hello :)

big step for me from html to php so hey "here's looking at you kid"

ok

i have successfully implemented the follow code taken from this
super wonderful site

http://www.networkingprogramming.com/1024x768/phpsource.html

RE: password section

i created the following and ftp'ed them to the server

password.html
password.php
paassword.txt

the thing is that if ii type http://www.mysite.com/password.txt it does indeed get displayed in the browser >.<

ok, you need to know the direction of said file but is there a way to
secure this file? ie, so it DOES NOT display in the browser when the
URL is iinput into the browser


thanks


sophia

I assume that you have uploaded that to htdocs or similar? If so, it will be visible. What you need is to put it in a folder outside of htdocs and then add

ini_set("include_path", "address/to/folder");

to the php file.

this is soooooo hard you know >.<

ok, using this javascript....

<head>
<script language="JavaScript" lang="JavaScript">
function URLRedirection() {
UserNameWithExt = document.getElementById('username').value + '.html'
window.location.href = "../users/" + UserNameWithExt
}
</script>
</head>
<body>
<input type="text" id="username" size="20" />
<input type="password" id="password" size="20" />
<br><br>
<input type=submit name="enter" value="enter" onclick="URLRedirection();">
</body>

i can do the following...

user "rose" logs on and then gets redirected to ../users/rose.html
user "dave" logs on and then gets redirected to ../users/dave.html

i need to now, as i have learned :) implement this into this 'new' and 'funky' coding called "php" of which, i know nothing by the way, and loose the javascript ... which i am happy aboot because the above code relies on thee user having javascript enabled


the password section

ok, i have uploaded said files into the root dir of the server

i dont know what "htdocs" is >.<

also, the code that you added, in which part of the php file do i paste it?

yeah, i am at this standard

thanks


sophia

You uploaded into the root directory, and cannot go up the folder tree at all? If so, I would put it into a folder (called pss maybe) and then change fopen( "password.txt" to fopen( "foldername/password.txt".

declan, its too hard >.< i have given up :(

the javascript from the other forum thread works .... i just need to load the said javascript from an external file and that will be good enough for me

i have tried this...

<head>
<script type="text/javascript" language="javascript" src="login.js"></script>
</head>

and made a new file and pasted in this...


<script language="JavaScript" lang="JavaScript">
function URLRedirection() {
UserNameWithExt = document.getElementById('username').value + '.html'
window.location.href = "../users/" + UserNameWithExt
}
</script>

and saved it as login.js

it sits in the same directory as the html page from where the javasrcipt is being called on the server however, it doesnt work, it isnt loading into the page

what did i do wrong?


thanks


sophia

I think you need to leave out the <script> tags in the included file. BTW, unless people know what file the passwords are stored in, they will not be able to find it out easily unless you tell them.

YAY!!!!!!!!!!

said file is now this....

function URLRedirection() {
UserNameWithExt = document.getElementById('username').value + '.html'
window.location.href = "../users/" + UserNameWithExt
}

and it works :)


i think this is 100% secure because the only way to access the "private" html pages is by having the username

the user name is only given via email to the client so that they can access the relevant page

what do you think?

hey, thanks for your time declan :)

sophia

You do the whole log in in one php file.

try something like this


<?php
session_start();

$message = "Please Log in.";

if(!empty($_POST['username']) and !empty($_POST['password'])){
$username = $_POST['username'];
$password = $_POST['password'];

if(($username == "user1") and ($password == "pass1") or
($username == "user2") and ($password == "pass2") or
($username == "user3") and ($password == "pass3") or
($username == "user4") and ($password == "pass4") or
($username == "user5") and ($password == "pass5") or
($username == "user6") and ($password == "pass6") or
($username == "user7") and ($password == "pass7")){
$_SESSION['user'] = $username;
header("Location: /users/{$username}.php");
die;
}else{
$message = "Your username and or password are incorrect.";
}
}

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>

<title>Login</title>

</head>

<body>

<h1><?php echo($message); ?></h1>

<form action="<?php echo(basename(htmlentities($_SERVER['PHP_SELF']))); ?>" method="post" accept-charset="utf-8">

<p>Username:<input type="text" name="username" /></p>
<p>Password:<input type="password" name="password" /></p>
<p><input type="submit" value="Login &rarr;" /></p>

</form>

</body>
</html>


and on the top of each page that required the user to be logged in put this


<?php
session_start();
$page = basename(htmlentities($_SERVER['PHP_SELF']));
$page = explode(".", $page);
if(!empty($_SESSION['user']) or ($page['0'] != $_SESSION['user'])){
header("Location: /");
die;
}
?>
Page Content herre

wow!!!!!

ok i will try this and post the results


hey thanks for your effort sheldon, i am getting a bit dizzy in this new world of php and i don't really understand it that well :(

you have given me a fresh breath of enthusiasm to conquer it :D

thanks for that :)


sophia

ok, the log-in page displays fine :)

lol, when you view the page source the php is excluded from the code....nice :D ... so i am guessing that this is a feature of this super funky php thingy then ... wow, great idea :)

using...
username: user1
password: pass1

the code can't find the URL/address to load the users' page from the log-in

this is the folder structure:

login/users/user1.html *now changed to user1.php but still the same problem

login.php (first part of your code) sits in the root of the 'login' folder

user1.php (with your second part of code pasted into the top of it) sits in the sub-folder 'users'

as i don't really understand the code that you pasted, i cant really edit it

how does the log-in tie to the users' page?

that is to say that if i copy the same code (second bit) into each of the users "private" pages, how does the log-in know which html page to load?

i can't see any form of identifying one page from the other? :/

i have pasted a straight version of your code (first part) and i am using it as the log-in page unedited

Glancing through his code, I think that
header("Location: /users/{$username}.php");
should be
header("Location: /users/$username.php");
or
header("Location: /users/",$username,".php");

By the way, the reason that PHP code is not displayed in the source code it that it operates before the page is sent to your browser, unlike Javascript which operates in your browser. That's why you can turn off Javascript but not PHP.

hello agaiin declean :)

1)

header("Location: /users/$username.php");

gets the same results

2)

header("Location: /users/",$username,".php");

gets a blank page but without the "url not found" message so i am guessing that this one is working and the fault lies somewhere else??


ah, another thing, so you know, i am clearing the cache before each attempt

sophia

YYYYAAAAAAYYYYYYYYY!!!!!!!!!!!

DONE IT!!!!!!!!!!!! :) :) :)

gee wizz what a ride ... hehehehehe


main site;

site.com.index.html

login page;

site.com/login/login.php

users pages

site.com/users/user1.php | user2.php.................


login page


<?php

session_start();

$message = "Please Log in.";

if(!empty($_POST['username']) and !empty($_POST['password'])){

$username = $_POST['username'];

$password = $_POST['password'];

if(($username == "user1") and ($password == "pass1") or

($username == "user2") and ($password == "pass2") or

($username == "user3") and ($password == "pass3") or

($username == "user4") and ($password == "pass4") or

($username == "user5") and ($password == "pass5") or

($username == "user6") and ($password == "pass6") or

($username == "user7") and ($password == "pass7")){

$_SESSION['user'] = $username;

header("Location: /users/{$username}.php");

die;

}else{

$message = "Your username and or password are incorrect.";
}
}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"

"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>

<title>Login</title>

</head>
<body>

<h1><?php echo($message); ?></h1>

<form action="<?php echo(basename(htmlentities($_SERVER['PHP_SELF']))); ?>" method="post" accept-charset="utf-8">

<p>Username:<input type="text" name="username" /></p>

<p>Password:<input type="password" name="password" /></p>

<p><input type="submit" value="Login &rarr;" /></p>

</form>

</body>
</html>



change "user1" to "your clients name" ... "user2" "user3" etc

change "pass1" to "your clients password" ... "pass2" "pass3" etc


user page


<?php

session_start();

$page = basename(htmlentities($_SERVER['PHP_SELF']));

$page = explode(".", $page);

if(empty($_SESSION['user']) or ($page['0'] != $_SESSION['user'])){

header("Location: /");

die;

}

?>

the users html page content goes here


add this to each user page


and thats it ... its a wrap

multi-client log-in to personal "private" pages within your site


ehehehehehe


thanks to all


sophia :)