Hey guys i was wondering how i could make a website where you have to be a member to see certain pages, with a log in and everything?

It is fairly simple to make a script like that... What server-side languages does your server support? If it supports PHP with MySQL, I can provide a script for you....

I would be very grateful if you could, it supports MySql

That's a bandwagon I'd like to jump onto, also. (holds hand out)

TIA

Aronya1

(puts in hand) lol

login.php and login2.php are both the actual login pages. testpage.php is show you what to put on different pages to make sure that they logged in before accessing the page.

In login2.php, you will see these lines:

$users = Array("adam","bob");
$passwords = Array("test1","test2");

You can add more usernames and passwords there... I hope that helps you guys! Let me know if you have any questions. :)

Hi Adam,

I'm trying to test your script, but not having much luck:

Unzipped all 3 files to one directory.
Opened login.php in IE.
Clicking Submit displays the code of login2.php, regardless if username & password fields are used or not.

Am I doing something wrong?


Aronya1

what i did is add the source of test to a webpage then added login1.php and when you login it takes you to login2.php but the thing is it works with just any username and this is what it sais:
login successful!!"; break; } } } if(!$ran){ echo "Login information is incorrect."; } }else{ echo "Login information is incorrect."; } ?>

Ok... You should just unzip the files and put them all in the same directory. You shouldn't need to modify them at all for them to work. If you open login.php and type:

username: adam
password: test1

It should work. Is that what you did? If you still have problem, describe them as well as you can... Since I'm not getting them, it's hard to help, but I'll do my best. :) BTW, what server are you on?

Sorry, i feel stupid i wasnt even lading them to my server i was just trying them right out of the file, lol...but i have a problem i put in the username and password and it goes to a page saying it is incorrect...

heya is that an external script?(not shown when you do view>source)

also buhhda, my server doesnt support php atm. whats your sites addy so i can check this out? (won't get php support until next weds)

mys15.net/login.php

wewt nice. I can't even get at it with my...er...software I have that lets me view peoples...er...websites in more...detail.;)

Originally posted by Sux0rZh@jc0rz
also buhhda, my server doesnt support php atm. whats your sites addy so i can check this out? (won't get php support until next weds) If you decide to start learning asp.net I can give you the source codes to my login system, its fairly simple code really.

can i get em cause i cant get those others to work?

I don't need them. alrdy have them.(I don't use the stuff I hack. I just use it to learn)

You cant hack a server side source code because your computer never sees the code, you see the servers output, you never touch the actual files. I doubt you could hack webmatrix, my host, they have a lot of money invested in security.
Edit
You can hack into a site done with a server side language but I dont see any way you can get actual source codes, just to clear that up.

im not talking about your database stuff. but i did find this:

<form name="_ctl0" method="post" action="login.aspx" language="javascript" onsubmit="ValidatorOnSubmit();" id="_ctl0">
<input type="hidden" name="__VIEWSTATE" value="dDwtODMwNDcwMzIzOzs+xttw22iRIrO4Q7SxtQyV+NLDjkM=" />

<script language="javascript" src="/aspnet_client/system_web/1_1_4322/WebUIValidation.js"></script>


<table align="center" border="0" style="background-color:#000000;">
<tr>
<td>

<P></P><Font Face="Tahoma">Name:</Font><BR>
<input name="txtMemberName" type="text" maxlength="30" size="30" id="txtMemberName" style="background-color:#000000;width:100px;border:1px solid #003366;color: #4682b4" /><span id="rfvMemberName" controltovalidate="txtMemberName" errormessage="Member Name is Required!" display="Dynamic" evaluationfunction="RequiredFieldValidatorEvaluateIsValid" initialvalue="" style="color:Red;font-family:Tahoma;font-size:10pt;display:none;">Member Name is Required!</span><br>
<Font Face="Tahoma">Password:</Font><BR>
<input name="txtPassword" type="password" maxlength="30" size="30" id="txtPassword" style="background-color:#000000;width:100px;border: 1px solid #003366;color: #4682b4" /><br>
<span id="rfvPassword" controltovalidate="txtPassword" errormessage="Password is Required!" display="Dynamic" evaluationfunction="RequiredFieldValidatorEvaluateIsValid" initialvalue="" style="color:Red;font-family:Verdana;font-size:10pt;display:none;">Password is Required!</span><BR>
<input type="submit" name="butOK" value=" OK " onclick="if (typeof(Page_ClientValidate) == 'function') Page_ClientValidate(); " language="javascript" id="butOK" Type="Submit" style="border-color:#000D26;border-width:1px;border-style:solid;" /></td>
</tr>
</table>

<script language="javascript">
<!--
var Page_Validators = new Array(document.all["rfvMemberName"], document.all["rfvPassword"]);
// -->
</script>


<script language="javascript">
<!--
var Page_ValidationActive = false;
if (typeof(clientInformation) != "undefined" && clientInformation.appName.indexOf("Explorer") != -1) {
if ((typeof(Page_ValidationVer) != "undefined") && (Page_ValidationVer == "125"))
ValidatorOnLoad();
}

function ValidatorOnSubmit() {
if (Page_ValidationActive) {
ValidatorCommonOnSubmit();
}
}
// -->
</script>


</form>

That's the stuff I'm talking about. Is there more?

Originally posted by PeOfEo
You cant hack a server side source code...You certainly can. That is why one must be very careful about security when writing applications...

Well, you can hack into the server to get it but you cannot simply view my source to get it. There are no open doors. Especially on windows server 2k3, they have tons of added security that can detect harmful code and security risks. Like unless I purposly enable html code if someone trys to enter html into a text box boom server error stuff like that, it just cuts them off it wont let them add harmful data to a data base etc.

Originally posted by Sux0rZh@jc0rz
im not talking about your database stuff. but i did find this:

<form name="_ctl0" method="post" action="login.aspx" language="javascript" onsubmit="ValidatorOnSubmit();" id="_ctl0">
<input type="hidden" name="__VIEWSTATE" value="dDwtODMwNDcwMzIzOzs+xttw22iRIrO4Q7SxtQyV+NLDjkM=" />

<script language="javascript" src="/aspnet_client/system_web/1_1_4322/WebUIValidation.js"></script>


<table align="center" border="0" style="background-color:#000000;">
<tr>
<td>

<P></P><Font Face="Tahoma">Name:</Font><BR>
<input name="txtMemberName" type="text" maxlength="30" size="30" id="txtMemberName" style="background-color:#000000;width:100px;border:1px solid #003366;color: #4682b4" /><span id="rfvMemberName" controltovalidate="txtMemberName" errormessage="Member Name is Required!" display="Dynamic" evaluationfunction="RequiredFieldValidatorEvaluateIsValid" initialvalue="" style="color:Red;font-family:Tahoma;font-size:10pt;display:none;">Member Name is Required!</span><br>
<Font Face="Tahoma">Password:</Font><BR>
<input name="txtPassword" type="password" maxlength="30" size="30" id="txtPassword" style="background-color:#000000;width:100px;border: 1px solid #003366;color: #4682b4" /><br>
<span id="rfvPassword" controltovalidate="txtPassword" errormessage="Password is Required!" display="Dynamic" evaluationfunction="RequiredFieldValidatorEvaluateIsValid" initialvalue="" style="color:Red;font-family:Verdana;font-size:10pt;display:none;">Password is Required!</span><BR>
<input type="submit" name="butOK" value=" OK " onclick="if (typeof(Page_ClientValidate) == 'function') Page_ClientValidate(); " language="javascript" id="butOK" Type="Submit" style="border-color:#000D26;border-width:1px;border-style:solid;" /></td>
</tr>
</table>

<script language="javascript">
<!--
var Page_Validators = new Array(document.all["rfvMemberName"], document.all["rfvPassword"]);
// -->
</script>


<script language="javascript">
<!--
var Page_ValidationActive = false;
if (typeof(clientInformation) != "undefined" && clientInformation.appName.indexOf("Explorer") != -1) {
if ((typeof(Page_ValidationVer) != "undefined") && (Page_ValidationVer == "125"))
ValidatorOnLoad();
}

function ValidatorOnSubmit() {
if (Page_ValidationActive) {
ValidatorCommonOnSubmit();
}
}
// -->
</script>


</form>

That's the stuff I'm talking about. Is there more?

Thats not my source code. That is gneorated by the server, my actual source code is in vb, it is a server side language my code is executed by the server not by your machine so you dont see my real source code. Just the html output.

Originally posted by PeOfEo
Well, you can hack into the server to get it but you cannot simply view my source to get it. There are no open doors. Especially on windows server 2k3, they have tons of added security that can detect harmful code and security risks. Like unless I purposly enable html code if someone trys to enter html into a text box boom server error stuff like that, it just cuts them off it wont let them add harmful data to a data base etc.

See my signature? PopUpBlocker allows me to see your full script(external scripts and styles) with one button (the purpose of this is to check for hidden fields that contain destructive code)

Yea can i get some login source code that works or some help please????

Adam

Thanks a bunch. I was trying to make it work on my local machine at work; no go. Just uploaded to my server & works like a charm. Plus, bookmarking won't get you in the back door.

Thanks again.
Aronya1

Originally posted by Sux0rZh@jc0rz
im not talking about your database stuff. but i did find this...That is all client side code, which is viewable via View->Source

Originally posted by PeOfEo
There are no open doors.There are probably always going to be open doors (to some extent). Expecially if the hacker (or rather, cracker) can get an account on the same server as the site they are trying to access.

Originally posted by Sux0rZh@jc0rz
See my signature? PopUpBlocker allows me to see your full script(external scripts and styles) with one button (the purpose of this is to check for hidden fields that contain destructive code) You cannot see my server side code, how many times do I say this when you try to open access or view my page with an aspx format it sends a request to create the html, you are viewing the html output from the server not my .aspx source code.

Yes I see what your saying...but still I got more than people would normally get doing (View<Source) so technically we are both right=P

Originally posted by Aronya1
Adam

Thanks a bunch. I was trying to make it work on my local machine at work; no go. Just uploaded to my server & works like a charm. Plus, bookmarking won't get you in the back door.

Thanks again.
Aronya1

How did you get it to work i uploaded it to my server and it always sais login incorrect

what I'm about to say is stated as a theory that is way out of my league of knowledge.

If something can "compile" your code shouldn't there be a "decompiler"? seeing as how I know the exact version of compiler the site uses?

Originally posted by pyro
That is all client side code, which is viewable via View->Source

There are probably always going to be open doors (to some extent). Expecially if the hacker (or rather, cracker) can get an account on the same server as the site they are trying to access. Well, the doors arn't exactly open, but if they had a large battering ram they could get to it, but it would be easier to just hack my machine, send me a trojan through aim and access the files that are on my box then to hack the server. This thing has real time anti virus and it doesnt allow many files types and it scans it all. They are pretty serious. I am not saying its impossible it would just be pretty darned hard to do, and unrealistic.

Originally posted by Sux0rZh@jc0rz
what I'm about to say is stated as a theory that is way out of my league of knowledge.

If something can "compile" your code shouldn't there be a "decompiler"? seeing as how I know the exact version of compiler the site uses? no, the server is keeping track of all of the values, such as session logins, and tons of other variables, the server handles all the code not your machine, you cannot just hit view source ot get my code. If it were that easy dont you think that there would be a lot more internet fraud then there is now? People ripping off credit card numbers from data bases on ebay and such. You cannot see the path to my data base and my site logins and all my access numbers, so therefore we can assume that isnt my source code, if it were you would have complete access to all of that stuff making internet security impossible.

I found my problem, the source only works with IE i was using mozilla, so thanks alot Adam i appreciate it. Also is there any way i can make a member signup page that will automaticaly put there user names and passwords in?

a...large...battering....ram....

You mean like a usage tracker, not a trojan, that could be sent to your machine and record the password you put up for the ftp access to your site? thats more like a Wee Wittle Wockpick as apposed to a large battering ram.

With php? You just need some code that will access the data base and add the names to it... It shoudlnt be hard to do, if I knew php I could prolly whip something right up... but I chose the microsoft technology.

Originally posted by PeOfEo
if it were you would have complete access to all of that stuff making internet security impossible.

The words Internet and Security don't belong in the same sentence unless the words Nearly, Almost, ect are in said sentence.

Originally posted by Sux0rZh@jc0rz
a...large...battering....ram....

You mean like a usage tracker, not a trojan, that could be sent to your machine and record the password you put up for the ftp access to your site? thats more like a Wee Wittle Wockpick as apposed to a large battering ram. That would be hacking my computer not the server. You would need the battering ram to get around server security is what I mean, I said it would be easier to hack onto my comp using a trojan, and if you used a key logger or something that accessed my passwords it would be pretty much the same prinicpal

tru tru. got a point there.

Originally posted by PeOfEo
Well, the doors arn't exactly open, but if they had a large battering ram they could get to it, but it would be easier to just hack my machine, send me a trojan through aim and access the files that are on my box then to hack the server.A "large battering ram" wouldn't help one bit. The only way anyone has ever broken into any server with any security at all is with a "little mouse", not anything large. What they have to do is sneak in without getting noticed, so the server doesn't shut them down...

Sux0rZh@jc0rz, what makes you think you can see more than anyone else?? My computer is downloading everything that your computer is downloading...

Sux0rZh@jc0rz I am just trying to make one thing clear. The source code to a page done in a server side language is not available to the public, the public has no way of seeing it because their computer does not touch the code. The only way you are going to see it is if you were to either be server admin, have a backdoor to my comp, some weird security flaw you might find on the server, or I just give you the source code. I mean I dont see any other ways you could get it. You only see the html the server gives you, and that is created again each time you view my site, and it is guided my true source code which is accessing data bases, server variables, etc.

yano what? Ima moron. PopUpCop only allows me access to external scripts and I forgot aspx doesnt use external scripts.

Adam,

Can i make testpage.php go to a popup message instead of a different page?

Originally posted by Sux0rZh@jc0rz
yano what? Ima moron. PopUpCop only allows me access to external scripts and I forgot aspx doesnt use external scripts. You could also always just check your temporary internet files for all of the external files because that is still client side code.

Adam, we may be downloading the same things but I *THINK* I'm getting more info(well, access to it) because my *viewsource* shows unaltered external scripts along with whats on the page. so my viewsource shows me all things associated to a page done in html, or scripting languages that by normal ViewSource you cannot obtain. example is: www.racewarkingdoms.com Make a char, log in and view source. all you will see is links to frames. I get the frames data right along with the page that refurs to the frames.

Anything your "*viewsource*" gets, the rest of us can get easily enough without it...

Peofeo, thats true. thats what I do except its all wrapped up and formatted for easy viewing for me. not just the single frame that you open individually by going to your directory and looking at that.

Grats on 5K posts pyro

Originally posted by Sux0rZh@jc0rz
PopUpCop only allows me access to external scripts and I forgot aspx doesnt use external scripts. Actually, it wouldn't help you anyway. If you want me to prove it, I will create an external .php file and you can try to get the content. You will get one closed door after another... ;) You are trying to break server-side security with client-side software... Not gonna happen...

Can i make testpage.php go to a popup message instead of a different page?Nope. You have to send it somewhere. The best place would be to just send it back to the login page. If you don't send it anywhere, then the page will still be loaded into the browser...

Thanks... :) Perhaps I should go celebrate... :D

I know that adam. alrdy tried php and php is evil=P

Originally posted by Sux0rZh@jc0rz
php is evil*gasp* I'll pretend I didn't hear that...

There are tons of ways to get it, I just listed what I think is probably to most commonly used (by me atleast, I dont find myself trying to jack files very often except for learning purposes sometimes) Client side code and security do not go together, If I made my login system with java script getting into my site would be as simple as either viewing my cource for a url or maunally typing out a cooking (viewable in my source) into your computer. Thats the advantage of a server side langauge, its is secure, and functional.

Oh well all. I give up. you all win except peofeo cause i alrdy argued with him and it was a draw=P you have access to it just like I do but mine is just easy and "cleaner"

what adam said earlier about server hacking is true. you need to sneak in and for god's sake don't use your own personal computer or you'll get tracked in 4 secounds flat then prosecuted. Use your publicly funded/Libraries computer:D ;) :D

Originally posted by pyro
*gasp* I'll pretend I didn't hear that... Php isnt evil, its just oo much like java :) I have been taken a class in java and man I hate it so far. Probably because we wont be learning how to do applets or even using a gui (yep just dos prompt action.. wooh). Lol java is object based, yet we are not using any objects... except a class. I also find java annoying like just some of its differences from c++ which is what I am more used to, it is just annoying, it seems like a whole lot more work. Every little thing is case sencitive too, and I am forgetful and often dont capitalize things.

Ok, one more thing for you to try. Check out this site: http://www.code4ever.com/hide_source/try3/ It is client-side security. ;) At this time, there is only one known way of breaking it, which I think I could fix. If you want to give it a try, go ahead and try to get the source... If you think you got it, post it here so I know if you really did or not...

Is PHP easy to learn?

Adam i have asked this before but it prob got looked over in the midst of argueing but can i make a register page that automaticaly adds people to the username and password thing?

and/or use wireless and leech off someone elses wireless broadcaster so their IP gets blamed.

Originally posted by AdamBrill
Ok, one more thing for you to try. Check out this site: http://www.code4ever.com/hide_source/try3/ It is client-side security. ;) At this time, there is only one known way of breaking it, which I think I could fix. If you want to give it a try, go ahead and try to get the source... If you think you got it, post it here so I know if you really did or not... what if I just tried to view it on a browser that doesnt recognize java script? Or did it cover its tail there?

Adam, here is an idea, post the source code and I will try to find a hole from looking at it :D , Dont make me try to get it on my own, because I probably wont and it will be a big waste of my time lol. Freaking puzzles... I hate them.

adam, what if i make a webpage and link to direct.php and do save target as and then will i have the script?

No, you wont, you will be saving the server html output, whenever you request it you are requesting the html output. So basically you will be getting the same thing you got when you view my source, client side code.

hmm

is the hole accessable without any software? IE can i do it with win 98 utilities?

Hey Sux0rZh@jc0rz,

I have to say something about this. It's driving me nuts, man.

Fix your sig. That particular wise man apparently can't spell! :p

whats wrong with it?

*wonders if adam is watching his site to see me FTP lagging him out*

I give up man. whats the answer?

<script type="text/javascript">if (navigator.appName.indexOf("Microsoft") >= 0){document.location="code.php";}</script>

thats what the most i found out about direct.php

making a new webpage:

<html><div><body><noscript><center><b>Please enable javascript to view this page...</b></center></noscript><iframe src="http://www.code4ever.com/hide_source/try3/direct.php" style="display:none;"></iframe></body></div></html>

and removing style="display:none;"

rewards me with the spectacular:

Notta....;)

There's a difference between "to" and "too". And "two" for that matter.

I officially give up. the most i could find on direct.php hidden in all that bullsh*t was

<script type="text/javascript">if (navigator.appName.indexOf("Microsoft") >= 0){document.location="code.php";}</script>

Bravo, dude. Although, it WAS funnier the other way... ;)

Thanks alot adam it is what i wanted!

Originally posted by BuddhaSmurf
Is PHP easy to learn?

Adam i have asked this before but it prob got looked over in the midst of argueing but can i make a register page that automaticaly adds people to the username and password thing?

???????

Originally posted by PeOfEo
Php isnt evil, its just oo much like javaNo, PHP is not object oriented, though it does have support for objects, which will be getting better in PHP5. But, you do not need to use any OO coding with PHP -- I never do.

Originally posted by BuddhaSmurf
Is PHP easy to learn?

Adam i have asked this before but it prob got looked over in the midst of argueing but can i make a register page that automaticaly adds people to the username and password thing? Sorry, man... I guess I missed it twice. :o

I will write you a version that will allow for that... I'll upload it once I get it done. :)

Ok... Here is the updated version. The only current user is "adambrill" with a password of "test". You can add more by registering and you will instantly be able to login with the added username. Let me know how it works for you... :)

This is what i get when i try to register:


Warning: fopen("passwords.php", "w") - Permission denied in /home/virtual/site5/fst/var/www/html/login2.php on line 26

Warning: fwrite(): supplied argument is not a valid File-Handle resource in /home/virtual/site5/fst/var/www/html/login2.php on line 27

Warning: fwrite(): supplied argument is not a valid File-Handle resource in /home/virtual/site5/fst/var/www/html/login2.php on line 29

Warning: fwrite(): supplied argument is not a valid File-Handle resource in /home/virtual/site5/fst/var/www/html/login2.php on line 30

Warning: fwrite(): supplied argument is not a valid File-Handle resource in /home/virtual/site5/fst/var/www/html/login2.php on line 29

Warning: fwrite(): supplied argument is not a valid File-Handle resource in /home/virtual/site5/fst/var/www/html/login2.php on line 30

Warning: fwrite(): supplied argument is not a valid File-Handle resource in /home/virtual/site5/fst/var/www/html/login2.php on line 32

Warning: fclose(): supplied argument is not a valid File-Handle resource in /home/virtual/site5/fst/var/www/html/login2.php on line 33
User "Robert" added!

Did you CHMOD the file to 666? Also, is passwords.php file in the same directory as the PHP script trying to write to it?

Originally posted by pyro
No, PHP is not object oriented, though it does have support for objects, which will be getting better in PHP5. But, you do not need to use any OO coding with PHP -- I never do. syntax wise it looks very similar. I have not studied php in depth but at first glance they look to have a closely related structure, even though you are not using all the i/o stuff...

666? All files are in same directory

Originally posted by BuddhaSmurf
666? All files are in same directory You need to make sure that the file has write access, ie, make sure it is chmoded to 666. There should be a way to do that in whatever you use to upload files...

unless he has an XP and just does ftp:// to upload files. then how would he set it? hmm? whatcha gotta say bout that? hmm? don't know do ya? hmm dontcha, hmm dontcha? then he would have to download a new ftp don't you know? hmm dontcha, hmm dontcha?

Originally posted by Sux0rZh@jc0rz
unless he has an XP and just does ftp:// to upload files. then how would he set it? hmm? whatcha gotta say bout that? hmm? don't know do ya? hmm dontcha, hmm dontcha? then he would have to download a new ftp don't you know? hmm dontcha, hmm dontcha? What is your problem? :confused: Got up on the wrong side of the bed?

If you use Win XP with ftp://whatever.com, try right clicking on the file and clicking properties. You can chmod it there... Just give everyone write access...

lol I was mimic'ing the one old war radio commercial with the little girl who asks a guy for help then doesn't let him talk cause she says "hmm dontcha? hmm dontcha?" while he tries to respond then goes right onto the next subject without getting an answer. its all in good fun.

Originally posted by Sux0rZh@jc0rz
its all in good fun. lol, ok. ;) It sounded weird... I haven't heard that commercial, so... :D

most people havent. its from like world war I i think. possibly 2. (im 14...so how did i hear it? o.O)

Fixed it thanks that is exactly what i wanted!

ey buddha..can u upload your fixed file, cause im kinda in the same problem..plss..thnx man..really appreciate it..:D

here are all the files you need in zip format mys15.net/login.zip, remember to do like they said make it where others can write to it also.

ei tnx for the files man..
sorry for the late reply, i had trouble with my pc lately...
tnx again, ill be checkin it out sometime soon..:D