I just found out that my hosting server doesn't support ASP. However, it does support PHP. I already took advantage of it for my flash contact form. However, I'm a beginner in PHP and was wondering if it is possible to set up a password protection from scratch or if I need to buy one of those programs. Is there any other language for secure password protection (I know it's not JavaScript)?

Originally posted by Illufox
I just found out that my hosting server doesn't support ASP. However, it does support PHP.Ahh... A real man's server side language...

Anyway, yes, you can create a simple PHP login script. I made one here. It's not perfect -- it should use something other than MD5 to encrypt the passwords (maybe Mcrypt (http://us2.php.net/manual/en/ref.mcrypt.php))... http://forums.webdeveloper.com/showthread.php?s=&threadid=9950#post51430

Originally posted by pyro
Ahh... A real man's server side language...

Three words for you, pyro: LOL!
Anyways, I've got a small question about that. Would the script (in the link you provided) log the user out after a certain amount of time? And if so, how long would it be before they're logged out.
Ya see, I'm creating a login PHP script myself (probably won't use your code, but.. ;) ), and I don't necessarily want to use sessions--so I was thinking about cookies and just expiring them every thirty days or so...

[Jona]

With mine, they are logged out when they close their browser. If you use a cookie, I would let users know that they won't be logged out for 30 days -- that is a long time to be logged in somewhere, unless you check a "keep me logged in" box, or something...

Oh yes, I see. OK, thanks. :)

[Jona]

Thanks Pyro, I will try this out.

You're welcome. :)

Ok, it seems similar to ASP in that there are several pages that work together.

I created all the pages as you described but I don't understand the following paragraph:

"And, lastly, make a file named encrypter.php and use it to make your username and password, which you will insert in passwordreader.php... Once you have made the encrypted usernames/passwords, you can remove from your server. "

What code does the encrypter.php consist of? There's no code sample in your description. However right after this paragraph is the code for the makepass.php. Is this the same as the encrypter.php? Why are there two forms? What are the steps to encrypt the passwords?
Sorry, I'm confused here....:confused:

I'm new to PHP but I usually learn pretty quick, so bear with me....

Ah yes. Sorry. I just edited the other post to make them both read makepass.php. The files were one and the same. If you want, you can use this instead: http://www.infinitypages.com/scripts/encrypter.php

What it does is makes a MD5 version of whatever you type in. This way, if someone is able to get the PHP file, they still won't be able to get your password.

Anyway, you are going to need the values that makepass.php (or, if you follow my link, encrypter.php) gives you in passwordreader.php here:

# Change the below lines to the results that makepass.php gave you
#
$user = 'yourencryptedusername';
$pass = 'yourencryptedpassword';
#
# Change the above lines to the results that makepass.php gave you

Ok, makepass.php and encrypter.php are one and the same file. Good, so I'm all set. However I'm still confused on the part of creating the passwords.

Let me know if I'm wrong:

1. I decide what the user names and passwords are going to be for each client.
2. I enter the login information for each client into the makepass.php form.
3. I will get the encrypted versions of the login information for each client.
4. I will then insert this information into the passwordreader.php file.
5. I send the login information to the client.
6. The client enters his login information (which will be recognized by the passwordreader.php file) into the other form. The login information and the encryptions are connected.

Do I have to remove the encrypter form or can I leave it on the server? I may need to create new passwords as new clients will sign up.

:confused:

Ok, if you are going to need more than one username/password, you are going to need to use an array of usernames/passwords. This code is untested, but barring any syntactical errors, should be what you need:

<?PHP
$x = 0;
$user = array("user1inmd5encryptedformat","user2inmd5encryptedformat","user3inmd5encryptedformat"); //array of usernames
$pass = array("password1inmd5encryptedformat","password2inmd5encryptedformat","password3inmd5encryptedformat"); //array of passwords
for ($i=0; $i < count($user); $i++) {
if ($x == 0) {
if (md5($_POST['username']) == $user[$i]) {
if (md5($_POST['password']) == $pass[$i]) {
setcookie ("verified", true);
header ("Location:http://www.yoursite.com/dir/page.htm");
}
else {
echo "Incorrect password";
}
$x = 1;
}
}
}
if ($x == 0) {
echo "Incorrect username";
}
?>

That would replace this code from passwordreader.php:

if(md5($_POST['username']) == $user && md5($_POST['password']) == $pass)
{
setcookie ("verified", true);
header ("Location:http://www.yoursite.com/dir/page.htm");
}
else
{
echo ("Incorrect Password");
}

Also, you can leave the file to encrypt the passwords on your server, if you wish.

Oh I see, the original code is only for one single password. I guess I have to convince my client to use the same password for all his clients.

If he doesn't like it I will have to use the code for multiple passwords.

Thanks so much for your help.

Just a suggestion, if you have a great deal of users you may want to look into use a MySQL (www.mysql.com) database.

[Jona]

I hope that I don't have to go there....I'm only a designer, not a programmer, so I don't want to spend too much time programming while I should spend time designing.

I don't have any problems tweaking code but writing from scratch? Oh boy....

I have one more question:

I want the protected site to open up on top of the unprotected site. I tried to use

header ("Location:client2.php" "target=_blank");

It didn't seem to like this. The following didn't work either:

header ("Location:client2.php target=_blank");

Is it possible at all to use a target in this script part?