|
PHP - Password Protect Switch Case Pages
Hi, I have the following code:
Code: [Select] <?php $cmd = $_GET['cmd']; if($cmd=="") { $cmd = "adminlogin";} // This creates the header for each of the installation pages switch($cmd) { // This is the installation agreement page case "adminlogin": print <<<LOGIN <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Member Site Maker 1.0</title> <link rel="stylesheet" href="style.css" type="text/css" /> </head> <body> <div id="head" align="center"> <h1 id="siteName">Member Site Maker </h1> <br /> <table align="center" border="0" bgcolor="#CCCCCC"> <tr> <td align="center"><span class=style1><b>ADMIN LOGIN</b></span></td> </tr> <tr> <td> <form action=admin.php?cmd=manage method=POST> Password: <input type=text name=password1> </td> </tr> <tr> <td> <input type=submit name=submit value=Submit> </td> </tr> </table> </form> LOGIN; break; // Managing Users case "manage": include_once("header.html"); include_once("data/password.php"); $password1 = $_POST['password1']; $password2 = base64_decode($password); if ($password1 != $password2) { print <<<BADLOGIN <table width=953 border=1 align=center bgcolor=#00CCFF> <tr> <td><span class=style1><b><center>Failed Login</center></b></span></td> </tr> <tr> <td><span class=style2>Your passwords do not match. Please go back and correct this error</td> </tr> </table> BADLOGIN; } else { echo <<<MANAGE <!--end navBar2 div --> <div id="navBar2"> <div id="sectionLinks"> <ul> <li><a href="admin.php?cmd=manage&password1=$password1">Manage</a></li> <li><a href="admin.php?cmd=dashboard&password1=$password1">Dashboard</a></li> <li><a href="admin.php?cmd=approval&password1=$password1">Approval</a></li> <li><a href="admin.php?cmd=msgcentre&password1=$password1">Message Center</a></li> <li><a href="admin.php?cmd=logins&password1=$password1">Logins</a></li> </ul> </div> </div> <!--end navBar2 div --> <div id="content"> <div class="story"> <table width="100%" border="0"> <tr> <td bgcolor="#99FF66"><div align="center"><span class="style3">Login</span></div></td> <td bgcolor="#99FF66"><div align="center"><span class="style3">Name</span></div></td> <td bgcolor="#99FF66"><div align="center"><span class="style3">Last Visited </span></div></td> <td bgcolor="#99FF66"><div align="center"><span class="style3">Registration Date </span></div></td> <td bgcolor="#99FF66"><div align="center"><span class="style3">Reset Password </span></div></td> <td bgcolor="#99FF66"><div align="center"><span class="style3">Delete</span></div></td> </tr> <tr> <td> </td> <td> </td> <td> </td> <td> </td> <td> </td> <td> </td> </tr> </table> <h3> </h3> </div> </div> <!--end content --> MANAGE; } break; case "dashboard": break; case "approval": break; This works fine for when viewing the admin.php, I am asked for a password and then it compares the password against the encoded password before displaying the manage page. However this does not stop someone typing http://www.mysite.com/folder/admin.php?cmd=dashboard If they do that, it skips the password form and password check, and they can then go ahead and do whatever in the admin.php file. How can I prevent this, so that a password check is automatically done before allowing somebody to view the page? I have tried adding the code I used in the manage section, but it doesnt work again. Any help will be greatly appreciated, I been trying to work it out all day and run out of ideas. Many Thanks Similar TutorialsI'm not sure if this is a php or Apache question but here goes anyways. I have my Apache web server set up so I can access it from anywhere which obviously means anyone else can access it too. I have my index page which is basically a menu for the site password protected with a simple php script. The problem is the index.php password page can be bypassed by just typing the name or path of any of the pages on the site. I don't want to have to password protect or enter a session variable onto every page. Is there a practical way to make it where no page can be accessed without being routed from the index.php page ? can i do something like this? Code: [Select] <?php switch ($i) { case 0: echo "i equals 0";?> ////////////// html stuff //////// <?php break; case 1: echo "i equals 1"; ?> ///////////////////html stuff////////////// <?php break; case 2: echo "i equals 2"; ?> ////////////html stuff/////////////// <?php break; } ?> Hello, I am having a small issue with a case switch array that uses a range of data. I am using it to set the background of table cells depending on the data. I.E. 0-0.9, 1-1.9 etc with each one being a different color. Issue I am having is it doesn't change. It sets it based on the first array entry. What might I be missing? This is the first time I have used a case switch with a range.
-Thanks
$magScale = '';
switch($magnitude)
{
case myInterval >= 0 && myInterval <= 0.9: $magScale = 'rgb(195, 218, 236)';
break;
case myInterval >= 1 && myInterval <= 1.9: $magScale = 'rgb(210, 238, 197)';
break;
case myInterval >= 2 && myInterval <= 2.9: $magScale = 'rgb(244, 240, 202)';
break;
case myInterval >= 3 && myInterval <= 3.9: $magScale = 'rgb(244, 223, 202)';
break;
case myInterval >= 4 && myInterval <= 4.9: $magScale = 'rgb(240, 199, 205)';
break;
case myInterval >= 5 && myInterval <= 10: $magScale = 'rgb(212, 195, 236)';
break;
}
Hi, I have been using an old contact form for a while now, this is it: Code: [Select] <?php if (isset($_POST['submit'])) { switch($_POST['contact_type']) { case 'Customer': $to = '...@gmail.com'; break; case 'HQ'; $to = '...@gmail.com'; break; case 'Office 2': $to = '...@gmail.com'; break; case 'Office 3': $to ='...@gmail.com'; break; case 'Office 4': $to = '...@gmail.com'; break; case 'Office 5': $to = '...@gmail.com'; break; } $subject = "WEBSITE ENQUIRY"; $name_field = $_POST['name']; $email_field = $_POST['email']; $message = $_POST['message']; if (strlen(trim($message)) > 0) { $body = "From: $name_field\n E-Mail: $email_field\n Message:\n $message"; if (mail($to, $subject, $body)) { echo "<h3>Thanks! Your email has been sent <br />We will answer your enquiry as soon as possible.</h3>"; } else { echo 'Cannot sent mail'; } } else { echo "<h3>Error! <br />Please ensure that all fields are filled out in order to email us!</h3>"; } } else { echo "blarg!"; } ?> I recently extended the form with HTML5 etc and got a new form script, which makes a lot of improvements with the PHP. I want to put this on a site I am working on. The current form has an contact type pull down which changes the destination of the submitted form. It looks like this: Code: [Select] <?php if( isset($_POST) ){ //form validation vars $formok = true; $errors = array(); //sumbission data $ipaddress = $_SERVER['REMOTE_ADDR']; $date = date('d/m/Y'); $time = date('H:i:s'); //form data $name = $_POST['name']; $email = $_POST['email']; $telephone = $_POST['telephone']; $company = $_POST['company']; $enquiry = $_POST['enquiry']; $product = $_POST['product']; $message = $_POST['message']; //validate form data //validate name is not empty if(empty($name)){ $formok = false; $errors[] = "You have not entered a name"; } //validate email address is not empty if(empty($email)){ $formok = false; $errors[] = "You have not entered an email address"; //validate email address is valid }elseif(!filter_var($email, FILTER_VALIDATE_EMAIL)){ $formok = false; $errors[] = "You have not entered a valid email address"; } //validate company is not empty if(empty($company)){ $formok = false; $errors[] = "You have not entered a name"; } //validate message is not empty if(empty($message)){ $formok = false; $errors[] = "You have not entered a message"; } //validate message is greater than 20 charcters elseif(strlen($message) < 20){ $formok = false; $errors[] = "Your message must be greater than 20 characters"; } //send email if all is ok if($formok){ $headers = "From: user@mysite.com" . "\r\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; $emailbody = "<p>You have recieved a new message from the enquiries form on your website.</p> <p><strong>Name: </strong> {$name} </p> <p><strong>Email Address: </strong> {$email} </p> <p><strong>Telephone: </strong> {$telephone} </p> <p><strong>Company: </strong> {$company} </p> <p><strong>Enquiry: </strong> {$enquiry} </p> <p><strong>Product of Interest: </strong> {$product} </p> <p><strong>Message: </strong> {$message} </p> <p>This message was sent from the IP Address: {$ipaddress} on {$date} at {$time}</p>"; mail("....@gmail.com","New Enquiry",$emailbody,$headers); } //what we need to return back to our form $returndata = array( 'posted_form_data' => array( 'name' => $name, 'email' => $email, 'telephone' => $telephone, 'company' => $company, 'enquiry' => $enquiry, 'product' => $product, 'message' => $message ), 'form_ok' => $formok, 'errors' => $errors ); //if this is not an ajax request if(empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) !== 'xmlhttprequest'){ //set session variables session_start(); $_SESSION['cf_returndata'] = $returndata; //redirect back to form header('location: ' . $_SERVER['HTTP_REFERER']); } } As you can see the new php form is much better, validates each field etc... I am having issues getting the case and switch statement into my new form though, can anyone please advise where to put it / what I need to take out to make it work? Its an important part of the form I need to make. Any help would be much appreciated. Hi I have a form that is popluated from the database now I am trying to get the switch case to be based on the option the user selects is this possible to make a case a variable popluated by the drop down if so can someone show me what am i missing? the value I am trying to get from the form to the switch case is the ( $val->slug) but the value not been set help please here the form Code: [Select] <form method="post"> <select name="deal-locations" onChange="this.form.submit()"> <?php while(list($key,$val) = each($locations)) { ?><option value="<?php echo $val->slug; ?>"><?php echo $val->slug; ?></option><?php } ?> </select> <input type="submit" value="submit"> </form> Here the switch case Code: [Select] switch ($_POST['deal-locations']) { case " $val->slug": echo "<h3>deal-locations: ASC</h3>"; $args = array( 's' => $_GET['s'], 'post_type' => 'deals', 'deal-locations' => ' $val->slug', 'where' => ' $val->slug', 'paged' => 'paged' ); break; } Hey, nooby here I am looking for a PHP solution for password protect pages. I have successfully implemented this code which check a user name and password to grant access. The problem is that each user needs a different (password protected) page. What I would like to do is take it a step further and have each user directed to a specific page. visitor1 => www.mysite.com/visitor1.com visitor2 => www.mysite.com/visitor2.com Since I am not going to have anymore than three users I don't want the complication of a database and keep everything PHP. Any idea please? Cheers, This is the login page:
<?php
$LOGIN_INFORMATION = array(
'visitor1' => 'password1',
'visitor2' => 'password2'
);
define('USE_USERNAME', true);
define('LOGOUT_URL', 'http://www.mysite.com/logout.php');
define('TIMEOUT_MINUTES', 0);
define('TIMEOUT_CHECK_ACTIVITY', true);
if(isset($_GET['help'])) {
die('Include following code into every page you would like to protect, at the very beginning (first line):<br><?php include("' . str_replace('\\','\\\\',__FILE__) . '"); ?>');
}
$timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60);
if(isset($_GET['logout'])) {
setcookie("verify", '', $timeout, '/'); // clear password;
header('Location: ' . LOGOUT_URL);
exit();
}
if(!function_exists('showLoginPasswordProtect')) {
function showLoginPasswordProtect($error_msg) {
?>
<!DOCTYPE HTML>
<html>
<head>
</head>
<body class="loading">
<div style="width:500px; margin-left:auto; margin-right:auto; text-align:center">
<form method="post">
<p>Please enter password</p><br />
<font color="red"><?php echo $error_msg; ?></font><br />
<?php if (USE_USERNAME) echo 'Login:<br /><input type="input" name="access_login" /><br />Password:<br />'; ?>
<input type="password" name="access_password" /><p></p><input type="submit" name="Submit" value="Submit" />
</form>
</div>
</body>
</html>
<?php
die();
}
}
if (isset($_POST['access_password'])) {
$login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
$pass = $_POST['access_password'];
if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION)
|| (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass ) )
) {
showLoginPasswordProtect("Incorrect password.");
}
else {
setcookie("verify", md5($login.'%'.$pass), $timeout, '/');
unset($_POST['access_login']);
unset($_POST['access_password']);
unset($_POST['Submit']);
}
}
else {
if (!isset($_COOKIE['verify'])) {
showLoginPasswordProtect("");
}
$found = false;
foreach($LOGIN_INFORMATION as $key=>$val) {
$lp = (USE_USERNAME ? $key : '') .'%'.$val;
if ($_COOKIE['verify'] == md5($lp)) {
$found = true;
// prolong timeout
if (TIMEOUT_CHECK_ACTIVITY) {
setcookie("verify", md5($lp), $timeout, '/');
}
break;
}
}
if (!$found) {
showLoginPasswordProtect("");
}
}
?>
And here is the code I used at the top of each protected page:
<?php include("/home/user/public_html/clients/login.php"); ?>[/code]
hi all i have a code that i am trying to password to protect my webpage and i cant seen to get it to coonect to mysql DB. here is the code $c_username = "root"; $c_password = "Steph1989"; $c_host = "localhost"; $c_database = "eclipse_media"; // Connect. $connection = mysql_connect($c_host, $c_username, $c_password) or die ("It seems this site's database isn't responding."); mysql_select_db($c_database) or die ("It seems this site's database isn't responding."); I'm testing out small bits of code for myself, and I'm trying to understand why this isn't coming out how I would imagine it to... I have my function which stores colors in an array from a text file, then I return back a random color from my array like so... function getColor() { $ball_color = explode("\n", file_get_contents('colors.txt')); // Takes file contents and stores them into an array. return $ball_color[array_rand($ball_color)]; } And now in the main program, I simply have this: $color = getColor(); switch($color) { Case "blue": // echo stuff break; Case "red": // echo stuff break; etc... } For some reason though, my switch statement always reads the default case, making me assume that the words "blue" "red" "green" etc... aren't matching up to what I have set the cases at. When I output what color is actually being read, it displays exactly as it should, so I don't understand why the case "red" isn't opening up when that color is chosen, or same with any of the other colors. Is there some small conflict I'm unaware of in this tiny practice code? Any help is appreciated, thanks. Hello, I just joined today! I am very new to php, I'm sure you'll be able to tell I created a 'members area only' thanks to some awesome online tutorials!! The only part that isn't working is the page protection for the 'members only area'. I am using $_SESSION and ISSET, but wonder why page shows when the address to the protected page is typed directly in, (no session should exist) if I understand correctly ... Any help will be wonderful, I really can't do this on my own yet. I have tried many different combinations, I may have them all mixed together by now. Currently, I have this code to the top of the page I am trying to protect ... <? ob_start(); session_start(); //The users login details should be stored either in the post array or session array so we pull those login credentials $username = isset($_POST['username']) ? $_POST['username'] : $_SESSION['username']; $password = isset($_POST['password']) ? $_POST['password'] : $_SESSION['password']; //if no username session variable exists, redirect user: if(!isset($username)) { header("Location: login_form.php"); } ?> <html> <head> </head> <body> <p> This is the members only area</p> </body> </html> I have a problem w/ a widely used password protect php code. I use a business directory program that allows custom input fields. I'm using this code to password protect a business listing page in my directory code. I created custom fields for the username & password so a listing can enter their own user/pass but when I test it it won't work when I'm calling/echoing the fields. When I hardcode it w/ a user/pass it works. Any ideas on how I should recode this?: Quote <?php // Define your username and password $username = "<?php echo $custom_74; ?>"; $password = "<?php echo $custom_16; ?>"; if ($_POST['txtUsername'] != $username || $_POST['txtPassword'] != $password) { ?> <h1>Login</h1> <form name="form" method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>"> <p><label for="txtUsername">Username:</label> <br /><input type="text" title="Enter your Username" name="txtUsername" /></p> <p><label for="txtpassword">Password:</label> <br /><input type="password" title="Enter your password" name="txtPassword" /></p> <p><input type="submit" name="Submit" value="Login" /></p> </form> <?php } else { ?> I close the code correctly. <?php echo $custom_74; ?> & <?php echo $custom_16; ?> are just incidently my custom field echo codes. I have over 150 custom fields working fine for user/listee options. The password protect code won't accept echos it seems as coded above. Thanks, Gene This topic has been moved to Apache HTTP Server. http://www.phpfreaks.com/forums/index.php?topic=358740.0 Hi, I wonder if some one could help me. I am trying to set up a few rules to make sure that users create safe passwords on my site: I have the below check which makes sure that the user enters a word of at least 8 charachters long: Code: [Select] if( strlen($password) < $MaxPwdLength ){ $errmsg_arr[] = 'Password must be at least 8 charachters long '; $errflag = true; } Does anyone know how I could write an if function to make sure that the ser is entereing a password with at least one capital and one lower case letter in. Hope you can help. Thanks Ed I'm trying to password protect and admin area but an included script, but it's not working very well. I've used this script forever, but for some reason it pops up an alert that says "The URL is not valid and cannot be loaded," when the form is submitted. It's an old script from PHPBuddy. Here is the script: // password_protect.php Code: [Select] <?php # Simple password protection # # (c) http://www.phpbuddy.com # Author: Ranjit Kumar # Feel free to use this script but keep this message intact! # # To protect a page include this file in your PHP pages! session_start(); $admin_user_name = "admin"; $admin_password = "admin"; //you can change the username and password by changing the above two strings if (!isset($HTTP_SESSION_VARS['user'])) { if(isset($HTTP_POST_VARS['u_name'])) $u_name = $HTTP_POST_VARS['u_name']; if(isset($HTTP_POST_VARS['u_password'])) $u_password = $HTTP_POST_VARS['u_password']; if(!isset($u_name)) { ?> <HTML> <HEAD> <TITLE><?php echo $HTTP_SERVER_VARS['HTTP_HOST']; ?> : Authentication Required</TITLE> </HEAD> <BODY bgcolor=#ffffff> <table border=0 cellspacing=0 cellpadding=0 width=100%> <TR><TD> <font face=verdana size=2><B>(Access Restricted to Authorized Personnel)</b> </font></td> </tr></table> <P></P> <font face=verdana size=2> <center> <?php $form_to = "http://$HTTP_SERVER_VARS[HTTP_HOST]$HTTP_SERVER_VARS[PHP_SELF]"; if(isset($HTTP_SERVER_VARS["QUERY_STRING"])) $form_to = $form_to ."?". $HTTP_SERVER_VARS["QUERY_STRING"]; ?> <form method=post action=<?php echo $form_to; ?>> <table border=0 width=350> <TR> <TD><font face=verdana size=2><B>User Name</B></font></TD> <TD><font face=verdana size=2><input type=text name=u_name size=20></font></TD></TR> <TR> <TD><font face=verdana size=2><B>Password</B></font></TD> <TD><font face=verdana size=2><input type=password name=u_password size=20></font></TD> </TR> </table> <input type=submit value=Login></form> </center> </font> </BODY> </HTML> <?php exit; } else { function login_error($host,$php_self) { echo "<HTML><HEAD> <TITLE>$host : Administration</TITLE> </HEAD><BODY bgcolor=#ffffff> <table border=0 cellspacing=0 cellpadding=0 width=100%> <TR><TD align=left> <font face=verdana size=2><B> You Need to log on to access this part of the site! </b> </font></td> </tr></table> <P></P> <font face=verdana size=2> <center>"; echo "Error: You are not authorized to access this part of the site! <B><a href=$php_self>Click here</a></b> to login again.<P> </center> </font> </BODY> </HTML>"; session_unregister("adb_password"); session_unregister("user"); exit; } $user_checked_passed = false; if(isset($HTTP_SESSION_VARS['adb_password'])) { $adb_session_password = $HTTP_SESSION_VARS['adb_password']; if($admin_password != $adb_session_password) login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']); else { $user_checked_passed = true; } } if($user_checked_passed == false) { if(strlen($u_name)< 2) login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']); if($admin_user_name != $u_name) //if username not correct login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']); if(isset($admin_password)) { if($admin_password == $u_password) { session_register("adb_password"); session_register("user"); $adb_password = $admin_password; $user = $u_name; } else { //password in-correct login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']); } } else { login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']); } $page_location = $HTTP_SERVER_VARS['PHP_SELF']; if(isset($HTTP_SERVER_VARS["QUERY_STRING"])) $page_location = $page_location ."?". $HTTP_SERVER_VARS["QUERY_STRING"]; header ("Location: ". $page_location); } } } ?> And here is the file I'm trying to protect: //index.php Code: [Select] <?php include('password_protect.php'); include("connection.php"); //Logout if($_REQUEST['action'] == "logout") { session_unset(); session_destroy(); header('Location:index.php'); } //Script Actions //Add Main Display if ($_REQUEST['action'] == "add_main_d") { //Upload Image $target_path = "main_display/"; $target_path = $target_path . basename( $_FILES['image']['name']); if(move_uploaded_file($_FILES['image']['tmp_name'], $target_path)) { $msg1 = "<p>The image ". basename( $_FILES['image']['name']). " has been uploaded</p>"; } else { $msg1 = "<p>There was an error uploading the image, please try again!</p>"; } $image = $_FILES['image']['name']; //Add Info to Database $query = "INSERT INTO main_display (title,descrip,link,image) VALUES('$_REQUEST[title]','$_REQUEST[descrip]','$_REQUEST[link]','$image')"; $result = mysql_query($query) or die ("Can't do anything with the query!"); $msg = "<p>" . $_REQUEST['title'] . " added to the main display.</p>"; } //Add Guest if ($_REQUEST['action'] == "add_guest") { //Upload Image $target_path = "guests/"; $target_path = $target_path . basename( $_FILES['image']['name']); if(move_uploaded_file($_FILES['image']['tmp_name'], $target_path)) { $msg1 = "<p>The image ". basename( $_FILES['image']['name']). " has been uploaded</p>"; } else { $msg1 = "<p>There was an error uploading the image, please try again!</p>"; } $image = $_FILES['image']['name']; //Add Info to Database $query = "INSERT INTO guest (name,ep,link,image) VALUES('$_REQUEST[name]','$_REQUEST[ep]','$_REQUEST[link]','$image')"; $result = mysql_query($query) or die ("Can't do anything with the query!"); $msg = "<p>" . $_REQUEST['name'] . " was added to the guest list.</p>"; } //Delete Item if($_REQUEST['action'] == "delete_item"){ $query = "SELECT * FROM main_display WHERE id = '$_REQUEST[item]'"; $result = mysql_query($query) or die ("Can't do anything with the query!"); $row = mysql_fetch_array($result,MYSQL_ASSOC); $image = $row['image']; unlink("main_display/$image"); //Delete news $query = "DELETE FROM main_display WHERE id = '$_REQUEST[item]'"; $result = mysql_query($query) or die ("Can't do anything with the query!"); $msg = "Display Meny Item erased."; } //Delete Guest if($_REQUEST['action'] == "delete_guest"){ $query = "SELECT * FROM guest WHERE id = '$_REQUEST[item]'"; $result = mysql_query($query) or die ("Can't do anything with the query!"); $row = mysql_fetch_array($result,MYSQL_ASSOC); $image = $row['image']; unlink("guests/$image"); //Delete news $query = "DELETE FROM guest WHERE id = '$_REQUEST[item]'"; $result = mysql_query($query) or die ("Can't do anything with the query!"); $msg = "Display Meny Item erased."; } ?> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <link rel="stylesheet" type="text/css" href="style.css" /> <title>Admin Window</title> <?php //Form Check - Javascript if($_REQUEST['view'] == "main_d") { include("add_main_d_check.php"); } if($_REQUEST['view'] == "guest_d") { include("add_guest_d_check.php"); } ?> </head> <body> <div id="wrapper"> <h1> Admin Window </h1> <div id="links"> <ul> <li><a href="index.php">Main</a></li> <li><a href="index.php?view=main_d">Main Display</a></li> <li><a href="index.php?view=guest_d">Guests</a></li> <li><a href=\"index.php?action=logout\">Logout</a></li> </ul> </div> <?php if (isset($msg1)) { echo $msg1 . "<br />"; } if (isset($msg)) { echo $msg; } //Page Controller switch($_REQUEST['view']) { case "main_d": include("main_d.php"); break; case "guest_d": include("guests.php"); break; default: if(!isset($_REQUEST['action'])){ echo "<p>Please select an action.</p>"; } break; } ?> </div> </body> </html> I will be grateful for any help on this. Thanks! Hello: I wanted to see if I can make my password protected pages in my admin area, and the login form "more secure." I was told I should use MD5 / SALTING / HASHING to do this. I have tried some online tutorials, but am not understanding it, so I wanted to start from what I have and build upon it> This is my database table storing the myAdmins data (when I initially insert it into the database): Code: [Select] CREATE TABLE `myAdmins` ( `id` int(4) NOT NULL auto_increment, `myUserName` varchar(65) NOT NULL default '', `myPassword` varchar(65) NOT NULL default '', PRIMARY KEY (`id`) ) ENGINE=MyISAM AUTO_INCREMENT=2 DEFAULT CHARSET=utf8; INSERT INTO myAdmins VALUES("1","abc","123"); This is the login form I use: Code: [Select] <?php include('../include/myConn.php'); include('include/myAdminNav.php'); session_start(); session_destroy(); $message=""; $Login=$_POST['Login']; if($Login){ $myUserName=$_POST['myUserName']; $myPassword=$_POST['myPassword']; $result=mysql_query("select * from myAdmins where myUserName='$myUserName' and myPassword='$myPassword'"); if(mysql_num_rows($result)!='0'){ session_register("myUserName"); header("location:a_Home.php"); exit; }else{ $message="<div class=\"myAdminLoginError\">Incorrect Username or Password</div>"; } } ?> <form id="form1" name="form1" method="post" action="<? echo $PHP_SELF; ?>"> <? echo $message; ?> Username: <input name="myUserName" type="text" id="myUserName" size="40" /> Password: <input name="myPassword" type="password" id="myPassword" size="40" /> <input name="Login" type="submit" id="Login" value="Login" /> </form> This is the code on top of each page I password protect: Code: [Select] <? session_start(); if(!session_is_registered(myUserName)){ header("location:Login.php"); } ?> Works well, but can it be "better"?? And, if I am allowing the admin to update his/her username or password, I do it this way: Code: [Select] <?php include('../include/myConn.php'); include('include/myCheckLogin.php'); if ($_SERVER['REQUEST_METHOD'] == 'POST') { $myUserName = mysql_real_escape_string($_POST['myUserName']); $myPassword = mysql_real_escape_string($_POST['myPassword']); $sql = " UPDATE myAdmins SET myUserName = '$myUserName', myPassword = '$myPassword' "; mysql_query($sql) && mysql_affected_rows() ?> <?php } $query=mysql_query("SELECT * FROM myAdmins") or die("Could not get data from db: ".mysql_error()); while($result=mysql_fetch_array($query)) { $myUserName=$result['myUserName']; $myPassword=$result['myPassword']; } ?> <form method="post" action="<?php echo $PHP_SELF;?>"> <input type="hidden" name="POSTBACK" value="EDIT"> Username: <input type="text" size="60" maxlength="60" name="myUserName" value="<?php echo $myUserName; ?>"> Password: <input type="password" size="60" maxlength="60" name="myPassword" value="<?php echo $myPassword; ?>"> <input type="submit" value="Submit" /> </form> Should it be "better" .. ?? I don't seem to understand how to "encrypt" all of this to make it "stronger" .. Ideas? Improvements? Hello everyone: I wanted to see how I can make a simple login page (user name and password) that redirects to a page(s) if the login is correct. Also, I wanted to put protection on the page(s) that will send the user back to the login page if the credentials are nor correct. I would imagine the username/password would be stored in a database table (Admins), and the correct login info would be stored in a session ..? I am use to doing this with ASP, but never PHP. I want to make sure I understand how to do this properly and securely so I can use this as a model for other systems. In ASP I would do a protected page like this: a_login_check.asp Code: [Select] <% if session("admin_user_name") = "" then session.abandon response.redirect "login.asp" end if %> Protected-Page.asp Code: [Select] <!-- #include file="include/a_check_login.asp" --> <html> ... CONTENT ... </html> And of course there is the login page itself ... (I thought it would be nice to add a "Forgot Password" link on the login page, but if that is too complicated I can do that later .. or is it easy ??) Anyway, can someone point-out to me how to do this. I would appreciate it! Hello PhP Freaks forum In the past weeks ive been trying to make a website, where you can register. Everything seems to work except my cherished Change password feature. Everytime you try to change the password, it just resets it to nothing. Here is the code below. <?php if(isset($_SESSION['username'])) { $username = $_SESSION['username']; $lastname = $_SESSION['lastname']; $firstname = $_SESSION['firstname']; $email = $_SESSION['email']; echo " <h4>Options for:</h4> $username <br /> <br /> First name: $firstname <br />Last name: $lastname <br /><br /><h3>Want to change your password:</h3><br /> <form action='?do=option' method='post'> Old password <input type='password' placeholder='Has to be between 5-15 digits' name='password' size='30' value='' /><br /> <br /> New Password<input type='password' placeholder='Has to be between 5-15 digits' name='newpass' size='30' value='' /><br /> <br /> Confirm new password <input type='password' placeholder='Has to be between 5-15 digits' name='passconf' size='30' value='' /><br /> <center></div><input type='submit' value='Submit'/></center></form>"; }else{ echo 'Please login to view your options!'; } $password = $_REQUEST['password']; $pass_conf = $_REQUEST['newpass']; $email = $_REQUEST['passconf']; $connect = mysql_connect("Host", "User", "Password"); if(!$connect){ die(mysql_error()); } //Selecting database $select_db = mysql_select_db("My Database", $connect); if(!$select_db){ die(mysql_error()); } //Find if entered data is correct $result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'"); $row = mysql_fetch_array($result); $id = $row['id']; mysql_query("UPDATE users SET password='$newpass' WHERE username='$user'") ?> And i do know that i dont have a if(Empty($newpass)){ Die(Please fill out the new password) } Or any security on the others, but the problem just seems that it resets the password into nothing Hope i can get this fixed Best Regards William Pfaffe Morning, I'm working on a web site using a switch to separate different calls from a MySQL database. My style looks like this: <?php switch ($_GET['page']) { case 'news': echo ("NEWS HERE"); } break; case 'schedule'; echo ("SCHEDULE HERE"); } break; default: echo ("MAIN PAGE HERE"); break; } What I am trying to do, is specify that if the page is news, there can be an additional variable for id. I attempted before and after the break; for the news case, to make a new switch, but it isn't taking. I've looked around online, but can't find any information about this. Can anyone offer a hand? <?php
require_once('upper.php'); require_once('database.php'); echo $error_msg=''; if(isset($_POST['submit'])) { $LoginId=mysqli_real_escape_string($dbc,trim($_POST['LoginId'])); $Password1=mysqli_real_escape_string($dbc,trim($_POST['Password1'])); $Password2=mysqli_real_escape_string($dbc,trim($_POST['Password2'])); $Name=mysqli_real_escape_string($dbc,trim($_POST['Name'])); $Age=mysqli_real_escape_string($dbc,trim($_POST['Age'])); $BloodGroup=mysqli_real_escape_string($dbc,trim($_POST['BloodGroup'])); if(!isset($_POST['Sex'])) { echo 'Please enter Sex<br>'; } else{ $Sex= mysqli_real_escape_string($dbc,trim($_POST['Sex'])); } $Qualification=mysqli_real_escape_string($dbc,trim($_POST['Qualification'])); $ContactNumber=mysqli_real_escape_string($dbc,trim($_POST['ContactNumber'])); $Email=mysqli_real_escape_string($dbc,trim($_POST['Email'])); $Address=mysqli_real_escape_string($dbc,trim($_POST['Address'])); $AboutYourself=mysqli_real_escape_string($dbc,trim($_POST['AboutYourself'])); //$countCheck=count($_POST['checkbox']); //echo $countCheck; //$checkbox=$_POST['checkbox']; //$countCheck=count($checkbox); if(empty($LoginId)){echo 'Please enter Login Id';} elseif(empty($Password1)){echo 'Please enter Password';} elseif(empty($Password2)){echo 'Please confirm Password';} elseif($Password1!==$Password2){echo 'Password didn\'t match';} elseif(empty($Name)){echo 'Please enter Name';} elseif(empty($Age)){echo 'Please enter Age';} elseif(!isset($_POST['Sex'])){} elseif(empty($Qualification)){echo 'Please enter Qualification';} elseif(empty($ContactNumber)){echo 'Please enter Contact Number';} elseif(empty($Email)){echo 'Please enter Email';} elseif(empty($Address)){echo 'Please enter Address';} elseif(empty($AboutYourself)){echo 'Please enter About Yourself';} elseif(!isset($_POST['checkbox'])){ echo 'You have to register at least one activity.';} elseif(!isset($_POST['TermsAndConditions'])){ echo 'You have to agree all Terms and Conditions of Elite Brigade.';} else { require_once('database.php'); $query="select * from registration where LoginId='$LoginId'"; $result=mysqli_query($dbc,$query); if(mysqli_num_rows($result)==0) { $checkbox=$_POST['checkbox']; $countCheck=count($_POST['checkbox']); $reg_id=' '; for($i=0;$i<$countCheck;$i++) { $reg_id=$reg_id.$checkbox[$i].','; $query="insert into activity_participation (LoginId,Title,Date) values ('$LoginId','$checkbox[$i]',CURDATE())"; $result=mysqli_query($dbc,$query) or die("Not Connected"); } $query="insert into registration (LoginId,Password,Name,Age,BloodGroup,Sex,Qualification,ContactNumber,Email,Address,AboutYourself,Activity)values ('$LoginId'[B],SHA('$Password1'),[/B]'$Name','$Age','$BloodGroup','$Sex','$Qualification','$ContactNumber','$Email','$Address','$AboutYourself',',$reg_id')"; $result=mysqli_query($dbc,$query) or die("Not Connect"); echo ' Dear '.$Name.'.<br>Your request has been mailed to admin.<br>Your account is waiting for approval<br>'; $from= 'Elite Brigade'; $to='ankitp@rsquareonline.com'; $subject='New User Registration'; $message="Dear admin,\n\nA new user request for registration. Please check it out.\n\nRegards\nMicro"; mail($to,$subject,$message,'From:'.$from); //header('Location: index.php'); // header('Location: Registration.php'); } else { echo 'Dear '.$Name. ', <br> An account already exist with login-id<b> '.$LoginId.'</b> <br>Please try another login-id'; }} } ?> <html> <head> <script src="jquery-latest.js"></script> <script type="text/javascript" src="jquery-validate.js"></script> <style type="text/css"> * { font-family: Verdana; } label.error { color: white; padding-left: .5em; } p { clear: both; } .submit { margin-left: 12em; } em { font-weight: bold; padding-right: 1em; vertical-align: top; } </style> <script> $(document).ready(function(){ $("#commentForm").validate(); }); </script> </head> <body> <?php echo $error_msg; ?> <form action='<?php echo $_SERVER['PHP_SELF'];?>' id="commentForm" method='post'> <div class="registration_and_activity"> <table border="0" width="380"> <tr><td colspan="2"> <h3>New User?</h3></td></tr> <tr><td width="120"> <em>*</em>Enter Login id</td><td width="150"><input type='text' name='LoginId' minlength="4" value='<?php if(!empty($LoginId))echo $LoginId;?>' /></td></tr> <tr><td> <em>*</em>Enter Password</td> <td><head> <div id="divMayus" style="visibility:hidden">Caps Lock is on.</div> <SCRIPT language=Javascript> function capLock(e){ kc = e.keyCode?e.keyCode:e.which; sk = e.shiftKey?e.shiftKey:((kc == 16)?true:false); if(((kc >= 65 && kc <= 90) && !sk)||((kc >= 97 && kc <= 122) && sk)) document.getElementById('divMayus').style.visibility = 'visible'; else document.getElementById('divMayus').style.visibility = 'hidden'; } </SCRIPT> </HEAD> <input onkeypress='return capLock(event)' type='password' name='Password1' value='<?php if(!empty($Password1))echo $Password1;?>' /></td></tr> <tr><td> <em>*</em>Confirm Password</td><td><input type='password' name='Password2' value='<?php if(!empty($Password2))echo $Password2;?>' /></td></tr> <tr><td width="120"> <em>*</em>Enter Name</td> <td><input type='text' name='Name' value='<?php if(!empty($Name))echo $Name;?>' /></td></tr> <tr><td> <em>*</em>Enter Age</td><HEAD> <SCRIPT language=Javascript> function isNumberKey(evt) { var charCode = (evt.which) ? evt.which : event.keyCode if (charCode > 31 && (charCode < 48 || charCode > 57)) return false; return true; } </SCRIPT> </HEAD> <td><INPUT onkeypress='return isNumberKey(event)' type='text' name='Age' value='<?php if(!empty($Age))echo $Age;?>'/></td></tr> <tr><td> <em>*</em>Enter Blood</td><td><input type='text' name='BloodGroup' value='<?php if(!empty($BloodGroup))echo $BloodGroup;?>' /></td></tr> <tr><td> <em>*</em>Enter Sex</td><td><input type='radio' name='Sex' style='width:16px; border:0;' 'value='Male' />Male <input type='radio' name='Sex' style='width:16px; border:0;' 'value='Female' />Female</td></tr> <tr><td> <em>*</em>Enter Qualification</td><td><input type='text' name='Qualification' value='<?php if(!empty($Qualification))echo $Qualification;?>' /></td></tr> <tr><td> <em>*</em>Contact Number </td><td><input onkeypress='return isNumberKey(event)'type='text' name='ContactNumber' value='<?php if(!empty($ContactNumber))echo $ContactNumber;?>' /></td></tr> <tr><td> <em>*</em>Enter Email</td><td><input type='text' name='Email'class="email" value='<?php if(!empty($Email))echo $Email;?>' /></td></tr> <tr><td> <em>*</em>Enter Address</td><td><input type='text' name='Address' value='<?php if(!empty($Address))echo $Address;?>' /></td></tr> <tr ><td > <em>*</em>About Yourself </td></tr> <tr><td colspan="2"><textarea rows='10' cols='40' name='AboutYourself' /><?php if(!empty($Address))echo $Address;?></textarea></td></tr> <tr><td> <?php echo" <tr><td colspan='2'><em>*</em><b>Select fields for which you want to register</b></td></tr>"; require_once('database.php'); $query="select * from activity"; $result=mysqli_query($dbc,$query); while($row=mysqli_fetch_array($result)){ $Title=$row['Title']; $ActivityId=$row['ActivityId']; echo "<tr><td>$Title</td>"; echo "<td><input type='checkbox' name='checkbox[]' value='$Title' style='width:14px; text-align:right;'/></td></tr>";//value=$ActivityId tells ActivityId variable extracts with name="checkbox" echo "<br/>"; } echo "<td><em>*</em><input type='checkbox' name='TermsAndConditions' style='width:14px; text-align:right;'/></td><td> I agree all <a href='TermsAndConditions.php'>Terms and conditions </a>of Elite Brigade</td></tr>"; echo "<tr><td colspan='2' align='center'><input type='submit' value='Register' name='submit' style='background:url(./images/button_img2.png) no-repeat 10px 0px; width:100px; padding:3px 0 10px 0; color:#FEFBC4; border:0;'/></td></tr><br>"; echo " </td></tr></table> </div> </form> </body> </html>"; require_once('lower.php'); ?> Hi Friends .... I encrypt user password by SHA('$Password') method but now i want to add "Forget Password Module" for which I need to decrypt it first before tell my user but I don't Know how to decrypt it. Please help me........ This topic has been moved to Application Design. http://www.phpfreaks.com/forums/index.php?topic=353345.0 |
|||||||