FRIHOSTFORUMSFAQTOSBLOGSDIRECTORY
You are invited to Log in or Register a Frihost Account!

Login?

   Frihost Forum Index -> Scripting -> Php and MySQL
 


jabapyth
How do you make a secure Login using PHP? Confused
DanielXP
The below script is a simple miltiuser login

Quote:
Code:
<?php

if (isset($_COOKIE['loguser'])) {
$givenusername = $_COOKIE['loguser'];
} else {
$givenusername = $_POST['txtUsername'];
}

if (isset($_COOKIE['logpass'])) {
$givenpassword = $_COOKIE['logpass'];
} else {
$givenpassword = $_POST['txtPassword'];
}
switch ($givenusername){
case "user1":
$password = "pass1";
break;
case "user2":
$password = "pass2";
break;
case "admin":
$password = "adminpass";
break;
default:
$password = "no";
$givenpassword = "yes";
break;
}

if ($givenpassword != $password) {

?>

<h1><font face="Arial">Please Login</font></h1>

<form name="form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<p><label for="txtUsername">Username:</label>
<br />
<input type="text" title="Enter your Username" name="txtUsername" size="20" /></p>

<p><label for="txtpassword">Password:</label>
<br />
<input type="password" title="Enter your password" name="txtPassword" size="20" /></p>

<p><input type="submit" name="Submit" value="Login" /></p>

</form>
<?php

}
else {

setcookie ("loguser", $givenusername);
setcookie ("logpass", $givenpassword);

?>

ENTER PROTECTED CONTENT HERE

<?php

}

?>



mathiaus wrote:
Please quote copied code and credit source
http://www.collingwood2000.karoo.net/tutorials/php/multiuser/index.php
JayBee
But all time you request a page from server, you send your password in cleartext Sad
its not good idea and you can use http 401 unauthorized insted

Code:

<?php
$givenpassword = $PHP_AUTH_PW;

switch ($PHP_AUTH_USER){
  case "user1":
    $password = "pass1";
    break;
  case "user2":
    $password = "pass2";
    break;
  case "admin":
    $password = "adminpass";
    break;
  default:
    $password = "no";
    $givenpassword = "yes";
}

if ($givenpassword != $password) {
  Header("WWW-Authenticate: Basic realm=\"My Realm\"");
  Header("HTTP/1.0 401 Unauthorized"); ?>
<h1>Please Login with correct username and password</h1>
<?
  exit;
} else {
?>

ENTER PROTECTED CONTENT HERE

<? } ?>


It is secure as the solution before
but it don't mean that I recommend this solution Laughing
Rhysige
Personally you guys seem to be making things complex... anyway in referance to This piece of code
Code:
<form name="form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">

Why not simply have
Code:
<form method="post">

Shorter and does the same thing.. you only need to use action="x.php" if you are sending the data to another page or you need it to load up a variable page such as members.php?page=somepage
Jamatu
Quote:
Shorter and does the same thing.. you only need to use action="x.php" if you are sending the data to another page or you need it to load up a variable page such as members.php?page=somepage

You also need to use 'action=' if you want to make your pages html/xhtml compliant according to the W3C specifications.
Rhysige
Yeah well.. you have to be painstackingly precise if you wanna make things fully WC3 XHTML compliant...
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2007 Frihost, forums powered by phpBB.