www.webdeveloper.com
Results 1 to 14 of 14

Thread: Password Protection with PHP or not?

  1. #1
    Join Date
    Jun 2003
    Location
    San Francisco
    Posts
    202

    Question Password Protection with PHP or not?

    I just found out that my hosting server doesn't support ASP. However, it does support PHP. I already took advantage of it for my flash contact form. However, I'm a beginner in PHP and was wondering if it is possible to set up a password protection from scratch or if I need to buy one of those programs. Is there any other language for secure password protection (I know it's not JavaScript)?

  2. #2
    Join Date
    Dec 2002
    Location
    High on life
    Posts
    10,104

    Re: Password Protection with PHP or not?

    Originally posted by Illufox
    I just found out that my hosting server doesn't support ASP. However, it does support PHP.
    Ahh... A real man's server side language...

    Anyway, yes, you can create a simple PHP login script. I made one here. It's not perfect -- it should use something other than MD5 to encrypt the passwords (maybe Mcrypt)... http://forums.webdeveloper.com/showt...9950#post51430

    Personal website http://www.ryanbrill.com/
    Business website: http://www.infinitywebdesign.com/
    TypeSpace http://www.typespace.org/

    I reject your reality and substitute it with my own!

  3. #3
    Join Date
    Jan 2003
    Location
    Texas
    Posts
    10,413

    Re: Re: Password Protection with PHP or not?

    Originally posted by pyro
    Ahh... A real man's server side language...
    Three words for you, pyro: LOL!
    Anyways, I've got a small question about that. Would the script (in the link you provided) log the user out after a certain amount of time? And if so, how long would it be before they're logged out.
    Ya see, I'm creating a login PHP script myself (probably won't use your code, but.. ), and I don't necessarily want to use sessions--so I was thinking about cookies and just expiring them every thirty days or so...


    [Jona]
    Visit Slightly Remarkable to see my portfolio, resumé, and consulting rates.

  4. #4
    Join Date
    Dec 2002
    Location
    High on life
    Posts
    10,104
    With mine, they are logged out when they close their browser. If you use a cookie, I would let users know that they won't be logged out for 30 days -- that is a long time to be logged in somewhere, unless you check a "keep me logged in" box, or something...

    Personal website http://www.ryanbrill.com/
    Business website: http://www.infinitywebdesign.com/
    TypeSpace http://www.typespace.org/

    I reject your reality and substitute it with my own!

  5. #5
    Join Date
    Jan 2003
    Location
    Texas
    Posts
    10,413
    Oh yes, I see. OK, thanks.

    [Jona]
    Visit Slightly Remarkable to see my portfolio, resumé, and consulting rates.

  6. #6
    Join Date
    Jun 2003
    Location
    San Francisco
    Posts
    202

    Thumbs up

    Thanks Pyro, I will try this out.

  7. #7
    Join Date
    Dec 2002
    Location
    High on life
    Posts
    10,104
    You're welcome.

    Personal website http://www.ryanbrill.com/
    Business website: http://www.infinitywebdesign.com/
    TypeSpace http://www.typespace.org/

    I reject your reality and substitute it with my own!

  8. #8
    Join Date
    Jun 2003
    Location
    San Francisco
    Posts
    202
    Ok, it seems similar to ASP in that there are several pages that work together.

    I created all the pages as you described but I don't understand the following paragraph:

    "And, lastly, make a file named encrypter.php and use it to make your username and password, which you will insert in passwordreader.php... Once you have made the encrypted usernames/passwords, you can remove from your server. "

    What code does the encrypter.php consist of? There's no code sample in your description. However right after this paragraph is the code for the makepass.php. Is this the same as the encrypter.php? Why are there two forms? What are the steps to encrypt the passwords?
    Sorry, I'm confused here....

    I'm new to PHP but I usually learn pretty quick, so bear with me....
    Last edited by Illufox; 06-27-2003 at 12:51 PM.

  9. #9
    Join Date
    Dec 2002
    Location
    High on life
    Posts
    10,104
    Ah yes. Sorry. I just edited the other post to make them both read makepass.php. The files were one and the same. If you want, you can use this instead: http://www.infinitypages.com/scripts/encrypter.php

    What it does is makes a MD5 version of whatever you type in. This way, if someone is able to get the PHP file, they still won't be able to get your password.

    Anyway, you are going to need the values that makepass.php (or, if you follow my link, encrypter.php) gives you in passwordreader.php here:

    PHP Code:
    # Change the below lines to the results that makepass.php gave you
    #
    $user 'yourencryptedusername';
    $pass 'yourencryptedpassword';
    #
    # Change the above lines to the results that makepass.php gave you 

    Personal website http://www.ryanbrill.com/
    Business website: http://www.infinitywebdesign.com/
    TypeSpace http://www.typespace.org/

    I reject your reality and substitute it with my own!

  10. #10
    Join Date
    Jun 2003
    Location
    San Francisco
    Posts
    202
    Ok, makepass.php and encrypter.php are one and the same file. Good, so I'm all set. However I'm still confused on the part of creating the passwords.

    Let me know if I'm wrong:

    1. I decide what the user names and passwords are going to be for each client.
    2. I enter the login information for each client into the makepass.php form.
    3. I will get the encrypted versions of the login information for each client.
    4. I will then insert this information into the passwordreader.php file.
    5. I send the login information to the client.
    6. The client enters his login information (which will be recognized by the passwordreader.php file) into the other form. The login information and the encryptions are connected.

    Do I have to remove the encrypter form or can I leave it on the server? I may need to create new passwords as new clients will sign up.

    Last edited by Illufox; 06-27-2003 at 01:27 PM.

  11. #11
    Join Date
    Dec 2002
    Location
    High on life
    Posts
    10,104
    Ok, if you are going to need more than one username/password, you are going to need to use an array of usernames/passwords. This code is untested, but barring any syntactical errors, should be what you need:

    PHP Code:
    <?PHP
    $x 
    0;
    $user = array("user1inmd5encryptedformat","user2inmd5encryptedformat","user3inmd5encryptedformat"); //array of usernames
    $pass = array("password1inmd5encryptedformat","password2inmd5encryptedformat","password3inmd5encryptedformat"); //array of passwords
        
    for ($i=0$i count($user); $i++) {
            if (
    $x == 0) {
                if (
    md5($_POST['username']) == $user[$i]) {
                    if (
    md5($_POST['password']) == $pass[$i]) {
                        
    setcookie ("verified"true);
                        
    header ("Location:http://www.yoursite.com/dir/page.htm");
                    }
                    else {
                        echo 
    "Incorrect password";
                    }
                    
    $x 1;
                }
            }
        }
        if (
    $x == 0) {
            echo 
    "Incorrect username";
        }
    ?>
    That would replace this code from passwordreader.php:

    PHP Code:
    if(md5($_POST['username']) == $user && md5($_POST['password']) == $pass)
    {
    setcookie ("verified"true);
    header ("Location:http://www.yoursite.com/dir/page.htm");
    }
    else
    {
    echo (
    "Incorrect Password");

    Also, you can leave the file to encrypt the passwords on your server, if you wish.

    Personal website http://www.ryanbrill.com/
    Business website: http://www.infinitywebdesign.com/
    TypeSpace http://www.typespace.org/

    I reject your reality and substitute it with my own!

  12. #12
    Join Date
    Jun 2003
    Location
    San Francisco
    Posts
    202
    Oh I see, the original code is only for one single password. I guess I have to convince my client to use the same password for all his clients.

    If he doesn't like it I will have to use the code for multiple passwords.

    Thanks so much for your help.
    Last edited by Illufox; 06-27-2003 at 03:51 PM.

  13. #13
    Join Date
    Jan 2003
    Location
    Texas
    Posts
    10,413
    Just a suggestion, if you have a great deal of users you may want to look into use a MySQL database.

    [Jona]
    Visit Slightly Remarkable to see my portfolio, resumé, and consulting rates.

  14. #14
    Join Date
    Jun 2003
    Location
    San Francisco
    Posts
    202
    I hope that I don't have to go there....I'm only a designer, not a programmer, so I don't want to spend too much time programming while I should spend time designing.

    I don't have any problems tweaking code but writing from scratch? Oh boy....

    I have one more question:

    I want the protected site to open up on top of the unprotected site. I tried to use

    header ("Location:client2.php" "target=_blank");

    It didn't seem to like this. The following didn't work either:

    header ("Location:client2.php target=_blank");

    Is it possible at all to use a target in this script part?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles