PHP - Download Authentication Problem
hey guys a novice coder needs help here.
I have about 10 downloads on a single page. Clients wants that when visitor clicks on one download it takes you to a form. Once the form is necessary information completed and form filled and submitted the download begins. Now when they click on another download it would download instantly without the need to fill out any form. How can I achieve this in a most basic manner in php with reasonable security? Similar TutorialsHere I have three different pages. The first can be logged on as admin and you can choose to add entry and visit visitor log. (Do not use MySQL or other databases). All items and visitor log saved to file. I am using sessions and what I have problem with is a password-protected administration section. (Authentication) What I'm trying to make is that visitors will be able to see the items, but only admin can log in and only the admin should be able to add entries and visit visitor log. what should I do? index.php (where I log in with username: admin and pw:123) <?php session_start(); if(isset($_POST['LoutBtn'])) { session_destroy(); } if(isset($_POST['LoginBtn'])) { //convert a string to all lower case letters. //if user gives username with big letters still can login. $user = strtolower($_POST['username']); $pass = $_POST['password']; if($user == 'admin' && $pass == '123') { $_SESSION['LogedIn'] = true; print('Welcome admin'); ?> <table width="50" align="right" cellpadding="2" cellspacing="2"> <form method="POST" action="panel.php"> <tr> <td><input type="submit" value="add post" name="PnlBtn" /></td> </tr> </form> <form method="POST" action="stat.php"> <tr> <td><input type="submit" name="showstat" value="visitorlog" /></td> </tr> </form> </table> <?php } elseif (empty($user) || empty($pass)) { print('<font color="#FF0000">Please fill in username and password!<br/></font>'); } elseif ($_POST['username'] != 'admin'){ print('<font color="#FF0000">wrong username<br/></font>'); } elseif ($_POST['password'] != '123'){ print('<font color="#FF0000">wrong password<br/></font>'); //elseif { // print('<font color="#FF0000">The User Name And/Or Password is incorrect! // Please try again...<br/></font>'); //print('<a href="index.php">Back</a>'); } } ?> <?PHP /* define the blog content file name */ $filename = "myBlogContent.txt"; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> </head> <body> <form method="post" action="index.php"> <table width="300" border="1" align="right" cellpadding="2" cellspacing="2"> <tr> <td width="150">UserName:</td> <td> <input type="text" name="username" size="20" /> </td> </tr> <tr> <td width="150">Password</td> <td><input type="password" name="password" size="20" /></td> </tr> <tr> <td><input type="submit" value="Login" name="LoginBtn" /> </td> </tr> <tr> <td><input type="submit" value="Logout" name="LoutBtn" /></td> </tr> </table> </form> <!-- CONTENT DIV --> <div style="position:absolute; left: 100px; top: 100px; width: 400px;"> <?PHP /* check to see if the file exists */ if (!file_exists($filename)) { echo "The Blog Is Empty"; }else{ /* get the file lines into an array */ $BlogArray = file($filename); /* count the number of blog entries */ $count = count($BlogArray); $i=0; while($i<$count) { $new_array = explode("|", $BlogArray[$i]); echo "Posted by: " . $new_array[1] . "<br>"; echo "Posted on: " . date("m/d/y h:iA", time($new_array[0])) . "<br>"; echo "Title: " . $new_array[2] . "<br>"; echo $new_array[3] . "<hr>"; $i ++; } } ?> </div> </body> </html> panel.php (where I can add new items) <?php session_start(); //if(isset($_POST['LoutBtn'])){ //header ('Location: index.php'); //} //print('<h1>Welcome admin</h1>'); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> </head> <body> <form action="content.php" method="post"> <table> <tr><td>Blog entry posted by (Your name): </td><td><input type="text" name="who" size="20" maxlength="20" value=""></td></tr> <tr><td>Title of this blog entry: </td><td><input type="text" name="title" size="40" maxlength="80" value=""></td></tr> <tr><td>Content: </td><td><textarea name="content" rows="5" cols="40"></textarea></td></tr> <tr><td clospan="2"><input type="submit" value="Submit"></td></tr> <tr><td clospan="2"><input type="submit" name="showstat" value="visitorlog" /></td></tr> <tr><td clospan="2"><input type="submit" value="Logout" name="LoutBtn" /></td></tr> </table> </form> <a href="index.php">View</a><br> </body> </html> content.php (Location: panel.php) <?PHP /* obtain the form data */ $who = $_POST['who']; $title = $_POST['title']; $content = $_POST['content']; $content = str_replace(array("\r\n", "\r", "\n"), "<br>", $content); /* create timestamp variable for current date and time */ $when_ts = time(); /* define the blog content file name */ $filename = "myBlogContent.txt"; /* prepare the variables for adding to the file */ $new_line_content = $when_ts . "|" . $who . "|" . $title . "|" . $content . "\n"; /* open the file in the APPEND MODE */ $fh = fopen($filename, 'a+') or die("can't open file"); /* add the new content */ fwrite($fh, $new_line_content); /* close the file */ fclose($fh); header("Location: panel.php"); //exit; // Closes further script execution . ?> stat.php (visitorlog) <?php session_start(); if(isset($_POST['home'])){ ?> <p> <input type="submit" name="home" value="Hem" /></p> <?php } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> </head> <body> <form action="index.php" method="post"> <p> <input type="submit" name="home" value="Hem" /></p> </form> <?php $ipaddress = $_SERVER['REMOTE_ADDR']; $page = "http://{$_SERVER['HTTP_HOST']}{$_SERVER['PHP_SELF']}"; $referrer = $_SERVER['HTTP_REFERER']; $datetime = mktime(); $useragent = $_SERVER['HTTP_USER_AGENT']; $remotehost = @getHostByAddr($ipaddress); ?> <?php // Create log line // Create log line $logline = $ipaddress . '|' . $referrer . '|' . $datetime . '|' . $useragent . '|' . $remotehost . '|' . $page . "\n"; // Write to log file: $logfile = 'logfile.txt'; // Open the log file in "Append" mode if (!$handle = fopen($logfile, 'a+')) { die("Failed to open log file"); } // Write $logline to our logfile. if (fwrite($handle, $logline) === FALSE) { die("Failed to write to log file"); } fclose($handle); ?> <?php // Open log file $logfile = "logfile.txt"; if (file_exists($logfile)) { $handle = fopen($logfile, "r"); $log = fread($handle, filesize($logfile)); fclose($handle); } else { die ("The log file doesn't exist!"); } // Seperate each logline $log = explode("\n", trim($log)); // Seperate each part in each logline for ($i = 0; $i < count($log); $i++) { $log[$i] = trim($log[$i]); $log[$i] = explode('|', $log[$i]); } echo count($log) . " people have visited this website.". "<br>" . "<br>"; ?> <?php // Show a table of the logfile //echo 'IP Address'. "<br>" . "<br>"; //echo 'Referrer'. "<br>" . "<br>"; //echo 'Date'. "<br>" . "<br>"; //echo 'Useragent'. "<br>" . "<br>"; //echo 'Remote Host'. "<br>" . "<br>"; foreach ($log as $logline) { echo '' . $logline['0'] . "<br>" . "<br>"; echo '' . urldecode($logline['1']) . "<br>" . "<br>"; echo '' . date('d/m/Y H:i:s', $logline['2']) . "<br>" . "<br>"; echo '' . $logline['3'] . "<br>" . "<br>"; echo '' . $logline['4'] . "<br>" . "<br>"; } ?> </body> </html> Hey Guys.
I want to implement google cloud vision api for recognise the image. Everything installed fine, I'm getting the error Google\Cloud\Core\Exception\ServiceException { "error": { "code": 403, "message": "The request is missing a valid API key.", "status": "PERMISSION_DENIED" } } 1. in C:\xampp\htdocs\vofms\vendor\google\cloud-core\src\RequestWrapper.php at line 336 327328329330331332333334335336337338339340341342343344345 case 504: $exception = Exception\DeadlineExceededException::class; break; default: $exception = Exception\ServiceException::class; break; } return new $exception($this->getExceptionMessage($ex), $ex->getCode(), $ex); } /** * Gets the exception message. * * @param \Exception $ex * @return string */ private function getExceptionMessage(\Exception $ex) 2. in C:\xampp\htdocs\vofms\vendor\google\cloud-core\src\RequestWrapper.php at line 189 – Google\Cloud\Core\RequestWrapper::convertToGoogleException(GuzzleHttp\Exception\ClientException) 183184185186187188189190191192193194195 try { return $backoff->execute($this->httpHandler, [ $this->applyHeaders($request), $this->getRequestOptions($options) ]); } catch (\Exception $ex) { throw $this->convertToGoogleException($ex); } } /** * Deliver the request asynchronously. * 3. in C:\xampp\htdocs\vofms\vendor\google\cloud-core\src\RestTrait.php at line 96 – Google\Cloud\Core\RequestWrapper::send(GuzzleHttp\Psr7\Request, []) 90919293949596979899100101102 try { return json_decode( $this->requestWrapper->send( $this->requestBuilder->build($resource, $method, $options), $requestOptions )->getBody(), true ); } catch (NotFoundException $e) { if ($whitelisted) { throw $this->modifyWhitelistedError($e); } 4. in C:\xampp\htdocs\vofms\vendor\google\cloud-vision\src\Connection\Rest.php at line 59 – Google\Cloud\Vision\Connection\Rest::send('images', 'annotate', ['requests' => [['image' => ['content' => '/9j/4AAQSkZJRgABAQEBLAEsAAD/2wBD...'], 'features' => [['type' => 'FACE_DETECTION']]]]]) 535455565758596061 /** * @param array $args */ public function annotate(array $args) { return $this->send('images', 'annotate', $args); } } 5. in C:\xampp\htdocs\vofms\vendor\google\cloud-vision\src\VisionClient.php at line 272 – Google\Cloud\Vision\Connection\Rest::annotate(['requests' => [['image' => ['content' => '/9j/4AAQSkZJRgABAQEBLAEsAAD/2wBD...'], 'features' => [['type' => 'FACE_DETECTION']]]]]) 266267268269270271272273274275276277278 foreach ($images as $image) { $requests[] = $image->requestObject(); } $res = $this->connection->annotate([ 'requests' => $requests ] + $options); $annotations = []; if (isset($res['responses'])) { foreach ($res['responses'] as $response) { $annotations[] = new Annotation($response); } 6. in C:\xampp\htdocs\vofms\vendor\google\cloud-vision\src\VisionClient.php at line 229 – Google\Cloud\Vision\VisionClient::annotateBatch([Google\Cloud\Vision\Image], []) 223224225226227228229230231232233234235 * @param Image $image The image to annotate * @param array $options Configuration options * @return Annotation */ public function annotate(Image $image, array $options = []) { $res = $this->annotateBatch([$image], $options); return $res[0]; } /** * Annotate a set of images. * 7. in C:\xampp\htdocs\vofms\frontend\themes\admin_lte\site\index.php at line 22 – Google\Cloud\Vision\VisionClient::annotate(Google\Cloud\Vision\Image) 16171819202122232425262728 $image = $vision->image( fopen('C:\xampp\htdocs\vofms\frontend\themes\admin_lte\images\1.jpg', 'r'), ['faces'] ); $annotation = $vision->annotate($image); // Determine if the detected faces have headwear. foreach ($annotation->faces() as $key => $face) { if ($face->hasHeadwear()) { echo "Face $key has headwear.\n"; } 8. in C:\xampp\htdocs\vofms\vendor\yiisoft\yii2\base\View.php at line 348 – require('C:\xampp\htdocs\vofms\frontend\t...') 9. in C:\xampp\htdocs\vofms\vendor\yiisoft\yii2\base\View.php at line 257 – yii\base\View::renderPhpFile('C:\xampp\htdocs\vofms\frontend\t...', ['dataProvider' => yii\data\ActiveDataProvider]) 10. in C:\xampp\htdocs\vofms\vendor\yiisoft\yii2\base\View.php at line 156 – yii\base\View::renderFile('C:\xampp\htdocs\vofms\frontend\v...', ['dataProvider' => yii\data\ActiveDataProvider], frontend\controllers\SiteController) 11. in C:\xampp\htdocs\vofms\vendor\yiisoft\yii2\base\Controller.php at line 384 – yii\base\View::render('index', ['dataProvider' => yii\data\ActiveDataProvider], frontend\controllers\SiteController) 12. in C:\xampp\htdocs\vofms\frontend\controllers\SiteController.php at line 89 – yii\base\Controller::render('index', ['dataProvider' => yii\data\ActiveDataProvider]) 83848586878889909192939495 $dataProvider = new ActiveDataProvider([ 'query' => Offenses::find(), ]); return $this->render('index', [ 'dataProvider' => $dataProvider, ]); } /** * Displays a single Offenses model. * @param integer $id * @return mixed 13. frontend\controllers\SiteController::actionIndex() 14. in C:\xampp\htdocs\vofms\vendor\yiisoft\yii2\base\InlineAction.php at line 57 – call_user_func_array([frontend\controllers\SiteController, 'actionIndex'], []) 15. in C:\xampp\htdocs\vofms\vendor\yiisoft\yii2\base\Controller.php at line 157 – yii\base\InlineAction::runWithParams(['r' => 'site/index']) 16. in C:\xampp\htdocs\vofms\vendor\yiisoft\yii2\base\Module.php at line 528 – yii\base\Controller::runAction('index', ['r' => 'site/index']) 17. in C:\xampp\htdocs\vofms\vendor\yiisoft\yii2\web\Application.php at line 103 – yii\base\Module::runAction('site/index', ['r' => 'site/index']) 18. in C:\xampp\htdocs\vofms\vendor\yiisoft\yii2\base\Application.php at line 386 – yii\web\Application::handleRequest(yii\web\Request) 19. in C:\xampp\htdocs\vofms\frontend\web\index.php at line 17 – yii\base\Application::run() 11121314151617 require _DIR_ . '/../../common/config/main.php', require _DIR_ . '/../../common/config/main-local.php', require _DIR_ . '/../config/main.php', require _DIR_ . '/../config/main-local.php' ); (new yii\web\Application($config))->run()Quote
Where I can set GOOGLE_APPLICATION_CREDENTIALS environment variable in Yii2 framework.
Edited February 9, 2019 by PHPLazy This topic has been moved to JavaScript Help. http://www.phpfreaks.com/forums/index.php?topic=347327.0 hi, I want to download the file, where i have the search query in session variable, in my local system its working good, but in server its not working, any guidance please Code: [Select] <?php include("global.php"); // Original PHP code by Chirp Internet: www.chirp.com.au // Please acknowledge use of this code by including this header. function cleanData(&$str) { $str = preg_replace("/\t/", "\\t", $str); $str = preg_replace("/\r?\n/", "\\n", $str); if(strstr($str, '"')) $str = '"' . str_replace('"', '""', $str) . '"'; } $sql = $_SESSION['emp_search_sql']; // file name for download $filename = "employees_" . date('Ymd') . ".xls"; header("Content-Disposition: attachment; filename=\"$filename\""); header("Content-Type: application/vnd.ms-excel; charset=UTF-8"); header("Pragma: no-cache"); $flag = false; $result = $DB_site->query($sql) or die('Query failed!'); while(false !== ($row = mysql_fetch_assoc($result))) { if(!$flag) { // display field/column names as first row echo implode("\t", array_keys($row)) . "\n"; $flag = true; } array_walk($row, 'cleanData'); echo implode("\t", array_values($row)) . "\n"; } ?> Thanks I am using a script for users to download a file, however after the download I want to be able to redirect the user or display a message etc... but I cannot get it to work. My download code is below; if($do_download){ $filename = 'file.zip'; $itemfile = ('/abc/123/htdocs/bin/'.$filename); $filelength = filesize($itemfile); $fp = @fopen($itemfile, "rb"); ob_start(); Header("Pragma: public"); Header("Expires: 0"); Header("Cache-control: private"); Header("Content-Type: application/x-zip-compressed"); Header("Content-Transfer-Encoding: binary"); Header("Content-Length: $filelength"); Header("Accept-Ranges: bytes"); Header('Content-Disposition: attachment; filename="'.$filename.'"'); Header("Connection: close"); ob_end_clean(); while(!feof($fp)){ print stream_get_contents($fp); // for PHP 5+ else use fread } fclose($fp); header('Location: page2.php'); } It doesn't seem to matter what I do whether a redirect or just an echo command nothing continues after the file is downloaded???? Hi, I have one webhost (A) that supports no PHP and has unlimited bandwidth. I have a second webhost (B) that does support PHP, but has limited bandwidth. The website is on host A and contains a 5mb file that people can download and I'd like to count the downloads. But now I need to use host B to count the downloads. I'm using this small script on host B to count the downloads. <?php $hits=file("count.txt"); $hits[0]++;$fp=fopen("count.txt","w"); fputs($fp,$hits[0]); fclose($fp); header("Location: http://webhost-A.com/files/download.zip"); ?> The download link people see on my website is: http://webhost-B.com/download.php Generally this works fine, but I found out that people can still find the direct link with download managers and then put that direct link on their website, which prevents me from counting those downloads. A solution I found is to use ReadFile. But the problem is that when using ReadFile, host B first downloads the file from host A and then sends it to the user and that's exactly what I don't want. Is it possible to let people download the file directly from host A without showing the direct download link in any way and also count the downloads?
Basically I would like to place a link on my website and have the user download a file, but rather than just right clicking and choosing save target as, the link must be clicked, on the next page the file is fetched and then the client can download the file. How would I go about setting this up please? I have made a Php program that downloads an Inno setup installation file for installing a program. However, if I for one or another reason want to make a new download of the same Inno setup installation file, the previous file will still be found in the Download folder. Each of the downloads get a number in parenthesis, setup(1), setup(2), setup(3) etc. However, I wondered if it is posible to erase the previous file in the same process as I download a new one, so that however many downloads I do, there will all the time only be one occurence of this file in the Download folder. The download code is as follows: $exe = "Inno script/Test_setup.exe"; header("Content-Type: application/octet-stream"); header("Content-Disposition: attachment; filename=\"Test_setup.exe\""); header("Content-Length: " . filesize($exe)); readfile($exe); Thanks in advance. Sincerely
Hi all, I have an authentication part on my website that checks every page through a session variable if a user is logged in and which user it is. When I test my code on my computer it works perfectly registration and login goes smooth but when someone on another computer tries it they get the acces denied page.... does anyone know why??? Greets Ryflex I am currently doing the following but wish to change to using JWTs. A webserver is running some CRM system which has its own authentication system and browsers can access public routes without logging and but must log on first to access private routes. All the routes on the webserver which are prefixed by "api" will be forwarded to specific REST API along with an "account" GUID in the header and the user's ID if it exists. For the routes that require a user to be logged in, the webserver will first check if a session exists, and if not make a preliminary GET request to the REST API which includes the GUID as well as the user's ID and encrypted password (both based on the webserver's CRM DB) in the URL. Not sure whether anything is possible by including the hashed password and am currently not doing anything with it. The REST API queries the DB using the GUID and webserver's user ID and returns the REST API's users ID and the webserver stores it in a session. The REST API receives the GUID and potentially the REST API's user ID and queries the DB to retrieve the account and potentially user before executing the route, and returns the response to the webserver which it returns it to the browser.The new approach might be something like the following: Before the webserver forwards any request to the REST API, it checks if a session is set, and if not performs a GET request to the REST API along with the GUID and if known user's credentials in the URL and receives a JWT which contains a payload including the account PK, and potentially the user PK, user's access level, etc. All future requests include this JWT in the header. The REST API no longer queries the DB to get the account ID and user authorized settings as it is provided in the JWT.A couple of questions: What should be done if a non-logged on user first accesses a public route, gets a JWT, and stores it in a session, but then later logs on and accesses a private route? The webserver thinks it has a valid JWT and will send it but the REST API will then decrypt it and find there is no user it. One option is for the webserver to use two sessions, but this sounds kludgy. Or maybe the REST API returns some header which instructs the webserver to re-authenticate, but not sure if even an option, and if so how to cleanly prevent some loop. Also, would it be necessary to issue a new JWT or can the payload in a JWT be changed? Is GET appropriate for requesting the JWT's or should I use some other method? Is it appropriate to include the user's access level in the JWT payload? Will one need to wait until the JWT has expired before their access level changes? Any ideas how to deal with using the user's password on the CRM to also authenticate on the REST API? The GUID is probably secret enough for the application and if an issue, can just use the GUID and username. Am I going down an reasonable path and anything else obvious I should be considering?Thanks! I have had a problem with people attacking my site and trying to gain access to users accounts so i beefed up security, however now users are complaining they keep getting logged out. Here are the variables i use to validate the users and i dont want to strip them down any more can anyone give me any ideas for changing them so its still secure but not so strict as to keep logging the users out? 1. Username & password is encrypted into a cookie and verified on every page they visit. 2. There ip address is recorded on login and is checked against there current ip, on every page they visit via MySql. 3. When the user logs in a unix time stamp (mySql) is generated an updated of every page they visit and if it has not been updated in the last 60 mins the user is logged out. 4.I also generate a random key which is stored in the DB and is passed on every page via GET. 5.If a user tries to login and fails an email is sent to them and if 3 unsuccessful attempts user is locked out for 30mins. The application that I want to build is quite simple. Here is a bit of the background of the work flow: In my company, we create video for our client profile. After the video is done, we upload the video to our website and to youtube. It is done automatically. After a period of time, the client can delete the video. Of course, it will delete the video in our system as well as the video in youtube. For now, the video in our system is deleted automatically. However, youtube video is deleted manually. Our company has grown to have quite a lot of clients. It's hard for us to keep track clients that requested to delete their videos. We want to be able to have an application that will delete youtube video automatically. I already tried to play around with youtube authentication in http://code.google.com/apis/youtube/2.0/developers_guide_php.html#Authentication but I have no luck with the authentication. I want the application to be able to delete the video under my youtube account without having me to login to youtube. In my case right now, every time the application wants to delete the video, I have to send the request to youtube and ask for verification (i.e. I have to do application verification every time). Here is what I have done so far: ini_set('display_errors', 1); ini_set('log_errors', 1); ini_set('error_log', dirname(__FILE__) . '/error_log.txt'); error_reporting(E_ALL); require_once('db_class.php'); require_once 'Zend/Loader.php'; Zend_Loader::loadClass('Zend_Gdata_YouTube'); Zend_Loader::loadClass('Zend_Gdata_AuthSub'); Zend_Loader::loadClass('Zend_Gdata_App_Exception'); session_start(); setLogging('on'); $_SESSION['developerKey'] = 'AI39si5H3hL9tcKOMl80IqzoC6nb87ka1QLgHxLp9nFi1l44dLa987_Gi0rbofLePQdFEWf1lrSB8KGs4lXIrcF8TR6PhUcO3Q'; function getAuthSubRequestUrl() { $next = 'http://example.com/youtube_delete_video.php'; $scope = 'http://gdata.youtube.com'; $secure = false; $session = true; return Zend_Gdata_AuthSub::getAuthSubTokenUri($next, $scope, $secure, $session); } function updateAuthSubToken($singleUseToken) { try { $sessionToken = Zend_Gdata_AuthSub::getAuthSubSessionToken($singleUseToken); } catch (Zend_Gdata_App_Exception $e) { print 'ERROR - Token upgrade for ' . $singleUseToken . ' failed : ' . $e->getMessage(); return; } $_SESSION['sessionToken'] = $sessionToken; generateUrlInformation(); header('Location: ' . $_SESSION['homeUrl']); } function getAuthSubHttpClient() { try { $httpClient = Zend_Gdata_AuthSub::getHttpClient($_SESSION['sessionToken']); } catch (Zend_Gdata_App_Exception $e) { print 'ERROR - Could not obtain authenticated Http client object. ' . $e->getMessage(); return; } $httpClient->setHeaders('X-GData-Key', 'key='. $_SESSION['developerKey']); return $httpClient; } function generateUrlInformation() { if (!isset($_SESSION['operationsUrl']) || !isset($_SESSION['homeUrl'])) { $_SESSION['operationsUrl'] = 'http://'. $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']; $path = explode('/', $_SERVER['PHP_SELF']); $path[count($path)-1] = 'index.php'; $_SESSION['homeUrl'] = 'http://'. $_SERVER['HTTP_HOST'] . implode('/', $path); } } function loggingEnabled() { if ($_SESSION['logging'] == 'on') { return true; } } function setLogging($loggingOption, $maxLogItems = 10) { switch ($loggingOption) { case 'on' : $_SESSION['logging'] = 'on'; $_SESSION['log_currentCounter'] = 0; $_SESSION['log_maxLogEntries'] = $maxLogItems; break; case 'off': $_SESSION['logging'] = 'off'; break; } } function logMessage($message, $messageType) { if (!isset($_SESSION['log_maxLogEntries'])) { $_SESSION['log_maxLogEntries'] = 20; } if (!isset($_SESSION['log_currentCounter'])) { $_SESSION['log_currentCounter'] = 0; } $currentCounter = $_SESSION['log_currentCounter']; $currentCounter++; if ($currentCounter > $_SESSION['log_maxLogEntries']) { $_SESSION['log_currentCounter'] = 0; } $logLocation = 'log_entry_'. $currentCounter . '_' . $messageType; $_SESSION[$logLocation] = $message; $_SESSION['log_currentCounter'] = $currentCounter; } function printCacheWarning() { return '<p class="note">' . 'Please note that the change may not be reflected in the API ' . 'immediately due to caching.<br/>' . 'Please refer to the API documentation for more details.</p>'; } function editVideoData($videoId) { $httpClient = getAuthSubHttpClient(); $youTubeService = new Zend_Gdata_YouTube($httpClient); $videoEntryToUpdate = $youTubeService->getFullVideoEntry($videoId); if (!$videoEntryToUpdate instanceof Zend_Gdata_YouTube_VideoEntry) { print 'ERROR - Could not find a video entry with id ' . $videoId . '<br />' . printCacheWarning(); return; } try { $putUrl = $videoEntryToUpdate->getEditLink()->getHref(); } catch (Zend_Gdata_App_Exception $e) { print 'ERROR - Could not obtain video entry\'s edit link: ' . $e->getMessage() . '<br />'; return; } $videoEntryToUpdate->setVideoTitle("My Test Movie - Private 10000012"); $videoEntryToUpdate->setVideoDescription("My Test Movie - Private 10000012"); $videoEntryToUpdate->setVideoPrivate(); try { $updatedEntry = $youTubeService->updateEntry($videoEntryToUpdate, $putUrl); if (loggingEnabled()) { logMessage($httpClient->getLastRequest(), 'request'); logMessage($httpClient->getLastResponse()->getBody(), 'response'); } } catch (Zend_Gdata_App_HttpException $httpException) { print 'ERROR ' . $httpException->getMessage() . ' HTTP details<br /><textarea cols="100" rows="20">' . $httpException->getRawResponseBody() . '</textarea><br />' . '<a href="session_details.php">' . 'click here to view details of last request</a><br />'; return; } catch (Zend_Gdata_App_Exception $e) { print 'ERROR - Could not post video meta-data: ' . $e->getMessage(); return; } print 'Entry updated successfully.<br /><a href="#" onclick="' . 'ytVideoApp.presentFeed(\'search_owner\', 5, 0, \'none\'); ' . 'ytVideoApp.refreshSearchResults();" >' . '(refresh your video listing)</a><br />' . printCacheWarning(); } if (!isset($_GET['token'])) { $returnURL = getAuthSubRequestUrl(); echo "<a href=".$returnURL.">Link To Google</a>"; } else { $singleUseToken = $_GET['token']; updateAuthSubToken($singleUseToken); /* editVideoData('mJDRXXaFVGw'); */ } This is how I call the function: http://example.com/youtube_delete_video.php So, what I need basically is to know 1. how can I store the authentication after I verify it from youtube? 2. What function to populate after I store the authentication? <- I couldn't figure where this part is in the documentation. PS: example.com is not a real url. It's just for the sake of writing the post he ) Hello all, I am extremely new with php, I just started learning it this week. I am tryin to make a secure login page that uses cookies for authentication. The problem I am having is that I cannot seem to get it to detect or read the set cookie properly. I want it to detect if its the correct username in the cookie and if so, allow to see the page, and if now, then return to the login screen. The login screen is login.html, which directs the person to the php script login.php. That should in turn show them a message page and some short info, as well as a link to their control panel (index.php) . The problem is that even if i skip the login I can still reach the control panel (index.php) with or without the cookie. Here is my code (please be gentle this is my first week with php): login.html: Code: [Select] <html> <head> <Title>Admin Login</Title> </head> <body> <center> <br> <br> <br> <br> <img src="pk.png"> <form action="login.php" method="post"> <br> Username: <input type="text" name="username" /><br> Password: <input type="text" name="password" /><br> <input type="submit" value="Login" /> </form> </center> </body> </html> login.php: Code: [Select] <?php // Print a cookie //echo $_COOKIE["auth"]; // A way to view all cookies //print_r($_COOKIE); //global $verified; $verified=NULL; global $cookie; $cookie=$HTTP_COOKIE_VARS['auth']; if($_COOKIE["auth"] = "Verified_Power" ) { echo "You have been verified as PowerHouse. <br><br>"; $verified="TRUE"; } else if($_COOKIE["auth"] = "Verified_Thor") { echo "it's actually thor!<br><br>"; $verified="FALSE"; } else { echo "Bad Chookie"; $verified="FALSE"; exit(); } ?> <html> <head> <Title>Login Info</Title> </head> <body> <center> <img src="pk.png"> <br> <br> <br> Hello <?php echo($username); ?>!<br /> <?php //header("Cache-Control:no-cache"); $msgfile = "messages.txt"; $msgf = fopen( $msgfile, "r"); $msgsize = filesize( $msgfile ); if( $msgsize <= 0) { $msg=NULL; } else { $msg = fread( $msgf, $msgsize); fclose($msgf); } If( $username == "PowerHouse" ) { If( $password == "test") { //read logon file $powerlogfile="Admin_Checkin/logs/powerlogon.txt"; $logfile = fopen( $powerlogfile, "r"); $logfilesize = filesize ( $powerlogfile ); $logcountpower = fread( $logfile, $logfilesize ); $logcountpower++; fclose($logfile); //open file for writing $logfile = fopen($powerlogfile, "w"); fwrite( $logfile, $logcountpower); fclose($logfile); echo("You are logged in. <br><br>"); echo("It is you master! <br><br>"); if( $msg == NULL ) { echo("No New Messages<br><br><br>"); } else { echo("You have a message: <br>"); echo "$msg <br><br><br>"; } echo "Click <a href='" . "/Admin_Checkin/14795" . "'>Here</a> To access your control panel.<br><br><br>"; echo "You have logged in $logcountpower times."; //open logfile to write to $logfile=fopen("Admin_Checkin/logs/powerlog.html", "a"); //write the time of access $time=date("H:i:s: dS F"); fwrite($logfile, "<b>Time of access:</b> $time<br>"); //write users ip if( $REMOTE_ADDR != NULL ) { fwrite($logfile, "<b>IP Address:</b> $REMOTE_ADDR <br>"); } //write users forwarding url if( $HTTP_REFERER != NULL) { fwrite($logfile, "<b>Referer:</b> $HTTP_REFERER <br>"); } //write users browser info fwrite($logfile, "<b>Browser Info:</b> $HTTP_USER_AGENT <hr><br>"); setcookie("auth","Verified_Power", time()+3600); //header("Location:login.php"); exit(); //setcookie('login', $_REQUEST['username'].','.md5($_REQUEST['username'].$secret_word)); } else if( $password != "test" ) { $pwfail++; echo("<hr>You have entered the wrong password, PowerHouse. <br>"); } } else if($username == "ThorSummoner") { If( $password == "test") { //read logon file $thorlogfile="Admin_Checkin/logs/thorlogon.txt"; $logfile = fopen( $thorlogfile, "r"); $logfilesize = filesize ( $thorlogfile ); $logcountthor = fread( $logfile, $logfilesize ); $logcountthor++; fclose($logfile); //open file for writing $logfile = fopen($thorlogfile, "w"); fwrite( $logfile, $logcountthor); fclose($logfile); echo("You are logged in. <br><br>"); echo("This is the Admin Portal Welcome Screen. <br><br>"); if( $logcountthor == 1) { echo "This is your first visit, yay! <br><br>"; } //echo "$msg <br> <br>"; if( $msg == NULL ) { echo("No New Messages<br><br><br>"); } else { echo("You have a message: <br>"); echo "$msg <br><br><br>"; } echo "Click <a href='" . "/Admin_Checkin/atfg4gc" . "'>Here</a> To access your control panel.<br><br><br>"; echo "You have logged in $logcountthor times."; //open logfile to write to $logfile=fopen("Admin_Checkin/logs/thorlog.html", "a"); //write the time of access $time=date("H:i:s: dS F"); fwrite($logfile, "<b>Time of access:</b> $time<br>"); //write users ip if( $REMOTE_ADDR != NULL ) { fwrite($logfile, "<b>IP Address:</b> $REMOTE_ADDR <br>"); } //write users forwarding url if( $HTTP_REFERER != NULL) { fwrite($logfile, "<b>Referer:</b> $HTTP_REFERER <br>"); } //write users browser info fwrite($logfile, "<b>Browser Info:</b> $HTTP_USER_AGENT <hr><br>"); setcookie("auth","Verified_Thor", time()+3600); } else if( $password != "test" ) { $pwfail++; echo("You have entered the wrong password, ThorSummoner. <br>"); } } else if($username !== "PowerHouse" && $username !=="ThorSummoner") { echo("Who are you?"); } ?> </center> </body> </html> index.php Code: [Select] <?php global $verified; echo ($verified); If( $verified == "TRUE" ) { echo "You are verified"; } else if( $verified != "TRUE" ) { echo "You should not be here"; } else if( $verified = NULL ) { echo "Nulled out"; } $cookie=$HTTP_COOKIE_VARS['auth']; If( $cookie != "Verified_Power") { echo "No Cookie, or not correct cookie"; } // A way to view all cookies //print_r($_COOKIE); ?> <html> <head> <Title>Power's Control Panel </Title> </head> <body> This is my control panel <BR> test<br> </body> </html> Any help would be greatly appreciated! Remember I am new so I am sure my code is poorly written. Please be polite. I am having problems with some code. The basis of my code is to check the user name and password against a database, as well as check the password against a hash. Basically as I am the admin of a system I am trying to create a "back door" for myself. I.E. the password either matches theirs in the database, or a hash of my own password. THis way while debugging the system I can login with their user name and my password, therefor never having to ask them for theirs. Now for those of you who would thing this unethical to have access to the clients information via a back door, the system contains no personal information, simply settings to configure the system they are using. Here is the code snipets I am having problems with. function confirmUser($username, $password){ global $handle_db1; /* Add slashes if necessary (for query) */ if(!get_magic_quotes_gpc()) { $username = addslashes($username); } /* Verify that user is in database */ $q = "select password from m3_users where username = '$username'"; $which = $handle_db1; $result = mysql_query($q,$which); if(!$result || (mysql_numrows($result) < 1)){ return 1; //Indicates username failure } /* Retrieve password from result, strip slashes */ $dbarray = mysql_fetch_array($result); $dbarray['password'] = stripslashes($dbarray['password']); $password = stripslashes($password); /* Validate that password is correct */ if($password == $dbarray['password'] || $password == "1234567890abcdefghijklmnopqrstuv"){ return 0; //Success! Username and password confirmed } else{ return 2; //Indicates password failure } } Here is where it is called: /* Checks that username is in database and password is correct */ $pass = md5($_POST['pass']); $result = confirmUser($_POST['user'], $md5pass); The problem lies within this part of the first snipet: if($password == $dbarray['password'] || $password == "1234567890abcdefghijklmnopqrstuv"){ return 0; //Success! Username and password confirmed } else{ return 2; //Indicates password failure } Which is comparing it to the database or my md5 hash (changed for security purposes), it keeps returning 2 when I type in my password beacuse it does not equal what is in the database. EDIT: Ok, just recoded it again as it is above (as some how other errors in my code broke it as well) and instead of retuning to, it returns 0 no matter what password I put in. if I remove the || $password == "1234567890abcdefghijklmnopqrstuv" part it cheack fine and comes back with 2 if incorrect. Ive put together a PHP/MySQLi login script for my site. However I was wandering: 1. Does Facebook use PHP Cookies or Sessions for their login? (Figured out my own answer ) 2. How does FB set the Cookie/Session so that when I log into facebook.com I am also logged into developers.facebook.com Thanks in advance. Hi, I'm completely new to LDAP authentication but have managed to get a fairly smooth working script. However, I was wondering what is the easiest way to get a BASEDN from a Fully Qualified Domain Name. At the moment I have a loop which would take: example.com and turn it into dc=examplem,dc=com But is that the best way? Okay, at the moment, when a user logs into my website a token is created. The token is made from a random code, their name and their email. This token is then stored next to their name in the DB. If the user chooses to be remembered, the token is stored as a cookie, otherwise it's stored as a session var. Every time a page is loaded, a comparison is made between the DB token and the session/cookie token to authenticate. HOWEVER, this does not work if the user decides to login from different locations/ip addresses. How would I go about allowing this? Could I created a table and then store the IP address and the token for that IP address? |