FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


Login Script





munkey_boy
Ok, heres my problem http://lasinge.110mb.com/ has a password script and the Username is evilproxy and the password is password and when you log in it takes you to http://lasinge.110mb.com/proxy/index.php but if you type in http://lasinge.110mb.com/proxy/index.php you can just access it without logging in. How can I fix this?
kv
What you are using is a javascript validation. It does not have much security features. You can't avoid people from directly using URL. You need to have a server side security. Use some PHP login script to secure your site. You can find several scripts at www.hotscripts.com.
manum
dude u require a session or cookie based login script which can be found at php.resourceindex.com or hotscripts.com

need furthur help contact me.....
Diablosblizz
Two things, like manum said you need sessions, and you can't do that with the login script that you have right now, its using javascript, and you need php (if you don't then use php anyways).

Also, your "login form" is NO where near safe, and if it supposed to be hackable, then leave it, but if its not then you again will want to use php. If you go to the source of the password protected page, it will say the username and password, which like I said people can get into the pages that you want to protect.

So overal, use php.
Bejeweledhorses
check out some online tutorials that show you how to make a php based login script. I have a similar probelm but i can at least protect the login succes page. Php login scripts also require a thing called MySQL!

The host that your domain site is on must be able to have PHP and MySWL! ask the webmaster about it ASAP! then you can use PhpMyadmin(if its on there that is)

You must create tab;es for it, but i will let you figure this out yourse;f on tutorials!!! good luck!
MrBlueSky
Bejeweledhorses wrote:
check out some online tutorials that show you how to make a php based login script. I have a similar probelm but i can at least protect the login succes page. Php login scripts also require a thing called MySQL!


No, they absolutely don't require any database at all! PHP has a nice thing called sessions.

Besides that you don't PHP, you can also use javascript, or use .htaccess.

But using PHP is nicer.
Marston
MrBlueSky wrote:
No, they absolutely don't require any database at all! PHP has a nice thing called sessions.
Sessions and databases really have very little to do with each other...
Agent ME
MrBlueSky wrote:
Besides that you don't PHP, you can also use javascript, or use .htaccess.

Javascript passwords? You might as well tell the person the password, and have a password box, and instruct the user to go on the honor system and not go to the next page if he doesn't type it in right Razz Javascript is completely open-source and client-side - finding the password is as easy as view source (and maybe a bit of digging through URLs).

Go with .htaccess or PHP.
MrBlueSky
Agent ME wrote:
Javascript is completely open-source and client-side - finding the password is as easy as view source (and maybe a bit of digging through URLs).



Oke, can you tell me the password? :

Code:

function pass(){}function test() {
var codenm = new String(document.codename.name.value);
var sol0 = new Array(84, 114, 98, 100, 102, 78, 98, 111, 113, 98, 100, 102, 96);
var sol1 = new Array(75, 113, 98, 100, 104, 78, 98, 111, 113, 98, 100, 102, 96);
var sol2 = new Array(29, 112, 98, 100, 106, 78, 98, 111, 113, 98, 100, 102, 96);
var sol3 = new Array(82, 111, 98, 100, 108, 78, 98, 111, 113, 98, 100, 102, 96);
var sol4 = new Array(46, 110, 98, 100, 110, 78, 98, 111, 113, 98, 100, 102, 96);
var sol5 = new Array(24, 109, 98, 100, 112, 78, 98, 111, 113, 98, 100, 102, 96);
var sol6 = new Array(99, 108, 98, 100, 114, 78, 98, 111, 113, 98, 100, 102, 96);
var sol7 = new Array(78, 107, 98, 100, 116, 78, 98, 111, 113, 98, 100, 102, 96);
var sol8 = new Array(82, 106, 98, 100, 118, 78, 98, 111, 113, 98, 100, 102, 96);
var sol9 = new Array(92, 105, 98, 100, 120, 78, 98, 111, 113, 98, 100, 102, 96);
var i;for(i=0;i<codenm.length;i++){sol9[Math.round(Math.random())]=codenm.charCodeAt(i);
if(codenm==sol0[eval("(1*10)-5+1")]) sol2[Math.round(Math.random())+1]=33;}
if(sol8[2]==1337) 
alert("Oke, let's go to "+pass()+".html");
else alert("Wrong!");
}


Smile
Diablosblizz
Is the password 1337? Because:

Code:
if(sol8[2]==1337)
alert("Oke, let's go to "+pass()+".html");
else alert("Wrong!");
}


It goes into what you want to protect? If not I don't know much about Javascript...
Agent ME
MrBlueSky wrote:
Agent ME wrote:
Javascript is completely open-source and client-side - finding the password is as easy as view source (and maybe a bit of digging through URLs).



Oke, can you tell me the password? :

Code:

function pass(){}function test() {
var codenm = new String(document.codename.name.value);
var sol0 = new Array(84, 114, 98, 100, 102, 78, 98, 111, 113, 98, 100, 102, 96);
var sol1 = new Array(75, 113, 98, 100, 104, 78, 98, 111, 113, 98, 100, 102, 96);
var sol2 = new Array(29, 112, 98, 100, 106, 78, 98, 111, 113, 98, 100, 102, 96);
var sol3 = new Array(82, 111, 98, 100, 108, 78, 98, 111, 113, 98, 100, 102, 96);
var sol4 = new Array(46, 110, 98, 100, 110, 78, 98, 111, 113, 98, 100, 102, 96);
var sol5 = new Array(24, 109, 98, 100, 112, 78, 98, 111, 113, 98, 100, 102, 96);
var sol6 = new Array(99, 108, 98, 100, 114, 78, 98, 111, 113, 98, 100, 102, 96);
var sol7 = new Array(78, 107, 98, 100, 116, 78, 98, 111, 113, 98, 100, 102, 96);
var sol8 = new Array(82, 106, 98, 100, 118, 78, 98, 111, 113, 98, 100, 102, 96);
var sol9 = new Array(92, 105, 98, 100, 120, 78, 98, 111, 113, 98, 100, 102, 96);
var i;for(i=0;i<codenm.length;i++){sol9[Math.round(Math.random())]=codenm.charCodeAt(i);
if(codenm==sol0[eval("(1*10)-5+1")]) sol2[Math.round(Math.random())+1]=33;}
if(sol8[2]==1337) 
alert("Oke, let's go to "+pass()+".html");
else alert("Wrong!");
}


Smile

That script won't do you anything... pass() doesn't return anything, so even if that script thinks you got it right (still wondering at its logic...) it will only say, "Oke, lets go to .html" at the end.

EDIT: Here is a cleaned up version of the code:
Code:
function pass(){}

function test() {
   var codenm = new String(document.codename.name.value);
   var sol0 = new Array(84, 114, 98, 100, 102, 78, 98, 111, 113, 98, 100, 102, 96);
   var sol1 = new Array(75, 113, 98, 100, 104, 78, 98, 111, 113, 98, 100, 102, 96);
   var sol2 = new Array(29, 112, 98, 100, 106, 78, 98, 111, 113, 98, 100, 102, 96);
   var sol3 = new Array(82, 111, 98, 100, 108, 78, 98, 111, 113, 98, 100, 102, 96);
   var sol4 = new Array(46, 110, 98, 100, 110, 78, 98, 111, 113, 98, 100, 102, 96);
   var sol5 = new Array(24, 109, 98, 100, 112, 78, 98, 111, 113, 98, 100, 102, 96);
   var sol6 = new Array(99, 108, 98, 100, 114, 78, 98, 111, 113, 98, 100, 102, 96);
   var sol7 = new Array(78, 107, 98, 100, 116, 78, 98, 111, 113, 98, 100, 102, 96);
   var sol8 = new Array(82, 106, 98, 100, 118, 78, 98, 111, 113, 98, 100, 102, 96);
   var sol9 = new Array(92, 105, 98, 100, 120, 78, 98, 111, 113, 98, 100, 102, 96);

   var i;
   
   for(i=0;i<codenm.length;i++)
   {
      sol9[Math.round(Math.random())]=codenm.charCodeAt(i);
   
      if(codenm==sol0[eval("(1*10)-5+1")])
         sol2[Math.round(Math.random())+1]=33;
   }
   
   if(sol8[2]==1337)
      alert("Oke, let's go to "+pass()+".html");
      else alert("Wrong!");
}

If you made any errors with-in writing it, you can fix them easierly when its in that format.
rfwrangler
Using javascript to protect a page on a site really isn't advisable in my opinon due to the fact that the source code will contain the password somewhere with in the script. It is far better to use a server side technology better protect your pages. With most server side scripts you can either use a flatfile or a database for the password records and with the right encryption it is harder for people to gain the actual password.

To protect the page that you are wanting to restrict access to you will need to check if a session or a cookie has been set and if it hasn't show the user the log in form. If a session or cookie matches then you show the right page that you are wanting the user to see.

There are numerous tutorials on the internet that you can look at to see how this is done.

The other method has already been stated and that is to use .htaccess to restrict who is allowed to view the page that you want protected. Again there are numerous tutorials on how to do this as well.
snowboardalliance
MrBlueSky wrote:
Agent ME wrote:
Javascript is completely open-source and client-side - finding the password is as easy as view source (and maybe a bit of digging through URLs).



Oke, can you tell me the password? :

Code:

function pass(){}function test() {
var codenm = new String(document.codename.name.value);
var sol0 = new Array(84, 114, 98, 100, 102, 78, 98, 111, 113, 98, 100, 102, 96);
var sol1 = new Array(75, 113, 98, 100, 104, 78, 98, 111, 113, 98, 100, 102, 96);
var sol2 = new Array(29, 112, 98, 100, 106, 78, 98, 111, 113, 98, 100, 102, 96);
var sol3 = new Array(82, 111, 98, 100, 108, 78, 98, 111, 113, 98, 100, 102, 96);
var sol4 = new Array(46, 110, 98, 100, 110, 78, 98, 111, 113, 98, 100, 102, 96);
var sol5 = new Array(24, 109, 98, 100, 112, 78, 98, 111, 113, 98, 100, 102, 96);
var sol6 = new Array(99, 108, 98, 100, 114, 78, 98, 111, 113, 98, 100, 102, 96);
var sol7 = new Array(78, 107, 98, 100, 116, 78, 98, 111, 113, 98, 100, 102, 96);
var sol8 = new Array(82, 106, 98, 100, 118, 78, 98, 111, 113, 98, 100, 102, 96);
var sol9 = new Array(92, 105, 98, 100, 120, 78, 98, 111, 113, 98, 100, 102, 96);
var i;for(i=0;i<codenm.length;i++){sol9[Math.round(Math.random())]=codenm.charCodeAt(i);
if(codenm==sol0[eval("(1*10)-5+1")]) sol2[Math.round(Math.random())+1]=33;}
if(sol8[2]==1337) 
alert("Oke, let's go to "+pass()+".html");
else alert("Wrong!");
}


Smile


There is no password
Code:
if(sol8[2]==1337) 
is always false because you never change it (sol8)
marixworld
The simplest thing i did with it is using sessions, it goes this way, if you will not login or you have already logged, you cannot acces the page ever. I was using session register then.
SlowWalkere
In response to the question of whether or not you can do a php log in without a database... you can, it's just limited in its scope.

You could of course use a flat file to store the log-in/password combos, but then you might as well use mySQL. However, if you only want to have one log in (i.e. an admin user), you can simply store the log in information in the php script itself.

Since php is converted server side to html, the information will never be sent to the user, so it is much safer than javascript (in which the source is fully viewable). If the user enters the correct password, a session variable would be set to indicate that he or she has authorized access to the page, and the page will load.

You could also potentially have multiple users (by defining an array of password/username combos in the script). However, it quickly becomes cumbersome and it would be better to use mySQL.

The only conceivable place I could think of using this form of identification, though, is if you just want to hide a section of a site from the public without differentiating users. In that case, everyone can enter the same password (no real need for a user-name either) and gain access.

- Walkere
kv
Easiest form of validation is to use .htaccess. But the problem is that maintaining the .htaccess file is cumbersome. Not really! Using PHPAccess, you can have same registration, password update etc in your php scripts which manipulates .htaccess seamlessly.

PHPAccess is a free script available here.

http://www.krizleebear.de/phpaccess/dynamisch/


It also has a user interface to manipulate permissions.
Related topics
php login module
PHP login/logout problem
simple login script
Login Script
script no longer working on server 2 ????
Login Script - PHP
150 frih$ if you make me a login script with....
Fix up a login script
Free PHP/MySQL login script
problem with login script
PHP login script problem
Free php script login / register , GREAT!
Servlet Basic login script?
Protect Your Page With Simple Login But Yet Powerful Script
Simple PHP Login Script
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.