Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 5 days ago.
This post was edited and submitted for review 5 days ago.
Improve this question
I am trying to make a password protected page with PHP and Argon2. However, I am not redirected to secure.html even when entering the correct password.
Link to code (replit): https://replit.com/#codykarate23/ArgonTest#index.php
Link to code I used to generate the hash (replit): https://replit.com/#codykarate23/TestForArgon2#index.php
I tried editing the hash slightly but it still did not work. I expected to be redirected to 'secure.html' when entering the password 'admin'.
index.php:
<?php
$pass = $_POST['pass'];
if(password_verify($pass, '$argon2i$v=19$m=2048,t=4,p=3$Y3NGc25QQ1k1cTBkTHZNRg$skaHiTZAiAYB2bwme/KBhRujlJNXWd7jkji4vP5t5zM')) //hash is Admin
{
header("Location: secure.html");
exit();
}
else
{
if(isset($_POST))
{?>
<form method="POST" action="index.php">
Pass <input type="password" name="pass"></input><br/>
<input type="submit" name="submit" value="Go"></input>
</form>
<?php }
}
?>
Related
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 6 years ago.
Improve this question
Hi friends am having 2 files index.php,form.php. In index.php I have given form action in index.php as form.php. How can I show the form.php when a button is clicked on index.php.But if the user types example.com/form.php in browser url its shown how can I hide it
Set sessions and check if it is true then let form.php run else redirect on index page or you can merge your form only in one page
<?php
if (isset($_POST['submit']))
{
//if button clicked run this php
//your php code here...
} else {
//if button not clicked show form
?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" name="myform">
//form fields here...
<input type="submit" name="submit" value="submit">
</form>
<?php } ?>
if button clicked it will execute php code else only form will be shown
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 6 years ago.
Improve this question
I'm trying to make a private message system where users can have conversations with each other. Each conversation has its unique hash. I want to store the messages in my database but for some reason the value of hash gets stored as 0 instead of the number I am requesting.
<form method="post" action="exiConversations.php" id="sendMessageFooterForm">
<input type="text" name="userNewMessage" id="userMessage" placeholder="Type een bericht" />
<input type="submit" name="sendNewMessageSubmit" id="sendMessageSubmit" value="Verzend" />
<?php
if (isset($_POST['sendNewMessageSubmit'])) {
$message = $_POST['userNewMessage'];
$fromUser = $_SESSION['userID'];
$today = date("y/m/d H:i:s");
$exiHash = $_GET['hash'];
$insertNewMessage = $conn->query("INSERT INTO messages (fromuser, messagedate, message, grouphash) VALUES ('$fromUser', '$today', '$message', '$exiHash')");
}
?>
</form>
I dont know what to do anymore. It used var_dump($exiHash); which does show me the hash number I want to store but it only stores a 0.
Change your action attr in form tag.
it must me like
action="exiConversations.php?<?=$_GET['hash']?>"
but it will work only if you have current URL like ....?hash=45345345
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
Sorry I am asking a question that has been asked before but in spite of reading all of them, I am still confused what to do.
What exactly I have to do to implement the remember me feature in my website I am building as my final year project. Is calling the function "setcookie()" alone sufficient?
setCookie() is all you need.
You can use it like this:
$cookie_value = 'MyUsername';
$cookie_expire = time() + 60*60*24*365;// 365 days
$cookie_path = '/';
setcookie('remember_me',$cookie_value, $cookie_expire, $cookie_path);
On the next pageload, you can fetch the remember_me cookie value with:
$_COOKIE['remember_me'];
But the 'next pageload' part is important because PHP cookies cannot be set and also read in the same browser action.
In the most simple way possible. The way I would bring this all together for demonstration for your project is have a php page with an html <form> that posts to itself.
Your filename would be something like my_form.php
inside it would be:
<?php
// If we received a username from the form, remember it for a year.
if( $_POST['username'] ):
setcookie('remember_me',$_POST['username'], time()+60*60*24*365, '/');
endif;
?>
<?php
// Display a message if the user is remembered.
if( isset($_COOKIE['remember_me']) ):
echo '<h2>Welcome back, '.$_COOKIE['remember_me'].'!</h2>';
endif;
?>
<form action="" method="post">
<input name="username" type="text" placeholder="Your Username" value="<?php echo $_COOKIE['remember_me'] ?>" required />
<button type="submit">Remember me</button>
</form>
This form submits to itself. If you see the username you just entered in the welcome message, then it is remembering you.
Very important! The setcookie() call in PHP must be the first thing in your my_form.php file. Otherwise setcookie() will not work if any output has happened to the web-browser before you call the setcookie() function.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question appears to be off-topic because it lacks sufficient information to diagnose the problem. Describe your problem in more detail or include a minimal example in the question itself.
Closed 8 years ago.
Improve this question
I want to use a session in other page from where I defined it how can I do it in php?
login.php
<?php
if(isset($_POST['submit']))
{
$username = $_POST['username'];
$password = $_POST['password'];
}
?>
<?php
if(isset($username))
$_SESSION['username'] = $username;
?>
<h1>Webmaster Login</h1>
<form method="post" action="login.php">
<p>Username:</p><input type="text" name="username">
<p>Password:</p><input type="password" name="password">
<input type="submit" name="submit" value="Login">
</form>
That was where I defined my session now I want to use it as if(isset($_SESSION['username'])) on another page from login.php . How can I do this?
You need session_start(); on all pages that set or need access to $_SESSION.
login.php
session_start();
//more code
another_page.php
session_start();
if(isset($_SESSION['username'])) { /*something*/ }
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I have setup a 3 page php login system. first page is login.php. it loads users input to the content.php and content.php will check the username and password. if fails, it will direct the user to the loginfail.php
If i just try to open the content.php without loading login.php first. I will be directed to loginfail.php
The design is using the post method on login.php and just simply checking the $_POST value inside content.php.
Here is my question : is this a secure design for protecting the content.php file ? it seemed no one will have the access to content.php unless they load login.php and get the username and password right.
you can do all in a single page like this:
<?php
session_start();
include("../inc/db.php");
if((isset($_POST['action']))and($_POST['action']=="login")){
$qu = mysql_query("SELECT * FROM `users` WHERE `user_name`='$_POST[uname]' and `password`='$_POST[pass]' LIMIT 1;");
if(mysql_num_rows($qu)!=0){
$uobj = mysql_fetch_object($qu);
$_SESSION["user"] = 'U';
$_SESSION["username"] = $uobj->user_name;
$_SESSION["fname"] = $uobj->full_name;
$_SESSION["id"] = $uobj->uid;
header("location:index.php");
}else{
header("location:login.php?message=wrongpass");
}
}
?>
<form method=post><table border=0>
<tr><td style='width:100px;'>user name</td><td><input type=text name=uname ></td></tr>
<tr><td>pass</td><td><input type=password name=pass ></td></tr>
<tr><td colspan='2'><input type=submit name=submit value=' login ' style='width:120px;'></td></tr>
<input type='hidden' name='action' value='login'>
</table></form>
Quite safe in my opinion yes.
It's difficult to say more without seeing the code.
Now maybe you should restrain number of tries with an IP because : http://i129.photobucket.com/albums/p203/Zelinko/Motivational%20Pictures/ATXNXOTI3MHPD6FS4MOF5IZHKKPBLSVV.jpg
It really depends on how safe you want to get. Its safe enough for a small private app, or something to be used by a few people, but i wouldn't use it in a bank site.
Because you are saving the password in the content.php file directly I guess (it sounds a lot like a homework I had on my first year at the university), if someone gets access to read the file through ftp for example, you would compromise the password. Also, you could brute force the password quite easily if you don't have a blocking method.
To add a bit of security you could hash the password in a database and add a limit to the amount of failures a connection can have.