon Oct 4, 2004 Reply New Discussion
i gonna create a better script, oh is it gonna be better.
Fri Dec 9, 2011 Reply New Discussion
You are "gonna create", but you did not do it yet! 
Sat Dec 10, 2011 Reply New Discussion
ok i'm all most finished, i don't like mysql so dm it
Tue Dec 13, 2011 Reply New Discussion
do you like php?
Tue Dec 13, 2011 Reply New Discussion
 |
 |
|
 |
 |
| Reply / Comment | Ask a Question? | Share / Bookmark | E-Mail a Friend |
(40) Add Favicon To Your Site Creating, Converting to icon, Setup 
|