|
PHP - Simple Password With Cookie?
Hey, I just have a couple of admin pages that I wish to protect with a password. I was wondering if anyone had a simple script where you just enter a password on the first page and if the cookie is not set the other pages just redirect you back to enter the password?
I used to have one but I lost it and can't seem to just find a simple one? Thanks Similar TutorialsHi all, i have written a fairly simple profile page that users can see once they have logged in and i have a password change feature. the user is asked to enter there current password and then enter there desired new password, then confirm there new password to make sure they match. However the users current password isn't checked as im not sure how to code it. Heres my code so far: <?PHP session_start(); //Database Information $dbhost = "localhost"; $dbname = "test"; $dbuser = "test"; $dbpass = "test"; //Connect to database $conn = mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error()); mysql_select_db($dbname, $conn) or die(mysql_error()); //Clean data $_POST = array_map('strip_tags', $_POST); $_POST = array_map('mysql_real_escape_string', $_POST); $currentpassword = $_POST['currentpassword']; $newpassword = $_POST['newpassword']; $cnewpassword = $_POST['cnewpassword']; if($newpassword == $cnewpassword) { $query = "UPDATE `users` SET `password` = '".$newpassword."' WHERE `username` = '".$_SESSION['username']."' LIMIT 1"; $run = mysql_query($query); if($run) { echo "Congratulations You have successfully changed your password"; include 'success.php'; exit(); } else { include 'password.php'; exit; } } else { echo "The new password and confirm new password fields must be the same"; include 'password.php'; exit(); } ?> I'm guessing i need a && within the if statement to check the currentpassword with what is supplied within my database, but im not sure how to code this. Lee I'm trying to let the users change their password, but everytime I try.. it just changes the password to what they type in whether or not the password they currently have is right or not.. x_x I have the password set as an MD5 so I'm guessing I have to select the password from the database as an MD5, but I don't know how to do that.. <?php include("logincheck.php"); $newpass = $_POST['newpass']; $username = $_SESSION['username']; $password = $_POST['password']; ?> <?php include_once("header.php"); ?> Welcome to your settings. This is where you can manage everything on your account! <br><br>----------<b>Change Password</b>---------- <form action="<?php echo $_SERVER['SCRIPT_NAME']?>" method="post"> <?php $type = "text"; echo " <p>Type your current password:<br> <input size='25' name='password' type='$type'></input></p> <p>Type your new password:<br> <input size='25' name='newpass' type='$type'></input></p> <p>Verification:<br> <img src='randomimage.php'><br> <input name='txtNumber' type='text' id='txtNumber' value=''> <br>"; ?> <input type="submit" name="changepass" value="submit" /> </form> <?php if (@$_POST['changepass']) { include("haha.php"); $cxn = mysqli_connect($dbhost,$dbuser,$dbpassword,$dbdatabase); $sql = "SELECT `password` FROM `Member` WHERE `username`='$username'"; $result = mysqli_query($cxn,$sql) or die("Query died: password"); if($result = $password) //password matches { $number = $_POST['txtNumber']; if (md5($number) == $_SESSION['image_random_value']) { $sql = "UPDATE Member SET password = md5('$newpass') WHERE username = '$username'"; mysqli_query($cxn,$sql) or die("Query died: update"); }}} ?> <?php include_once("footer.php"); ?> Hello everyone: I wanted to see how I can make a simple login page (user name and password) that redirects to a page(s) if the login is correct. Also, I wanted to put protection on the page(s) that will send the user back to the login page if the credentials are nor correct. I would imagine the username/password would be stored in a database table (Admins), and the correct login info would be stored in a session ..? I am use to doing this with ASP, but never PHP. I want to make sure I understand how to do this properly and securely so I can use this as a model for other systems. In ASP I would do a protected page like this: a_login_check.asp Code: [Select] <% if session("admin_user_name") = "" then session.abandon response.redirect "login.asp" end if %> Protected-Page.asp Code: [Select] <!-- #include file="include/a_check_login.asp" --> <html> ... CONTENT ... </html> And of course there is the login page itself ... (I thought it would be nice to add a "Forgot Password" link on the login page, but if that is too complicated I can do that later .. or is it easy ??) Anyway, can someone point-out to me how to do this. I would appreciate it! Hello PhP Freaks forum In the past weeks ive been trying to make a website, where you can register. Everything seems to work except my cherished Change password feature. Everytime you try to change the password, it just resets it to nothing. Here is the code below. <?php if(isset($_SESSION['username'])) { $username = $_SESSION['username']; $lastname = $_SESSION['lastname']; $firstname = $_SESSION['firstname']; $email = $_SESSION['email']; echo " <h4>Options for:</h4> $username <br /> <br /> First name: $firstname <br />Last name: $lastname <br /><br /><h3>Want to change your password:</h3><br /> <form action='?do=option' method='post'> Old password <input type='password' placeholder='Has to be between 5-15 digits' name='password' size='30' value='' /><br /> <br /> New Password<input type='password' placeholder='Has to be between 5-15 digits' name='newpass' size='30' value='' /><br /> <br /> Confirm new password <input type='password' placeholder='Has to be between 5-15 digits' name='passconf' size='30' value='' /><br /> <center></div><input type='submit' value='Submit'/></center></form>"; }else{ echo 'Please login to view your options!'; } $password = $_REQUEST['password']; $pass_conf = $_REQUEST['newpass']; $email = $_REQUEST['passconf']; $connect = mysql_connect("Host", "User", "Password"); if(!$connect){ die(mysql_error()); } //Selecting database $select_db = mysql_select_db("My Database", $connect); if(!$select_db){ die(mysql_error()); } //Find if entered data is correct $result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'"); $row = mysql_fetch_array($result); $id = $row['id']; mysql_query("UPDATE users SET password='$newpass' WHERE username='$user'") ?> And i do know that i dont have a if(Empty($newpass)){ Die(Please fill out the new password) } Or any security on the others, but the problem just seems that it resets the password into nothing Hope i can get this fixed Best Regards William Pfaffe <?php
require_once('upper.php'); require_once('database.php'); echo $error_msg=''; if(isset($_POST['submit'])) { $LoginId=mysqli_real_escape_string($dbc,trim($_POST['LoginId'])); $Password1=mysqli_real_escape_string($dbc,trim($_POST['Password1'])); $Password2=mysqli_real_escape_string($dbc,trim($_POST['Password2'])); $Name=mysqli_real_escape_string($dbc,trim($_POST['Name'])); $Age=mysqli_real_escape_string($dbc,trim($_POST['Age'])); $BloodGroup=mysqli_real_escape_string($dbc,trim($_POST['BloodGroup'])); if(!isset($_POST['Sex'])) { echo 'Please enter Sex<br>'; } else{ $Sex= mysqli_real_escape_string($dbc,trim($_POST['Sex'])); } $Qualification=mysqli_real_escape_string($dbc,trim($_POST['Qualification'])); $ContactNumber=mysqli_real_escape_string($dbc,trim($_POST['ContactNumber'])); $Email=mysqli_real_escape_string($dbc,trim($_POST['Email'])); $Address=mysqli_real_escape_string($dbc,trim($_POST['Address'])); $AboutYourself=mysqli_real_escape_string($dbc,trim($_POST['AboutYourself'])); //$countCheck=count($_POST['checkbox']); //echo $countCheck; //$checkbox=$_POST['checkbox']; //$countCheck=count($checkbox); if(empty($LoginId)){echo 'Please enter Login Id';} elseif(empty($Password1)){echo 'Please enter Password';} elseif(empty($Password2)){echo 'Please confirm Password';} elseif($Password1!==$Password2){echo 'Password didn\'t match';} elseif(empty($Name)){echo 'Please enter Name';} elseif(empty($Age)){echo 'Please enter Age';} elseif(!isset($_POST['Sex'])){} elseif(empty($Qualification)){echo 'Please enter Qualification';} elseif(empty($ContactNumber)){echo 'Please enter Contact Number';} elseif(empty($Email)){echo 'Please enter Email';} elseif(empty($Address)){echo 'Please enter Address';} elseif(empty($AboutYourself)){echo 'Please enter About Yourself';} elseif(!isset($_POST['checkbox'])){ echo 'You have to register at least one activity.';} elseif(!isset($_POST['TermsAndConditions'])){ echo 'You have to agree all Terms and Conditions of Elite Brigade.';} else { require_once('database.php'); $query="select * from registration where LoginId='$LoginId'"; $result=mysqli_query($dbc,$query); if(mysqli_num_rows($result)==0) { $checkbox=$_POST['checkbox']; $countCheck=count($_POST['checkbox']); $reg_id=' '; for($i=0;$i<$countCheck;$i++) { $reg_id=$reg_id.$checkbox[$i].','; $query="insert into activity_participation (LoginId,Title,Date) values ('$LoginId','$checkbox[$i]',CURDATE())"; $result=mysqli_query($dbc,$query) or die("Not Connected"); } $query="insert into registration (LoginId,Password,Name,Age,BloodGroup,Sex,Qualification,ContactNumber,Email,Address,AboutYourself,Activity)values ('$LoginId'[B],SHA('$Password1'),[/B]'$Name','$Age','$BloodGroup','$Sex','$Qualification','$ContactNumber','$Email','$Address','$AboutYourself',',$reg_id')"; $result=mysqli_query($dbc,$query) or die("Not Connect"); echo ' Dear '.$Name.'.<br>Your request has been mailed to admin.<br>Your account is waiting for approval<br>'; $from= 'Elite Brigade'; $to='ankitp@rsquareonline.com'; $subject='New User Registration'; $message="Dear admin,\n\nA new user request for registration. Please check it out.\n\nRegards\nMicro"; mail($to,$subject,$message,'From:'.$from); //header('Location: index.php'); // header('Location: Registration.php'); } else { echo 'Dear '.$Name. ', <br> An account already exist with login-id<b> '.$LoginId.'</b> <br>Please try another login-id'; }} } ?> <html> <head> <script src="jquery-latest.js"></script> <script type="text/javascript" src="jquery-validate.js"></script> <style type="text/css"> * { font-family: Verdana; } label.error { color: white; padding-left: .5em; } p { clear: both; } .submit { margin-left: 12em; } em { font-weight: bold; padding-right: 1em; vertical-align: top; } </style> <script> $(document).ready(function(){ $("#commentForm").validate(); }); </script> </head> <body> <?php echo $error_msg; ?> <form action='<?php echo $_SERVER['PHP_SELF'];?>' id="commentForm" method='post'> <div class="registration_and_activity"> <table border="0" width="380"> <tr><td colspan="2"> <h3>New User?</h3></td></tr> <tr><td width="120"> <em>*</em>Enter Login id</td><td width="150"><input type='text' name='LoginId' minlength="4" value='<?php if(!empty($LoginId))echo $LoginId;?>' /></td></tr> <tr><td> <em>*</em>Enter Password</td> <td><head> <div id="divMayus" style="visibility:hidden">Caps Lock is on.</div> <SCRIPT language=Javascript> function capLock(e){ kc = e.keyCode?e.keyCode:e.which; sk = e.shiftKey?e.shiftKey:((kc == 16)?true:false); if(((kc >= 65 && kc <= 90) && !sk)||((kc >= 97 && kc <= 122) && sk)) document.getElementById('divMayus').style.visibility = 'visible'; else document.getElementById('divMayus').style.visibility = 'hidden'; } </SCRIPT> </HEAD> <input onkeypress='return capLock(event)' type='password' name='Password1' value='<?php if(!empty($Password1))echo $Password1;?>' /></td></tr> <tr><td> <em>*</em>Confirm Password</td><td><input type='password' name='Password2' value='<?php if(!empty($Password2))echo $Password2;?>' /></td></tr> <tr><td width="120"> <em>*</em>Enter Name</td> <td><input type='text' name='Name' value='<?php if(!empty($Name))echo $Name;?>' /></td></tr> <tr><td> <em>*</em>Enter Age</td><HEAD> <SCRIPT language=Javascript> function isNumberKey(evt) { var charCode = (evt.which) ? evt.which : event.keyCode if (charCode > 31 && (charCode < 48 || charCode > 57)) return false; return true; } </SCRIPT> </HEAD> <td><INPUT onkeypress='return isNumberKey(event)' type='text' name='Age' value='<?php if(!empty($Age))echo $Age;?>'/></td></tr> <tr><td> <em>*</em>Enter Blood</td><td><input type='text' name='BloodGroup' value='<?php if(!empty($BloodGroup))echo $BloodGroup;?>' /></td></tr> <tr><td> <em>*</em>Enter Sex</td><td><input type='radio' name='Sex' style='width:16px; border:0;' 'value='Male' />Male <input type='radio' name='Sex' style='width:16px; border:0;' 'value='Female' />Female</td></tr> <tr><td> <em>*</em>Enter Qualification</td><td><input type='text' name='Qualification' value='<?php if(!empty($Qualification))echo $Qualification;?>' /></td></tr> <tr><td> <em>*</em>Contact Number </td><td><input onkeypress='return isNumberKey(event)'type='text' name='ContactNumber' value='<?php if(!empty($ContactNumber))echo $ContactNumber;?>' /></td></tr> <tr><td> <em>*</em>Enter Email</td><td><input type='text' name='Email'class="email" value='<?php if(!empty($Email))echo $Email;?>' /></td></tr> <tr><td> <em>*</em>Enter Address</td><td><input type='text' name='Address' value='<?php if(!empty($Address))echo $Address;?>' /></td></tr> <tr ><td > <em>*</em>About Yourself </td></tr> <tr><td colspan="2"><textarea rows='10' cols='40' name='AboutYourself' /><?php if(!empty($Address))echo $Address;?></textarea></td></tr> <tr><td> <?php echo" <tr><td colspan='2'><em>*</em><b>Select fields for which you want to register</b></td></tr>"; require_once('database.php'); $query="select * from activity"; $result=mysqli_query($dbc,$query); while($row=mysqli_fetch_array($result)){ $Title=$row['Title']; $ActivityId=$row['ActivityId']; echo "<tr><td>$Title</td>"; echo "<td><input type='checkbox' name='checkbox[]' value='$Title' style='width:14px; text-align:right;'/></td></tr>";//value=$ActivityId tells ActivityId variable extracts with name="checkbox" echo "<br/>"; } echo "<td><em>*</em><input type='checkbox' name='TermsAndConditions' style='width:14px; text-align:right;'/></td><td> I agree all <a href='TermsAndConditions.php'>Terms and conditions </a>of Elite Brigade</td></tr>"; echo "<tr><td colspan='2' align='center'><input type='submit' value='Register' name='submit' style='background:url(./images/button_img2.png) no-repeat 10px 0px; width:100px; padding:3px 0 10px 0; color:#FEFBC4; border:0;'/></td></tr><br>"; echo " </td></tr></table> </div> </form> </body> </html>"; require_once('lower.php'); ?> Hi Friends .... I encrypt user password by SHA('$Password') method but now i want to add "Forget Password Module" for which I need to decrypt it first before tell my user but I don't Know how to decrypt it. Please help me........ This topic has been moved to Application Design. http://www.phpfreaks.com/forums/index.php?topic=353345.0 Hi everyone, I'm trying to select either a class or an id using PHP Simple HTML DOM Parser with absolutely no luck. My example is very simple and seems to comply to the examples given in the manual(http://simplehtmldom.sourceforge.net/manual.htm) but it just wont work, it's driving me up the wall. Here is my example: http://schulnetz.nibis.de/db/schulen/schule.php?schulnr=94468&lschb= I think the HTML is invalid: i cannot parse it. Well i need more examples - probly i have overseen something! If anybody has a working example of Simple-html-dom-parser...i would be happy. The examples on the developersite are not very helpful. your dilbertone i want to store the nickname of the user as a cookie.. somthing like set cookie name=nickname,value=smarty,expires after 1 week i know cookies are stored against domain names. what happens when another person logs in the same computer, with different login, and his nickname is diff how does the cookie get handled, and how does the right nickname flash against the right persons login id... Hi, I was trying to use setcookie on my website but when I try to use, it wasn't setting anything and then I tried to make sure if it's setting something, I added Code: [Select] echo $_COOKIE;But it shows Array (just the word) instead of tblogvalue. This is the code I'm using; Code: [Select] $Month = 2592000 + time(); setcookie(tblog, tblogvalue, $Month); echo $_COOKIE; how can i set cookie like a*dm*n@**t*r*c**.*c** ?? Code: [Select] $cookkiee = $islem_1['mail'] ; $sayisi = strlen($cookkiee)-1 ; $cok = $islem_1['mail'] ; for($i=0;$i<=$sayisi;$i++) { $sifr = rand(0,2); if($sifr ==0) { $cok[$i]= '*'; } $dizik = $cok[$i]; setrawcookie("kayip",$dizik,time()+(60*30),"/"); $_COOKIE['kayip'] = $dizik; echo $dizi // etc . a*dm*n@**t*r*c**.*c** } echo $_COOKIE['kayip']; // etc. just one char being like random a Hi all, I'm struggling with a program I'm trying to write with cookies, so any help would be very much appreciated!! What I'm wanting to do is when someone visits my site, I want to display content until the end of the day, and once the days up it disappears forever/until the cookies are deleted. Could someone help me with this? Thanks lots in advance, Jake if a user clicks ?hide=1 or ?hide=2 it does Code: [Select] if (isset($_GET['hide'])){ $id = intval($_GET['hide']); setcookie('hide', ''.$id.'',time()+32000000); header('Location: index.php'); exit; } How do I make it so if they click ?hide=1 it ad's 1, but what if they do ?hide=2 also? it would need to be 1,2 not just 2. Hey PHPFreaks! I have a problem with my login script, because when i login it sets a cookie and it all works. But when i got redirected and refresh the page, my script turns an error which says i'm not logged in? how come? This is what finds the cookie and redirects me Code: [Select] if(!isset($_SESSION['auth']) && !isset($_COOKIE['authcookie'])) { $_SESSION['ERROR'] = 7; header('location: index.php?login'); } I have part of my script that I have used many times in many diffrent applications that works just fine. But in this use it refuses to set the cookie or do anything besides the redirect for that matter. // if login is ok then we add a cookie $ip = $_SERVER['REMOTE_ADDR']; $datem = date("j F Y, g:i a"); mysql_query("UPDATE YBK_Login SET date = '$datem' AND ip = '$ip' WHERE ID = '{{$info['ID']}'")or die(mysql_error()); $_POST['username'] = stripslashes($_POST['username']); $hour = time() + 3600; setcookie('ID_WatsonN', $_POST['username'], 0); setcookie('Key_WatsonN', $_POST['pass'], 0); setcookie('UID_WatsonN', $info['ID'], 0); setcookie('LOGIN', $info['ID'], time()+3); //then redirect them to the members area Header("Location: dashboard.php"); I have a question about cookies I want the cookie to work on all the paths / folders / directorys located in a root path. So say like.. http://www.site.com/members/login.php is the folder which sets the cookie, then this cookie will also work on like.. http://www.site.com/bla/boo/works.php I'm trying to do: setcookie(Data1, 'valueofthecookie', '/', '.site.com', 1); But its not working... Ok I have my login form and previously I was using $_SESSION untill I learned this removes data when browser is closed. Someone said to me to use cookies but I have no clue where to begin on setting a cookie or reading information from it. Can anyone point me to a tutorial on cookies? My code here Code: [Select] setcookie('hide_div', $_COOKIE['hide_div'].','.$_GET['hide'],time()+32000000); When I set it, it works wonderful, but then when I see view it in my cookie it shows this code between my $_GET['hide'] values Code: [Select] %2C how do I clean it up and just make it show my " , "? Thank you This topic has been moved to Miscellaneous. http://www.phpfreaks.com/forums/index.php?topic=346675.0 hello, I am trying to setup a simple password protected site with a cookie so that users that have entered the password wont have to enter it again for 1 month. so I have a simple index.php page with the passowrd field on it in the root directory. then my site is in a sub directory /cms/ and the index.php page there checks for the $_POST value to set the cookie and let the user continue on. Like this: <?php //check if user has entered password and needs cookie set if(isset($_POST['fpass']) && !isset($_COOKIE['fpass'])) setcookielive('fpass', $_POST['fpass'], strtotime( '+1 Month' )); function setcookielive($name, $value='', $expire=0, $path='', $domain='', $secure=false, $httponly=false) { //set a cookie as usual, but ALSO add it to $_COOKIE so the current page load has access $_COOKIE[$name] = $value; return setcookie($name,$value,$expire,$path,$domain,$secure,$httponly); } defined( '_VALID_MOS' ) or die( 'Restricted access' ); //check if user has not entered password if (!isset($_COOKIE['fpass']) || $_COOKIE['fpass'] == "") header('location: http://www.example.com'); //check if the user has a cookie set but is on a new session if (isset($_COOKIE['fpass']) && !isset($_POST['fpass'])) header('location: http://www.example.com/disclaimer.php'); ... The disclaimer.php page is actually the default landing page that users need to start on (after entering a password that is). Couple of problems: This just loops back to the disclaimer page how do I send the user to the disclaimer page at the beginning of each session even if the Cookie is set thanks for any help test.php Code: [Select] <?php setcookie("test", 'tester', time()+3600*24*30 , "/", ".mystagingsite1.com"); header('Location: test2.php'); ?> test2.php Code: [Select] <?php echo '<pre>'; print_r($_COOKIE); echo '</pre>'; ?> This does not work. It's not setting the cookie at all. Is there something I am doing wrong here? |
|||||||