View previous topic :: View next topic |
Author |
Message |
alenxVR6 -
Joined: 04 Dec 2003 Posts: 51 Location: Revere, Boston MA
|
Posted: Wed May 19, 2004 4:55 pm Post subject: Access issue without pop-up login name and passw.... |
|
|
I was wondering if there is a way that you can make the user log-in page without the windows box poping out.
for example:
from main.php
to access "access.php" (that is password protected) without having the pop-up box come up....
and have user and password fields on main.php so the user can enter the access.php
im not sure should i password protect the the page within the abyss or using php....
any help would be appreciated...Thanks |
|
Back to top |
|
 |
iNaNimAtE -
Joined: 05 Nov 2003 Posts: 2381 Location: Everywhere you're not.
|
Posted: Wed May 19, 2004 11:47 pm Post subject: |
|
|
You're referring to a form login box instead of the popup, right?
If you want to, just get a script off of www.hotscripts.com to do it. _________________ Bienvenidos! |
|
Back to top |
 |
 |
TRUSTAbyss -
Joined: 29 Oct 2003 Posts: 3752 Location: USA, GA
|
Posted: Thu May 20, 2004 12:28 am Post subject: |
|
|
I wrote a simple script that can handle
1 user and maybe thats what you want.
Login Page [login.html]
Code: |
<form action="access.php" method="post">
Username: <input type="text" name="user"><br>
Password: <input type="password" name="pass">
<input type="submit" name="login" value="login">
</form> |
Protected Area: [access.php]
Code: |
<?php
$user = $_POST['user'];
$pass = $_POST['pass'];
$login = $_POST['login'];
if ($login) {
if ($user=="YOUR USERNAME" && $pass=="YOUR PASSWORD") {
header ("Location: /protected_page.html");
}else{
print "Your Username/Password is wrong!";
}
}else{
print "Please use the login form!";
}
?>
|
All you have to do is fill out the simple info and
you will have a basic Authentication for the protected
area without the small popup dialog !
Last edited by TRUSTAbyss on Thu May 20, 2004 10:52 pm; edited 2 times in total |
|
Back to top |
|
 |
iNaNimAtE -
Joined: 05 Nov 2003 Posts: 2381 Location: Everywhere you're not.
|
Posted: Thu May 20, 2004 12:41 am Post subject: |
|
|
Un problemo:
Also, you can use $_POST['user'] instead of $user so Globals don't have to be turned on. _________________ Bienvenidos! |
|
Back to top |
 |
 |
TRUSTAbyss -
Joined: 29 Oct 2003 Posts: 3752 Location: USA, GA
|
Posted: Thu May 20, 2004 12:45 am Post subject: |
|
|
I accidently spaced the && apart , it works
now , I hope this solves the problem !
Register Globals can
be turned off also ! |
|
Back to top |
|
 |
iNaNimAtE -
Joined: 05 Nov 2003 Posts: 2381 Location: Everywhere you're not.
|
Posted: Thu May 20, 2004 12:53 am Post subject: |
|
|
Hmm... I get "Please use the login form" whenever I submitted the form (and I used the correct usename and password)... _________________ Bienvenidos! |
|
Back to top |
 |
 |
alenxVR6 -
Joined: 04 Dec 2003 Posts: 51 Location: Revere, Boston MA
|
Posted: Thu May 20, 2004 7:15 pm Post subject: |
|
|
Quote: | Hmm... I get "Please use the login form" whenever I submitted the form (and I used the correct usename and password)... |
same here, and also when i typr something different in user name and password my protected page is still viewable.... |
|
Back to top |
|
 |
TRUSTAbyss -
Joined: 29 Oct 2003 Posts: 3752 Location: USA, GA
|
Posted: Thu May 20, 2004 10:51 pm Post subject: |
|
|
Problem solved , I forgot that when using the value
for the submit button , it doesn't actually give that
variable $login value , it just names the button , so
I added one last $_POST['variable'] to the code and
I fixed it , try it out now , it works
Code: |
<?php
$user = $_POST['user'];
$pass = $_POST['pass'];
$login = $_POST['login'];
if ($login) {
if ($user=="YOUR USERNAME" && $pass=="YOUR PASSWORD") {
header ("Location: /protected_page.html");
}else{
print "Your Username/Password is wrong!";
}
}else{
print "Please use the login form!";
}
?>
|
|
|
Back to top |
|
 |
iNaNimAtE -
Joined: 05 Nov 2003 Posts: 2381 Location: Everywhere you're not.
|
Posted: Fri May 21, 2004 12:28 am Post subject: |
|
|
Ok, it works now.
alenxVR6 wrote: | and also when i typr something different in user name and password my protected page is still viewable |
The script isn't very secure. There is currently nothing implemented to stop users from just accessing the page. You could put a referrer script that checked if the user came from the login, but then again, that is easily spoofable. You could also replace "header (Location..." with "echo "your_content_here";" to make it more secure, but there can also be problems with that.
I think if you do not want to go through the work of customizing the script to your liking, just get a premade one at www.hotscripts.com (however, TRUSTpunk, I have no problem with your efforts).
Good luck! _________________ Bienvenidos! |
|
Back to top |
 |
 |
TRUSTAbyss -
Joined: 29 Oct 2003 Posts: 3752 Location: USA, GA
|
Posted: Fri May 21, 2004 12:38 am Post subject: |
|
|
their is a way to use an include so that the document can be
outside of the webroot so it is impossible to access it.
instead of header ("Location: /protected_page.html");
you can use this instead , just put the protected page
outside of your webroot and use an include , to do this.
Code: |
<?php
$user = $_POST['user'];
$pass = $_POST['pass'];
$login = $_POST['login'];
if ($login) {
if ($user=="YOUR USERNAME" && $pass=="YOUR PASSWORD") {
include ("C:\\Webdocs\\protected_page.html");
}else{
print "Your Username/Password is wrong!";
}
}else{
print "Please use the login form!";
}
?>
|
No one can access that web page without typing the username
and password on the form because its outside of the root! |
|
Back to top |
|
 |
iNaNimAtE -
Joined: 05 Nov 2003 Posts: 2381 Location: Everywhere you're not.
|
Posted: Fri May 21, 2004 12:42 am Post subject: |
|
|
Wow... good one TRUSTpunk! I'll have to use that sometime. _________________ Bienvenidos! |
|
Back to top |
 |
 |
TRUSTAbyss -
Joined: 29 Oct 2003 Posts: 3752 Location: USA, GA
|
Posted: Fri May 21, 2004 12:48 am Post subject: |
|
|
I use it for my contact form lol ! |
|
Back to top |
|
 |
alenxVR6 -
Joined: 04 Dec 2003 Posts: 51 Location: Revere, Boston MA
|
Posted: Fri May 21, 2004 4:56 am Post subject: |
|
|
i got it to work but the page is not very secure
user can just type the full path "http://www.0000.net/0000/whatever.php" to the protected page
and nothing will stop him/her to view the info...
i'm cheking out the scripts from www.hotscripts.com so i'll get back to you if i find anything usefull... |
|
Back to top |
|
 |
|