PHP - Include For Protected Directroy

Hi,

I have built a registration and login system for a website, part of which I wish to protect certain pages.

The registration systems works well, as does the login BUT I am having difficulty with the next stage.

How do I then 'capture' the username and password that were entered by the user and get the PHP page I want to protect to check that these are valid? I guess it is a piece of code I need to put in the top of the protected page?

Here is the final piece of code (which then includes a link to the page I want to protect) from the login page which includes session_register, but then how can I use this information in the page I wish to protect?

//Now if everything is correct let's finish his/her/its login
session_register("username", $username);
session_register("password", $password);

echo "Welcome, ".$username." please continue onto our ".$sub." membership area...<a href=".$index.">click here</a>";
}


Thanks,
Simon

Hello all, i am go9090go.
Today i made a domains for a jar file people can upload from my website.
I made this to make the jar file close source and its easy to update.
Now i made a java classloader and everything i made works.
The classloader call a php document with the password and username.
The pass and name will be checked inside a databse and if its inside i use
header() to load the jar file.

But when i just go to my main domain i get the index of the site and people can easly download the jar file without have to walk thru the php pass checker.
So i want to place the jar file inside a protected folder,and i want that only way you get acces to this jar is by the php file. How can i get a file from a protected folder?

here is the php used when the jar file is not inside a protected folder:

<?php

$DBName = "name";//name database        
$DBUser = "name";//user        
$DBPassword = "pass"; //passs
$DBHost = "host"; //might be different
         
mysql_connect($DBHost, $DBUser, $DBPassword);
        mysql_select_db($DBName);

        $username = $_GET['username'];
        $password = $_GET['password'];

$IP = $_SERVER['REMOTE_ADDR'];
    
$string = "Java";
$pos = strpos($agent, $string);    
if (!strpos($_SERVER['HTTP_USER_AGENT'], "Java")) 
{        
echo("Your Auth has been banned for trying to breach security.");        
//mysql_query("delete from users where username='$username'");
exit();    
}

$query = "select * from users where name='$username' and pass='$password'";
        mysql_query($query);
        $num = mysql_affected_rows();
if ($num > 0) 
{
header('Location:script/Script.jar');
}

?>


now i want to use the header to a file inside a folder that is protected :



so how can i make the header() methode to open script.jar inside a protected folder.
The folder haves name and pass: blabla,balbla for exempel

thanks for help

I'm writing a script that opens a webpage and pulls out the pictures for editing.

The problem I'm having is the pictures are protected from hotlinking with htaccess. The script is on a different domain.

I know it's possible to do this but after much searching and experimentation I can't work it out.

Any ideas?

Hello:

I wanted to see if I can make my password protected pages in my admin area, and the login form "more secure."
I was told I should use MD5 / SALTING / HASHING to do this.

I have tried some online tutorials, but am not understanding it, so I wanted to start from what I have and build upon it>

This is my database table storing the myAdmins data (when I initially insert it into the database):
Code: [Select]
CREATE TABLE `myAdmins` (
  `id` int(4) NOT NULL auto_increment,
  `myUserName` varchar(65) NOT NULL default '',
  `myPassword` varchar(65) NOT NULL default '',
  PRIMARY KEY  (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=2 DEFAULT CHARSET=utf8;

INSERT INTO myAdmins VALUES("1","abc","123");

This is the login form I use:
Code: [Select]
<?php

include('../include/myConn.php');
include('include/myAdminNav.php');

session_start();
session_destroy();

$message="";

$Login=$_POST['Login'];
if($Login){
$myUserName=$_POST['myUserName'];
$myPassword=$_POST['myPassword'];

$result=mysql_query("select * from myAdmins where myUserName='$myUserName' and myPassword='$myPassword'");
if(mysql_num_rows($result)!='0'){
session_register("myUserName");
header("location:a_Home.php");
exit;
}else{
$message="<div class=\"myAdminLoginError\">Incorrect Username or Password</div>";
}

}
?>

<form id="form1" name="form1" method="post" action="<? echo $PHP_SELF; ?>">

<? echo $message; ?>

Username: <input name="myUserName" type="text" id="myUserName" size="40" />
Password: <input name="myPassword" type="password" id="myPassword" size="40" />

<input name="Login" type="submit" id="Login" value="Login" />

</form>



This is the code on top of each page I password protect:
Code: [Select]
<?
session_start();
if(!session_is_registered(myUserName)){
header("location:Login.php");
}
?>

Works well, but can it be "better"??

And, if I am allowing the admin to update his/her username or password, I do it this way:
Code: [Select]
<?php

include('../include/myConn.php');
include('include/myCheckLogin.php');

if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
$myUserName = mysql_real_escape_string($_POST['myUserName']);
$myPassword = mysql_real_escape_string($_POST['myPassword']);

$sql = "

UPDATE myAdmins
   SET
      myUserName = '$myUserName',
      myPassword = '$myPassword'
  ";
mysql_query($sql) && mysql_affected_rows()

?>

<?php
}

$query=mysql_query("SELECT * FROM myAdmins") or die("Could not get data from db: ".mysql_error());

while($result=mysql_fetch_array($query))

{
  $myUserName=$result['myUserName'];
  $myPassword=$result['myPassword'];
}

?>


<form method="post" action="<?php echo $PHP_SELF;?>">
<input type="hidden" name="POSTBACK" value="EDIT">

Username: <input type="text" size="60" maxlength="60" name="myUserName" value="<?php echo $myUserName; ?>">
Password: <input type="password" size="60" maxlength="60" name="myPassword" value="<?php echo $myPassword; ?>">

<input type="submit" value="Submit" />
         
</form>


Should it be "better" .. ??

I don't seem to understand how to "encrypt" all of this to make it "stronger" ..

Ideas? Improvements?

Hello everyone:

I wanted to see how I can make a simple login page (user name and password) that redirects to a page(s) if the login is correct. Also, I wanted to put protection on the page(s) that will send the user back to the login page if the credentials are nor correct.

I would imagine the username/password would be stored in a database table (Admins), and the correct login info would be stored in a session ..?

I am use to doing this with ASP, but never PHP. I want to make sure I understand how to do this properly and securely so I can use this as a model for other systems.

In ASP I would do a protected page like this:
a_login_check.asp
Code: [Select]
<%
if session("admin_user_name") = "" then
session.abandon
response.redirect "login.asp"
end if
%>

Protected-Page.asp
Code: [Select]
<!-- #include file="include/a_check_login.asp" -->
<html>
...
CONTENT

...
</html>

And of course there is the login page itself ...
(I thought it would be nice to add a "Forgot Password" link on the login page, but if that is too complicated I can do that later .. or is it easy ??)

Anyway, can someone point-out to me how to do this.

I would appreciate it!

Hi Guys.. Merry Christmas

Im kinda new to this fantastic world of PHP and i have a little problem i hope you can help me with.

Im trying to build a website where I use include() to genereate my content. On my index.php i have a menu which includes
content in a content div from external .php pages, my structure kinda goes like this.. (simplified)

site/
   index.php
   content/
       fronpage.php
       products.php
       contact.php

The HTML looks like this.

<div id="menu">
    <ul>
          <li><a href="index.php?page=frontpage">frontpage</a></li>
          <li><a href="index.php?page=products">frontpage</a></li>
          <li><a href="index.php?page=contact">frontpage</a></li>
    </ul>         
</div               

<div id="main">

<?php
     include('/content/'.$_GET['page'].'.php');
?>

</div>

This all works very fine, but my problem is, can I have a include inside an already included page?
I would like to have a menu on my products.php site, but that page is already included from above,
and i would like the menu on the products.php site to stay as the content from the nested include
changes with input from the /products folder.

my idea was something like this.

site/
   index.php
   content/
      frontpage.php
      products.php
      contact.php
      products/
         product1.php
         product2.php


the HTML on the index.php is the same as above and then i would add the include() on the
products.php page, so its kinda the same thing, but one inside the other.

HTML inside the products.php folder

<div id="sub_menu">
    <ul>
          <li><a href="#">frontpage</a></li>
          <li><a href="#">frontpage</a></li>
          <li><a href="#">frontpage</a></li>
    </ul>         
</div               

<div id="sub_main">

<?php
     include('/content/products'.$_GET['#'].'.php');
?>

</div>

I dont know how to link to the new files so they will be included while the first include still stays on the page.

Any of you know how and if this can be done? Or maybe at better way to do it?

Hope this made sense, my first PHP question

Thanks

CanI put one INCLUDE statement INSIDE of another INCLUDE statement?

Hi

Still a new comer when it comes to PHP.

I have a situation where I want to use an include within an include and I am having trouble with my file paths.

My main header include, includes everything for each page of my site, beyond the opening of the body to incorporate my navigation etc conditionally loading in css, and loading in titles and meta data etc depending on the page in question.

This header needs to reference another include called the-pod.php which is required for every page, the only trouble is I want to use / to reference the root of the server and this is breaking my code. I can't use ../../ etc as its a different path depending on where the master file is located.

So my question is how do I get around this?

Can the root of the server or path to the root be stored in a variable? and if so how would I write this.

Any tips / advice will be greatly appreciated.

When I put this above all else in my document and test it offline, all I see is code in the browser. But when I test it on my web server, I can view the markup and whatnot.

Does anyone know why this is?

I have to store my Authorize.net Payment Gateway values somewhere safe.  (i.e. Outside of the Web Root)

I tried this code but my checkout page that formerly worked with local values in Test Mode is crashing.   

         // Include Authorize.net Values.
         require_once('/var/www/vhosts/MyWebsite.com/private/auth_config.php');

I think the issue is that private maybe can't be read or included by other files?

Would using another Linux directory solve my problem?


Debbie

I have an include file and a php file in different directories and I can't figure out what I'm doing wrong trying to get them to relate to one another.

webhost/website/includes/include.inc

webhost/website/modules/module/page.php

How do I get the page.php to use the include.inc file?

I'd think it would be "../../include.inc", but that isn't working

Hello,
I created a script at my server, but would like to upload files to my other server. The website runs on server 1 and the upload form on server 2. I want to include the file of server 2 at the page at server 1; I've tried:
include("http://ipaddress/upload.php");
Sadly, this doesn't work. I get the error:
Quote

URL file-access is disabled in the server configuration in

Is there another way to do it? Or should I change the php.ini and allow this (why isn't it allowed by default? What are the risks?).

iFrames aren't what I need here.

Thanks,
NLCJ

I am fairly new to PHP. I tried searching for answers on Google and in this forum, but I found no solutions.

Problem
I used PHP include as a way of navigating through my website. I did this so if I changed the design of the website, I don't have to edit each page. The function is similar to iframes.
Yesterday I developed a tip calculator (calculates how much tip you need to give to the waiter or waitress based on your bill). However I've noticed after I press "submit", it sends the visitor to a page that shows only the results. I want to show the results within my website design.

Screen shots:

I input the data. Notice the gray background and the navigation bar.

After I press "Submit Order", it shows the results but the results aren't within my website's design. (Notice the white background).

Question:
How can I incorporate the results from the tip calculator in my design after pressing the "Submit Order" button?

Here is the code on the main page of my website (HTML/CSS with PHP)
P.S For links in the navigation section, I used : ?id=name
Code: [Select]
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>MV Book</title>
<link href="style.css" rel="stylesheet" type="text/css" media="screen" />
</head>

<body>


<div id="wrapper">
<div id="wrapper2">
<div id="header"></div> <!-- End of Header -->

<div id="navi">
<ul>
<li><a href="/">Home</a></li>
<li><a href="?id=tip">Tip calculator</a></li>
<li><a href="?id=orderform">Tip calculator</a></li>

</ul>
</div>
<!-- End of Navi -->
<div id="content">



<?php
$id = $_GET['id'] ;
 switch($id) { default: include('cutenews/show_news.php');
break; case "orderform": include('orderform.html');
break; case "tip": include('tip.php');
} ?>


</div> <!-- End of Content -->
</div> <!-- End of Wrapper 2 -->
</div> <!-- End of Wrapper -->

</body>
</html>

And this is the code that is on the page where I input the code:

Code: [Select]
<form action="processtip.php" method="POST">

<table border="0">
  <tr>
  <td>Bill Amount</td>
  <td align="center"><input type="text" name="billamount" size="10"
     maxlength="10" id="billamount"></td>
     </tr>
     
  <td>Tip Percent (%)</td>
  <td align="center"><input type="text" name="tippercent" size="10"
     maxlength="10" id="tippercent"></td>
</tr>
<tr>
  <td>Number Of People (Split)</td>
  <td align="center"><input type="text" name="people" size="10"
     maxlength="10" id="people" /></td>
</tr>

<tr>
  <td colspan="2" align="center"><input type="submit" value="Submit Order"></td>
</tr>
</table>
</form>


This is the PHP Code that process the input data and displays the results (processtip.php) :

Code: [Select]
<?PHP
  $billamount = $_POST['billamount'];
  $tipnumber = $_POST['tipnumber'];
  $people = $_POST['people'];
?>
<html>
<head>
  <title>Emaj's Tip Calculator</title>
</head>
<body>
<h1>Emaj's Tip Calculator</h1>
<h2>Thanks for using my Online Tip Calculator</h2>

<?php

if ($billamount < 0) {
  echo "<p> You can't have a negative number. Does the restuarant owe you money?";
  exit;


} else {

  if ($billamount == 0) {
echo "What's the point of using a tip calculator if you didn't order anything?<br />";
exit;

  }

  if ($billamount > 0) {
echo "<p> Your bill is $".$billamount;

  }
}


$tippercent = 0;
$tippercent = $tipnumber/100;

$tipamount = 0;
$tipamount = $billamount * $tippercent;
echo "<p> Total tip is $".$tipamount;


$totalamount = 0;
$totalamount = $billamount + $tipamount;
echo "<p>Total bill (Tip included) is $".$totalamount;

echo "<p>You are splitting the Total Bill with ".$people." people.";

$indperson = 0;
$indperson = $totalamount/$people;
echo "<p>Each individual person pays $".$indperson;

?>



If there is a thread that has a similar problem with a solution, can you please post a link to it? Thank you and I apologize in advance if there's a duplicate thread.

-Emaj

Hi,

I'm so new to PHP.

Kindly help me figure out on how to use include function..

situation is..

I am going to include a head.php file

/includes/head.php

this is the path where i want to include head.php

/menu/menulist/list

in "list" folder that is where I want to include head.php
include works on folder "menulist" but not on 3rd folder "list"

any advise on how tot solve this problem of mine?

Thanks

I am creating several files with the same connection information.  I already REQUIRE_ONCE my connection data that has all the 'secret entry data', but am wondering, if this is my current code in the top of the files:


$con = require_once('connection.php');
 if (!$con)
   {
   die('Could not connect!' . mysql_error());
   }
 
mysql_select_db("$database") or die('Choose a database  ' . mysql_error());

And then a $query/$result

Can the lines BEFORE the $query go into an INCLUDE file ALSO if they are going to be constant and repeated, or do they have to be hardcoded into each file individually?