Good day!
I'm trying to make a website where you could only access it by first typing the password in the front page(www.mywebsite.com/index.php)
Once I enter the password, It will get the file home.html from outside my public_html.
Then in that page(home.html) there will be links using the variable z (www.mywebsite.com/index.php?z=one) which will return 1.html or other pages.
Here's what I tried so far, but even if i use www.mywebsite.com/index.php?z=one
it still opens home.html
Can I get some help? And/or is what I'm trying possible?
<?php
$pass = $_POST['pass'];
if ($pass == "1234") {
$page = $_GET['z'];
if ($page == "one") {
include("../1.html");
} else {
include("../home.html");
}
} else {
if (isset($_POST)) {
?>
<!DOCTYPE html>
<html lang="en">
<form role="form" method="POST" style="margin: 0px" action="index.php">
<input type="password" name ="pass" class="form-control" id="pwd"> </input>
<input type="submit" class="btn btn-danger" value="Enter"></input>
</form>
</html>
<?php
}
}
?>
Thats not the way to approach this.
First make use of a session, but only hold a isLoggedIn flag in the session not the password.
Second, all scripts can be in the public_html folder, but what you do is add a little script that checks the loggedIn state to all scripts and if not loggedIn throw the login page
Heres a simple example
login_check.php
<?php
session_start();
if ( ! isset($_SESSION['loggedIn']) || $_SESSION['loggedIn'] == 0) {
header('Location: login.php');
exit;
}
Now in your login script
login.php
<?php
session_start();
if ( isset($_SESSION['loggedIn'] && $_SESSION['loggedIn'] == 1) {
// already logged in
header('Location: index.php.php'); // or some other page
exit;
}
If ( "The password is correct" ) { // this is of course pseudo code
$_SESSION['loggedIn'] = 1;
header('Location: somepage.php');
exit;
} else {
unset($_SESSION['loggedIn']);
header('Location: login.php');
exit;
}
?>
Now in all your other scripts
<?php
// first thing is always to check if this user is logged in
// so any access from a user not yet logged in just get
// thrown to the login page, or maybe your index.php
require_once 'login_check.php';
You can also use this session to hold useful but not sensitive things like
$_SESSION['user_id']; // id of the users info in user table
$_SESSION['FirstName'];
$_SESSION['LastName'];
$_SESSION['nickname'];
and anything else that might be useful to know across your application that you dont want to go to the database each time to collect.
Additional info
Your HTML is not well formed
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Page Title</title>
</head>
<body>
<form role="form" method="POST" style="margin: 0px" action="index.php">
<input type="password" name ="pass" class="form-control" id="pwd" />
<input type="submit" name="login" class="btn btn-danger" value="Login" />
</form>
</body>
</html>
You could store the get/post pass in a session like $_SESSION['pass']
But you better encrypt it with a sha1 a least like
$_SESSION['pass'] = sha1($pass);
and to get it back
if($_SESSION['pass'] == sha1("1234")){}
You should use session.
But it is not a good practice to store your password in a session.
<?php
session_start();
if(isset($_POST['pass'])){
$_SESSION['p'] = md5($_POST['pass']);
//$pass = $_POST['pass'];
if($_SESSION['p'] == md5("1234"))
{
$page = $_GET['z'];
if($page == "one")
{
include("../1.html");
}
else
{
include("../home.html");
}
}
}
?>
I'm sure this will help you.
<?php
session_start();
if (!empty($_POST['pass']) && $_POST['pass'] == "1234") {
$_SESSION['pass'] = $_POST['pass'];
}
if (empty($_SESSION['pass'])) {
?>
<!DOCTYPE html>
<html lang="en">
<form role="form" method="POST" style="margin: 0px" action="index.php">
<input type="password" name ="pass" class="form-control" id="pwd"> </input>
<input type="submit" class="btn btn-danger" value="Enter"></input>
</form>
</html>
<?php
die;
}
$page = $_GET['z'];
if ($page == "one") {
include("../1.html");
} else {
include("../home.html");
}
?>
Related
I am working on a simple login form with sessions..Here is my index.php code
<?php
ob_start();
session_start();
?>
<?
// error_reporting(E_ALL);
// ini_set("display_errors", 1);
?>
<html lang = "en">
<head> </head>
<body>
<h2>Enter Username and Password</h2>
<div class = "container form-signin">
<?php
$msg = '';
if (isset($_POST['login']) && !empty($_POST['username']) && !empty($_POST['password']))
{
if ($_POST['username'] == '1' && $_POST['password'] == '1' )
{
$_SESSION['valid'] = true;
$_SESSION['timeout'] = time();
header('Location: /test/login.php');
}
else $msg = 'not working';
}
?>
</div> <!-- /container -->
</div>
<form action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']);?>" method="post" >
<?php echo $msg; ?>
<input type="text" name="username">
<input type="password" name="password" >
<input type="submit" name="login">
</form>
</body>
</html>
When someone write the right password, he will go to this page
localhost:8080/test/login.php
but, if someone try to open "localhost:8080/test/login.php" directly, he will go to this page "localhost:8080/test/index.php".
this is my login.php code
<?php
session_start();
if ($_POST['username'] == '1' && $_POST['password'] == '1' )
{
$_SESSION['valid'] = true;
$_SESSION['timeout'] = time();
header('Location: /test/login.php');
}
else{
header('Location: /test/index.php/');
}
?>
test 1
Youve made several small mistakes (see comments), but the big mistake you make is that the session is never checked. Use this at login.php :
<?php
session_start();
if(!isset($_SESSION["valid"])){
header("location: index.php");
die();
}
?>
This checks if the session is set, and if not redirects back to index php
I want to write some code to login users and when the user didn't register already in database send him to "register.php" page. I used header('Location: register.php') code for this but when i refresh the page without any click to register button it goes automatically to that page and login form didn't show up!
here is my "login.php" code:
<?php
require 'core_inc.php';
require 'connect_inc.php';
if(isset($_POST['txtusername']) && isset($_POST['txtpassword']))
{
if(!empty($_POST['txtusername']) && !empty($_POST['txtpassword']))
{
$username = trim($_POST['txtusername']);
$password = trim($_POST['txtpassword']);
$hash_passwword = md5($password);
$query = "select `id` from `for_login` where `username` = '$username' and `password` = '$hash_passwword'";
if($query_run = mysql_query($query))
{
$query_num_rows = mysql_num_rows($query_run);
if($query_num_rows == 0){
echo 'invalid username or password! if you have not registered yet please do it!';
}
else if($query_num_rows == 1)
{
$_SESSION['username'] = $username;
header('Location: index.php');
}
}
}
else 'please fill the blanks';
}
?>
<!DOCTYPE HTML>
<html>
<head>
<meta charset="utf-8">
<title>Untitled Document</title>
</head>
<body>
<form action="<?php echo $current_file; ?>" method="post">
please enter your username and password to login. if you already not registered please click to register button! :) <br><br>
username:<br>
<input type="text" name="txtusername"><br>
password:<br>
<input type="password" name="txtpassword"><br><br>
<input type="submit" value="login">
<input type="submit" value="register" onClick="<?php header('Location: register.php'); ?>" name="btnregister" >
</form>
</body>
</html>
and "core_inc.php" is here:
<?php
#session_start();
$current_file = $_SERVER['SCRIPT_NAME'];
$http_referer = #$_SERVER['HTTP_REFERER'];
?>
And i know that there is no problem with "connect_inc.php" , it connect successfully to database. and i tried to remove other irrelevant codes like "" but it didn't help.
Any help would be appreciated.
Try using this...
Register instead of
<input type="submit" value="register" onClick="<?php header('Location: register.php'); ?>" name="btnregister">`
onClick requires a javascript function, not PHP. Try
window.location='register.php'
So in this case:
<input type="submit" value="register" onClick="window.location='register.php'" name="btnregister">
remove the onclick function completely from the submit field, add
header('Location:register.php');
to your
if($query_num_rows == 0){
echo 'invalid username or password! if you have not registered yet please do it!';
header('Location:register.php');
}
I currently have 2 pages, one a log in page, and when the log in details are correct, it redirects the user to the gold page. However you can just access the gold page through the URL and i only want it to open if the user logs in.
<?php
?>
<html>
<head>
<title>Log-in</title>
</head>
<body>
<p>Please enter your username and password</p>
<form method="post">
<input type="integer" name="userID"/>
<input type="text" name="password"/>
<input type="submit"/>
</form>
<?php
$i = $_POST["userID"];
$j = $_POST["password"];
$gold_cookie = "gold";
if (isset($i) && $i == "2" && isset($j) && $j=="hi") {
session_start();
$_SESSION['login_user']= $i;
setcookie($gold_cookie , time()+30) ;
header("Location:gold.php");
}
if (isset($i) && $i != "2" && isset($j) && $j !="hi") {
echo "Get lost bro!";
}
$_SESSION ["first_name"] = "Kevin";
$name = $_SESSION ["first_name"];
?>
</body>
</html>
html>
<head>
<title>Log-in</title>
</head>
<body>
<p>You have made it!</p>
<p> TAKE SOME GOLD </p>
<img src="http://ei.marketwatch.com//Multimedia/2013/04/19/Photos/MG/MW-BB708_GoldUs_20130419105117_MG.jpg?uuid=9fd4d8c0-a900-11e2-a57c-002128040cf6">
</body>
</html>
Could somebody direct me into the right direction please?
Thanks
Put this in gold.php at the beginning:
session_start();
if (empty($_SESSION['login_user'])) {
die('Not authorized');
}
But I would advise to use a php framework. A simple framework with routing like SlimPHP, will make such things much easier and more flexible.
//Add an if statement in your gold page :
if(User is logged in)
{
//Your gold page code
}
else /**redirect user to the login page*/
{
header("Location: login_page.php");
}
So I need to pass a variable from one php to another php page but I dont know how to do it. I got this piece of code "$realname= $row['name'];" that stores the real name of the person to display it in another page after they successfully login, but when I try to use $realname variable in the other page it wont display it. How can I make this posible??? thanks in advance
page one login.php
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<?php
include 'functions.php';
if(loggedin())
{
header("Location: userarea.php");
exit();
}
if(isset($_POST['login']))
{
//get data
$username = $_POST['username'];
$password = $_POST['password'];
$rememberme = $_POST['rememberme'];
//validate
if($username&&$password)
{
$login = mysql_query("SELECT * FROM users WHERE username='$username'");
if(mysql_num_rows($login) == 1)
{
while($row = mysql_fetch_assoc($login))
{
$db_password = $row['password'];
if($password == $db_password)
$loginok= TRUE;
else
$loginok = FALSE;
if($loginok==TRUE)
{
$realname= $row['name'];
if($rememberme == "on")
setcookie("username", $username, time() + 7200);
else if ($rememberme == "")
$_SESSION['username'] = $username;
header("Location: userarea.php");
exit();
}
else
die("Incorrect username or password. Please try again or contact your local admin.");
}
}die("Incorrect username or password. Please try again or contact your local admin.gdfgdfgdfg");
}
else
die("Please enter a username and password.");
}
?>
<h>Welcome!</h>
<form action="login.php" method="POST">
Username:<br />
<input type="text" name="username"><p />
Password:<br />
<input type="password" name="password"><p / >
<input type="checkbox" name="rememberme"> Remember me<br />
<input type="submit" name="login" value="Log in">
</form>
</body>
</html>
Page 2 userarea.php (as you can see I declared $realname variable but I cant use it)
<html>
<body>
<?php
include 'functions.php';
if(!loggedin())
{
header("Location: login.php");
exit();
}
echo "Hello $realname";
?>
<h>Access Granted! Yeiy! </h>
Log out
</body>
</html>
This is exactly what sessions are for:
Sessions are a simple way to store data for individual users against a unique session ID. This can be used to persist state information between page requests. Session IDs are normally sent to the browser via session cookies and the ID is used to retrieve existing session data.
page one login.php
<?php session_start(); ?>
<!DOCTYPE html>
<html>
...
$_SESSION['realname'] = $row['name'];
Page 2 userarea.php
<?php session_start(); ?>
<!DOCTYPE html>
<html>
...
echo "Hello $_SESSION['realname']";
First pass $_SESSION['var_name']; on login page and then
start session_start() on the top of the userarea page and echo your session variable
echo $_SESSION['var_name'];
First of all I won't build a login system that uses a database, I know it's more secure but in this case it's not relevant...
I have three files login.php, admin.php and config.php. The users email and password is stored in variables in config.php. If the user is logging in a session should be set. Then if a user that hasn't logged in trying to access admin.php ":-(" should be printed. But now the ":-(" is always printed and something needs to be wrong with how I coded it all...
config.php:
<?php
//site data
$title = "Abbesplace";
$siteurl = "index.php";
//user data
$password = "testtest";
$email = "example#example.com";
$name = "Albin Larsson";
?>
login.php:
<?php
require_once("config.php");
if (($_POST['email'] == $email && $_POST['password'] == $password)) {
//login
session_start();
$_SESSION['logged']= "welcometomoon";
header("Location: admin.php");
} else {
echo "login faild";
}
?>
<!DOCTYPE HTML>
<html>
<head>
<title>Login</title>
</head>
<body>
<div>
<form method="post" action="login.php">
Email:<input type="email" name="email"/>
Password:<input type="password" name="password"/>
<input type="submit"/>
</form>
</div>
</body>
</html>
admin.php:
<?php
if(isset($_SESSION['logged'])){
echo "Hello";
} else {
echo ":-(";
}
?>
Any suggestions on what I should make different?
(I'm a newbie when i comes to PHP)...
You have to call session_start on every page. Right now you are only calling it when you post to the login form.