|
PHP - Pages Protected With A String.
Similar TutorialsHi, I have built a registration and login system for a website, part of which I wish to protect certain pages. The registration systems works well, as does the login BUT I am having difficulty with the next stage. How do I then 'capture' the username and password that were entered by the user and get the PHP page I want to protect to check that these are valid? I guess it is a piece of code I need to put in the top of the protected page? Here is the final piece of code (which then includes a link to the page I want to protect) from the login page which includes session_register, but then how can I use this information in the page I wish to protect? //Now if everything is correct let's finish his/her/its login session_register("username", $username); session_register("password", $password); echo "Welcome, ".$username." please continue onto our ".$sub." membership area...<a href=".$index.">click here</a>"; } Thanks, Simon Hello: I wanted to see if I can make my password protected pages in my admin area, and the login form "more secure." I was told I should use MD5 / SALTING / HASHING to do this. I have tried some online tutorials, but am not understanding it, so I wanted to start from what I have and build upon it> This is my database table storing the myAdmins data (when I initially insert it into the database): Code: [Select] CREATE TABLE `myAdmins` ( `id` int(4) NOT NULL auto_increment, `myUserName` varchar(65) NOT NULL default '', `myPassword` varchar(65) NOT NULL default '', PRIMARY KEY (`id`) ) ENGINE=MyISAM AUTO_INCREMENT=2 DEFAULT CHARSET=utf8; INSERT INTO myAdmins VALUES("1","abc","123"); This is the login form I use: Code: [Select] <?php include('../include/myConn.php'); include('include/myAdminNav.php'); session_start(); session_destroy(); $message=""; $Login=$_POST['Login']; if($Login){ $myUserName=$_POST['myUserName']; $myPassword=$_POST['myPassword']; $result=mysql_query("select * from myAdmins where myUserName='$myUserName' and myPassword='$myPassword'"); if(mysql_num_rows($result)!='0'){ session_register("myUserName"); header("location:a_Home.php"); exit; }else{ $message="<div class=\"myAdminLoginError\">Incorrect Username or Password</div>"; } } ?> <form id="form1" name="form1" method="post" action="<? echo $PHP_SELF; ?>"> <? echo $message; ?> Username: <input name="myUserName" type="text" id="myUserName" size="40" /> Password: <input name="myPassword" type="password" id="myPassword" size="40" /> <input name="Login" type="submit" id="Login" value="Login" /> </form> This is the code on top of each page I password protect: Code: [Select] <? session_start(); if(!session_is_registered(myUserName)){ header("location:Login.php"); } ?> Works well, but can it be "better"?? And, if I am allowing the admin to update his/her username or password, I do it this way: Code: [Select] <?php include('../include/myConn.php'); include('include/myCheckLogin.php'); if ($_SERVER['REQUEST_METHOD'] == 'POST') { $myUserName = mysql_real_escape_string($_POST['myUserName']); $myPassword = mysql_real_escape_string($_POST['myPassword']); $sql = " UPDATE myAdmins SET myUserName = '$myUserName', myPassword = '$myPassword' "; mysql_query($sql) && mysql_affected_rows() ?> <?php } $query=mysql_query("SELECT * FROM myAdmins") or die("Could not get data from db: ".mysql_error()); while($result=mysql_fetch_array($query)) { $myUserName=$result['myUserName']; $myPassword=$result['myPassword']; } ?> <form method="post" action="<?php echo $PHP_SELF;?>"> <input type="hidden" name="POSTBACK" value="EDIT"> Username: <input type="text" size="60" maxlength="60" name="myUserName" value="<?php echo $myUserName; ?>"> Password: <input type="password" size="60" maxlength="60" name="myPassword" value="<?php echo $myPassword; ?>"> <input type="submit" value="Submit" /> </form> Should it be "better" .. ?? I don't seem to understand how to "encrypt" all of this to make it "stronger" .. Ideas? Improvements? Hello everyone: I wanted to see how I can make a simple login page (user name and password) that redirects to a page(s) if the login is correct. Also, I wanted to put protection on the page(s) that will send the user back to the login page if the credentials are nor correct. I would imagine the username/password would be stored in a database table (Admins), and the correct login info would be stored in a session ..? I am use to doing this with ASP, but never PHP. I want to make sure I understand how to do this properly and securely so I can use this as a model for other systems. In ASP I would do a protected page like this: a_login_check.asp Code: [Select] <% if session("admin_user_name") = "" then session.abandon response.redirect "login.asp" end if %> Protected-Page.asp Code: [Select] <!-- #include file="include/a_check_login.asp" --> <html> ... CONTENT ... </html> And of course there is the login page itself ... (I thought it would be nice to add a "Forgot Password" link on the login page, but if that is too complicated I can do that later .. or is it easy ??) Anyway, can someone point-out to me how to do this. I would appreciate it! I've recently made a profile system for my site, and I'm not sure if it's injectable. I tried doing Code: [Select] REMOVED/index.php?page=profile&player=select * from members where username = srbuckey5266 Does this mean I'm good? It didn't work. I've been meaning to move on to OOP for a while now that I've grasped the concept of OOP in java quite well and I'm doing good so far in PHP OOP. One question that I have floating around though is: When would protected be of any use? I understand what protected does, it's just I don't see how it could ever stop an error from happening. Is there an example for how it would be able to stop an interference from occurring? If i declare protected variable in a class how can i access those variable in other class inheriting that class? Can anyone post example code? If you use htaccess to restrict a directory can you still use the include function to include a file from that directory? Hello all, i am go9090go. Today i made a domains for a jar file people can upload from my website. I made this to make the jar file close source and its easy to update. Now i made a java classloader and everything i made works. The classloader call a php document with the password and username. The pass and name will be checked inside a databse and if its inside i use header() to load the jar file. But when i just go to my main domain i get the index of the site and people can easly download the jar file without have to walk thru the php pass checker. So i want to place the jar file inside a protected folder,and i want that only way you get acces to this jar is by the php file. How can i get a file from a protected folder? here is the php used when the jar file is not inside a protected folder: <?php $DBName = "name";//name database $DBUser = "name";//user $DBPassword = "pass"; //passs $DBHost = "host"; //might be different mysql_connect($DBHost, $DBUser, $DBPassword); mysql_select_db($DBName); $username = $_GET['username']; $password = $_GET['password']; $IP = $_SERVER['REMOTE_ADDR']; $string = "Java"; $pos = strpos($agent, $string); if (!strpos($_SERVER['HTTP_USER_AGENT'], "Java")) { echo("Your Auth has been banned for trying to breach security."); //mysql_query("delete from users where username='$username'"); exit(); } $query = "select * from users where name='$username' and pass='$password'"; mysql_query($query); $num = mysql_affected_rows(); if ($num > 0) { header('Location:script/Script.jar'); } ?> now i want to use the header to a file inside a folder that is protected : so how can i make the header() methode to open script.jar inside a protected folder. The folder haves name and pass: blabla,balbla for exempel thanks for help I'm writing a script that opens a webpage and pulls out the pictures for editing. The problem I'm having is the pictures are protected from hotlinking with htaccess. The script is on a different domain. I know it's possible to do this but after much searching and experimentation I can't work it out. Any ideas? Hi, I am trying to make some adjustments to uploadify.php which comes with the latest version of uploadify (3.0 beta), so that it works with a session variable that stores the login username and adds it to the path for uploads. Here is uploadify.php as it currently looks: Code: [Select] <?php session_name("MyLogin"); session_start(); $targetFolder = '/songs/' . $_SESSION['name']; // Relative to the root if (!empty($_FILES)) { $tempFile = $_FILES['Filedata']['tmp_name']; $targetPath = $_SERVER['DOCUMENT_ROOT'] . $targetFolder; $targetFile = rtrim($targetPath,'/') .'/'. $_FILES['Filedata']['name']; // Validate the file type $fileTypes = array('m4a','mp3','flac','ogg'); // File extensions $fileParts = pathinfo($_FILES['Filedata']['name']); if (in_array($fileParts['extension'],$fileTypes)) { move_uploaded_file($tempFile,$targetFile); echo '1'; } else { echo 'Invalid file type.'; } } echo $targetFolder; ?> I added Code: [Select] echo $targetFolder; at the bottom so that I could make sure that the string returned was correct, and it is, i.e. '/songs/nick'. For some reason though, uploads are not going to the correct folder, i.e. the username folder, but instead are going to the parent folder 'songs'. The folder for username exists, with correct permissions, and when I manually enter Code: [Select] $targetFolder = '/songs/nick';all works fine. Which strikes me as rather strange. I have limited experience of using php, but wonder how if the correct string is returned by the session variable, the upload works differently than with the manually entered string. Any help would be much appreciated. It's the last issue with a website that was due to go live 2 days ago! Thanks, Nick Hey there, Thanks for taking the time to read my thread. My issue is that I can't think of a way to edit a XML file using PHP's XML functionality and then assign the edited contents to a string instead of saving the file. Because my issue is that I have to edit the XML file based upon a string brought from a remote location then give it back to that remote location using a string again, to be exact I am doing it via Linux command line utilizing SSH2. This is what I managed to complete on my own. function CheckIVMPConfig($ServerID) { global $Panel; if(is_numeric($ServerID) && $this->IsValidServer($ServerID)) { // We select the game server that the FTP account was created for. $Servers = mysql_query("SELECT * FROM control_servers WHERE server_id = '".mysql_real_escape_string($FTPAccount['ftp_server'])."'"); $Server = mysql_fetch_array($Servers); // Here we select the Box ID that the game server is on. $Boxs = mysql_query("SELECT * FROM control_machines WHERE machine_id = '".$Server['server_machine']."'"); $Box = mysql_fetch_array($Boxs); // Now we select the required package for the box. $Packages = mysql_query("SELECT * FROM control_packages WHERE package_id = '".$Server['server_package']."'"); $Package = mysql_fetch_array($Packages); // Retrive the file. $Config = $CProtocol->exec("cat /home/{$Server['server_id']}/{$Package['package_config']}"); $Parse = SimpleXMLElement($Config); foreach($Parse as $Entry) // loop through our books { if($Entry->port != $Server['server_port']) { // edit the value } else if($Entry->maxplayers > $Server['server_slots']) { // edit the value } } } } This topic has been moved to PHP Regex. http://www.phpfreaks.com/forums/index.php?topic=326004.0 Hello all, I'm trying to change the end of a javascript call based on the end of the url string. The common part of all the url strings is sobi2Id=, I'm trying to do this with strstr but am having no luck. I'm new to php so my syntax knowledge is terrible! at the moment i've got Code: [Select] <?php $url = $_SERVER['REQUEST_URI']; $tag = strstr ($url, 'sobi2Id='); echo $tag; ?> but this returns an unexpected T_STRING, expecting ',' or ';' Can anyone debug this? I may well be being really silly! hey guys im trying to find a string inside a string which could be made up of different things eg... {$test}, {$test1}, {$test2} etc (but the varable inside could be called anything hence maybe using regex im not sure?) is this possible?...i hope you guys understand....thanks I have the following function, which takes a string with commas in it and attempts remove those commas. The way I have it here is that I use explode to take out the commas, which makes an array, and then iterate through that array to put a string back together without the commas. function tags_to_sort_by( $sortMeta ) { $sortByArray = explode(",", $sortMeta); $sortByCount = count($sortByArray); for ($i = 0; $i < $sortByCount; $i++) { $sortByString += $sortByArray[$i]; } return $sortByString; } What does not work is the following line: $sortByString += $sortByArray[$i]; Somehow that outputs a 0, which I don't understand. It should output something like: arrayItem1 arrayItem2 array3 etc. My question is if there either is an easier way to remove the commas from the original string or what I am doing wrong in this line: $sortByString += $sortByArray[$i]; // I am trying to concatenate each part of the array back into the string. Thanks a lot for help with this!
In PHP Version 8.0 shows error as : In previous versions of PHP it does not show any error. Please resolve the issue. Ok... I had typed this post out ONCE already and when I clicked REFRESH IMAGE to get a diff captcha it ERASED MY POST LMAO this is not my night.... What I need help with is probably more simple then I can even think right now - ive been digging at this for 3 hrs now and im out of time for the night I have a DB Record storing ID's between PIPES | when the initial entry is made in DB it stores it like so |47| NOTE: the number could be different these are ID's number doesnt matter its just between Pipes When the second entry is added its added like so |47||67| say we have a total of 5 Entries |47||67||82||55||69| I need to find ID 82 in that string and it has to be between Pipes Find 82 in data between | and return that ID 82 I am putting between pipes because the ID's can be duplicate digits in different lengths so say I have 8 as my ID and down the string i have another id as 88 -- I cant possibly find the correct ID without some sort of seperation character so i used Pipes soo my end goal is the ability to search and if true or false do action if ($result == $find_id){ echo "ID is there"; }else{ echo "NOT THERE -- Adding it"; } Any help is appreciated guys Thanks SangrelX Hello guys i am trying to figure out how to fwrite a string for example "Recommended Settings for Service Pack" under "Current Settings for Service Pack: 5.1.2600ServicePack3Build2600". I figure i cant use line number as an argument because the file report may be dynamic so i will need to use Current Settings as an argument. Please guide me if you have any ideas..thanks:) ! auditreport table ServicePackSetting Service Pack Requirement: Fail Current Settings for Service Pack: 5.1.2600ServicePack3Build2600 MajorAuditandAccountPolicies Maximum Password Age Requirement: Fail Current Settings for Maximum Password Age Requirement: 42 Minimum Password Length: Fail Current Settings for Minimum Password Length Requirement: 0 I need to know if a string exists within a string. I've tried using STRIPOS() but it returns zero or false if what I'm looking for is the first part of the string. I don't care what function I use, but I need to get a "true" when the needle string is present anywhere in the haystack string, even at location zero. Is there some way to set up the STRIPOS() statement? I've tried: if ((stripos($title, 'needle') > 0 ) if ((stripos($title, 'needle') = true ) and even if ((stripos($title, 'needle') >= 0 ) which returns true for everything, even when the needle string is NOT present. Any help appreciated. thanks, Tom |
|||||||