FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


Secure website with password?





erikwinterstam
Hello everyone,
I would need to know how to secure my website with a password. I would also like to create specific passwords for each user (100+)

Any ideas/tips would be appreciated!


Erik Very Happy
Rhysige
Google up a user management system, basically if you want to do it yourself you need a database with a user table in it, a username and a password which is encrypted using md encryption, your password field and username login section would be a form and upon successful execution will create sessions.
dandelion
You can use one of those ready scripts, e.g. from the SourceForge.net or HotScripts.com.
If you prefer to develop your own script from scratch, I would like to suggest the PEAR::Auth package.
BearClaw
Programming this would not be too hard. It would just take some time and a fair amount of php knowledge. Some kind of database would be required, even if its just a formatted text file like I used to use when MySql databases were available on some free hosts.

explode(); used to be my buddy back in the day when I just used text files as databases.

It all depends on your amount of knowledge. I'd reccomend going with some prewritten code if you are not comfortable coding.
xt3rminalx
have you though about using apaches .htaccess ?
I mean, Im not 100% sue how secure that would be but its worth a shot =]
Or with user authentications, you should have something like:
Code:

<form action="<? $PHP_SELF ?>" method="post">
  <p>Username:</p><br>
    <input name="name" type="text"><br>
  <p>Password:</p><br>
    <input name="password" type="password"><br>
    <input type="submit" name="submit">
</form>

<?php
require("funtions.inc");
include "your_db_connect_file.inc";

  if(isset($_POST['submit'])) {
    $passwd = $_POST['password'];
    if(empty($passwd)) die("Need a password there ;-) ");
    $user = $_POST['username'];
    if(empty($user)) die("Need a username there ;-) ");
    $password = md5($passwd);
    $query = "insert into $db_table values(null, ";
    $query .= "$user, ";
    $query .= "password('$password') )";

    if(!db_connect($db)) die(sql_error());
    if(!db_query($query)) die(sql_error());
    if(!db_close($db)) die(sql_error()); }

  else
     die(php_error);
?>


Of coarse you can always add something like session handling and what not.
Marston
Mod a phpBB installation and make a members area... You'd kill two birds with one stone (a discussion forum, and a members area).
xt3rminalx
what filess would be moded?
phpBBs code confuses me or I just dont know the "=>" notation yet...
how would I go about doing that? Specifically, contribute the code to if you may =[
samr_vene
search hotscripts i think user authentication is the proper named used. A simple one can do it, but if you want one that can ban ips and tells you which ip looged on and other functions you might want to get something more complex.
xt3rminalx
how exactly would that improove security? Well I suppose Just having some random malicous user come on and register then is in a session in which when they register, thier IP is logged and when they leave it's reset or something.lol
Could you simply just take like:
Code:

<?php
  $userip = $_SERVER['REMOTE_ADDR'];
  $sessionip = $userip;
  if($userip == $sessionip ) die(ban_function ());

 /* making sure that when the user logs on, thier ip is logged and when they */
 /* log off, its still the same... if not, then do whatever */
?>
Marston
First, install phpBB (There's a tutorial somewhere on these boards). Then, once you've installed phpBB (preferably NOT in the root folder, so name the folder like, 'boards', or 'forums' or something). Next, you just create a page like the one below in your root folder (index.php):
Code:
<?
define('IN_PHPBB', true);
$phpbb_root_path = './changethis/';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);
//
// Start session management
//
$userdata = session_pagestart($user_ip, PAGE_INDEX);
init_userprefs($userdata);
//
// End session management
//
// standard page header
include($phpbb_root_path . 'includes/page_header2.'.$phpEx);

$template->set_filenames(array(
        'body' => 'tpl/home.tpl')
);

$template->pparse('body');

// standard page footer
include($phpbb_root_path . 'includes/page_tail2.'.$phpEx);
?>
I copied the page_tail.php and page_header.php and renamed them, then put in my own header and footer html. Et voila!

If you don't understand what I've posted above, just PM me and I'll help you out.
xt3rminalx
ahhh, that looks good ^_^
I think ill use that for session handling on my part... At least I think it
would beable to work like that..
Related topics
How To : Secure Your PHP Website
MySQL problrem?
looking for password gate script
File Upload from webpage failing
How can I create a User account and password for my website?
No website is secure from this man
hashing your passwords
installation: Drupal, Joomla, PHP-BB, SMF, e107, and more
Paypal Hacked!
Problems with Vista... again!
Hacking
Relatively Secure Session Management System for PHP
FRIH$ 250 for answers - secure administr of dynamic website
Bad Passwords
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.