FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


.htaccess question





welshsteve
Hi everyone. I use .htaccess to protect a directory on my website. Is there a way of having a "LOGOUT" button on pages within the protected directory that when pressed will clear the authenticated session within the browser and re-direct back to the main home page?

If anyone has an example file they can post here I'd appreciate it.
kv
if you are using HTTP authentication (.htaccess), then there is no way you can invalidate it in the same browser session. The only way is to close the browser.

Alternatively, you can write your own authentication mechanism -- either using a similar file like .htaccess or using database.
Stubru Freak
Yes, there is a way:

http://be.php.net/manual/en/features.http-auth.php :
Both Netscape Navigator and Internet Explorer will clear the local browser window's authentication cache for the realm upon receiving a server response of 401. This can effectively "log out" a user, forcing them to re-enter their username and password. Some people use this to "time out" logins, or provide a "log-out" button.

You could redirect the 401 page using Javascript, or provide a "Continue" button.
welshsteve
Thanks, I'll take a look.
kv
Stubru Freak wrote:
Yes, there is a way:

http://be.php.net/manual/en/features.http-auth.php :

You could redirect the 401 page using Javascript, or provide a "Continue" button.


But this is so browser dependent, and is not a standard. I would not use such a thing for authentication for my site.
welshsteve
Ideally I'd like a database solution, but every example I have found on the net actually doesn't work. I found one I thought was working, but when I tested it it didn't work. It had a "session.php" include file which added to the top of every page. This file was supposed to check if a db connection was active. But I attempted to get to a protected page by typing the URL in the address bar and it took me there, despite me not being logged in.

I am actually quite surprised that no software exists with a simple wizard for creating a protected site. I like to learn how to do these things, but when time is not on my hands I like to get a ready made example and learn from that. Plus but not everyone wants to learn it.
rvec
it's not that hard to make something. Just make a session with the username in it and maybe a number for the permissions the user has. Then including it in all files should be enough. I'll try to make something later today.
welshsteve
rvec wrote:
it's not that hard to make something. Just make a session with the username in it and maybe a number for the permissions the user has. Then including it in all files should be enough. I'll try to make something later today.


Thanks. That would be much appreciated
rvec
ok I made something. It's probably not the best way to do this but it works. I added some comments so I hope you get it. The only problem is you need to add users manually in the database. I did make every pass md5 so that makes it a bit more difficult to add users.

To add a new user you have to make a new row in the table make the username the nick, the pass the md5 hash of the pass and the access the access level (if you want to use that).

To get an md5 hash of a pass make a new php file with this code in it:
Code:
<?php
$pass= "The password";
echo md5($pass);
?>

It will echo the md5 hash which you have to add to the database.

If you don't want to put a md5 hash in the database but just the normall pass remove this line:
Code:
$pass = md5($pass);



This is the page I called login.php:
Code:
<?php
session_start();
/*
The table for the users has to be one row per user with the columns "nick", "pass" and possibly "access". If you don't want to use access don't forget to uncomment that on line 40
*/
$main_page= "login.php"; //The page where a user should be send to after logging out. This can be a full url (http://www.frihost.com/forums) or a relative path (../forums).

function login(&$nick, $user, $pass, &$access) {
$db_user = "username"; //username to connect to the database
$db_pass = "password"; //password to connect to the database
$database = "database"; //name of the database to connect to
$table = "users"; //table for the user records

$login = <<<LOGINTEXT
<form id="login" method="post">
<fieldset id="login">
<label for="user">Username</label>
<input id="user" name="user" type="text" /><br />
<label for="pass">password</label>
<input id="pass" name="pass" type="password" /><br />
</fieldset>

<fieldset id="submit">
<legend>Submit</legend>
<input id="Submit" type="Submit" Value="Submit" />
</fieldset>
</form>
LOGINTEXT;
// you can edit the login form here but you can also use css to edit it on the pae where you output it

   if (!isset($nick)) {         
      if (isset($user) && isset($pass)) {
         $pass = md5($pass);
         mysql_connect("localhost", $db_user, $db_pass) or die(mysql_error());
         mysql_select_db($database) or die(mysql_error());
         $result = mysql_query("SELECT * FROM {$table} WHERE nick='{$user}'");
         $row = mysql_fetch_array( $result );
         if ($row[pass] == $pass) {
            $nick = $row[nick];
            $access = $row[access]; //uncomment this line if you don't want diferent types of access
            return "<div class=\"back\"><p>Welcome back {$nick}.</p></div>";//same as with the form, you can edit this here or with css
         } else {      
            return "<div class=\"wrong\">Wrong user and/or password.</div>{$login}";//edit here or in css again
         }
      } else {
         return $login;
      }
   }
}

if ($_GET[l] == 1) {
session_destroy();
header("location:{$main_page}");
}


You should include that file before any output is send to the browser. In each file you want to include it you should add something like this:
Code:

include("login.php");
if (!isset($_SESSION[nick])) {
   echo login ($_SESSION[nick], $_POST[user], $_POST[pass], $_SESSION[access]);
}
if (isset($_SESSION[nick])) {
        echo "<div id=\"logout\"><a href=\"login.php?l=1\">logout</a></div>";
?>

your page

<?php
}
?>


If you want to see it working before trying it yourself, I still have it on http://www.bierkip.nl/test/login.php

user:test
pass: test
Stubru Freak
kv wrote:
Stubru Freak wrote:
Yes, there is a way:

http://be.php.net/manual/en/features.http-auth.php :

You could redirect the 401 page using Javascript, or provide a "Continue" button.


But this is so browser dependent, and is not a standard. I would not use such a thing for authentication for my site.


It works in most browsers, and if it doesn't work you can still give them a message to restart their browser.
welshsteve
rvec wrote:
ok I made something. It's probably not the best way to do this but it works. I added some comments so I hope you get it. The only problem is you need to add users manually in the database. I did make every pass md5 so that makes it a bit more difficult to add users.

To add a new user you have to make a new row in the table make the username the nick, the pass the md5 hash of the pass and the access the access level (if you want to use that).

To get an md5 hash of a pass make a new php file with this code in it:
Code:
<?php
$pass= "The password";
echo md5($pass);
?>

It will echo the md5 hash which you have to add to the database.

If you don't want to put a md5 hash in the database but just the normall pass remove this line:
Code:
$pass = md5($pass);



This is the page I called login.php:
Code:
<?php
session_start();
/*
The table for the users has to be one row per user with the columns "nick", "pass" and possibly "access". If you don't want to use access don't forget to uncomment that on line 40
*/
$main_page= "login.php"; //The page where a user should be send to after logging out. This can be a full url (http://www.frihost.com/forums) or a relative path (../forums).

function login(&$nick, $user, $pass, &$access) {
$db_user = "username"; //username to connect to the database
$db_pass = "password"; //password to connect to the database
$database = "database"; //name of the database to connect to
$table = "users"; //table for the user records

$login = <<<LOGINTEXT
<form id="login" method="post">
<fieldset id="login">
<label for="user">Username</label>
<input id="user" name="user" type="text" /><br />
<label for="pass">password</label>
<input id="pass" name="pass" type="password" /><br />
</fieldset>

<fieldset id="submit">
<legend>Submit</legend>
<input id="Submit" type="Submit" Value="Submit" />
</fieldset>
</form>
LOGINTEXT;
// you can edit the login form here but you can also use css to edit it on the pae where you output it

   if (!isset($nick)) {         
      if (isset($user) && isset($pass)) {
         $pass = md5($pass);
         mysql_connect("localhost", $db_user, $db_pass) or die(mysql_error());
         mysql_select_db($database) or die(mysql_error());
         $result = mysql_query("SELECT * FROM {$table} WHERE nick='{$user}'");
         $row = mysql_fetch_array( $result );
         if ($row[pass] == $pass) {
            $nick = $row[nick];
            $access = $row[access]; //uncomment this line if you don't want diferent types of access
            return "<div class=\"back\"><p>Welcome back {$nick}.</p></div>";//same as with the form, you can edit this here or with css
         } else {      
            return "<div class=\"wrong\">Wrong user and/or password.</div>{$login}";//edit here or in css again
         }
      } else {
         return $login;
      }
   }
}

if ($_GET[l] == 1) {
session_destroy();
header("location:{$main_page}");
}


You should include that file before any output is send to the browser. In each file you want to include it you should add something like this:
Code:

include("login.php");
if (!isset($_SESSION[nick])) {
   echo login ($_SESSION[nick], $_POST[user], $_POST[pass], $_SESSION[access]);
}
if (isset($_SESSION[nick])) {
        echo "<div id=\"logout\"><a href=\"login.php?l=1\">logout</a></div>";
?>

your page

<?php
}
?>


If you want to see it working before trying it yourself, I still have it on http://www.bierkip.nl/test/login.php

user:test
pass: test


Thank you very much for this. I will give it a go.
Related topics
htaccess question...
Htaccess Question
Htaccess question: hiding cpanel subdomains
A Question For .htaccess
.htaccess .htpasswd
question about .htaccess mod_python with publisher mod
.htaccess chez frihost : obligation de crypter le pass ?
PHP + .htaccess
Question about .htaccess' mod_rewrite
rewrite rule htaccess
Uploading site, public_html folder and server question
PHP and .htaccess
I Have a question . Is it the server support Chinese?
htaccess Password Protection
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.