divadiva Posted November 10, 2008 Share Posted November 10, 2008 I have a PHP Page that asks user to "Enter database Password" every time I had to Login to the Report section.My aim to get rid of that screen . By that I mean ,basically whenever I should hit Reports.Php page"sessionpassword" should go into the database password automatically.I should only see what ever is there in Report Page. "Enter database password" comes from this form : <FORM> <%*/ function superpw() { %> <TABLE BORDER="0" CELLPADDING="0" CELLSPACING="0"> <TBODY> <TR> <TD>Database Password</TD> <TD> </TD> <TD> <INPUT TYPE="PASSWORD" NAME="super_pass" SIZE="20"></TD> <TD> </TD> <TD> <INPUT TYPE="SUBMIT" NAME="Submit1" VALUE="GO"></TD> </TR> </TBODY> </TABLE> <%} /*%> </FORM> Super_pass Function Is defined as: function opendb() { globvars('super_pass'); global $globvars; extract($globvars) ; $GLOBALS['db'] = $dbnam ; $cfgServer['host'] = $dbhst; $GLOBALS['link'] = '' ; if($super_pass) { // user supadmin login $cfgServer['user'] = $_SESSION['user']; $cfgServer['password'] = $_SESSION['password'] ; //$cfgServer['password'] = sp_code($_SESSION['password'],'d') ; //print_r($cfgServer); $GLOBALS['link'] = mysql_connect( $cfgServer['host'] ,$cfgServer['user'] , $cfgServer['password'] ); //$globvars['dblog'] = $cfgServer['user'] ; $globvars['dblog'] = $dbsup ; } Report where this function has been called: template('Reporting > MIS Reports'); function main() { globvars(); global $globvars; extract($globvars) ; if($dblog == $dbsup ) { if($done) { dispres() ; } else { form() ; } } else { superpw() ; } } function form() { global $globvars; extract($globvars) ; $globvars['super_pass'] = sp_code($super_pass,'e') ; ihide('super_pass'); %> <TABLE BORDER="0" CELLPADDING="4" CELLSPACING="1" CLASS="dtable" WIDTH="100%"> <TBODY> <TR> <TD> } $globvars['super_pass'] = sp_code($_SESSION['password'],'e') ; //$globvars['super_pass'] = sp_code($super_pass,'e') ; ihide('super_pass', 'done', 'manufacturer', 'process', 'wafer', 'purchase_from', 'as_of', 'location', 'group_by', 'output_to'); %> <INPUT TYPE="HIDDEN" NAME="output_to" VALUE="xls"> <BR> <TABLE BORDER="0" CELLPADDING="0" CELLSPACING="0"> <TBODY> <TR> <TD><A HREF="javascript:main.submit();">Open in Excel</A></TD> <TD><IMG SRC="../images/blank.gif" WIDTH="100" HEIGHT="1" BORDER="0" ALT=" "></TD> <TD><A HREF="misreport.php">New Report</A></TD> <TD><IMG SRC="../images/blank.gif" WIDTH="100" HEIGHT="1" BORDER="0" ALT=" "></TD> <TD><A HREF="#top">Top of Page</A></TD> </TR> </TBODY> </TABLE><% } Quote Link to comment https://forums.phpfreaks.com/topic/132201-how-to-hide-a-page-in-php/ Share on other sites More sharing options...
darkfreaks Posted November 10, 2008 Share Posted November 10, 2008 i dont think it is possible to get rid of the login and just be auto logged in everytime. it wouldn't be very safe anyways. Quote Link to comment https://forums.phpfreaks.com/topic/132201-how-to-hide-a-page-in-php/#findComment-687146 Share on other sites More sharing options...
premiso Posted November 10, 2008 Share Posted November 10, 2008 One thing you can look at is cookies. You can set cookies to expire in 20 minutes, days or never. This way if you close your browser and you come back you are still logged in, not very secure but definitely an option you have. I usually set cookies to expire within an hour or the day then require the user to login after that time has passed. Quote Link to comment https://forums.phpfreaks.com/topic/132201-how-to-hide-a-page-in-php/#findComment-687156 Share on other sites More sharing options...
sKunKbad Posted November 10, 2008 Share Posted November 10, 2008 if using sessions, unless specified otherwise, the cookie is destroyed when the browser is closed. This may be the best solution. Quote Link to comment https://forums.phpfreaks.com/topic/132201-how-to-hide-a-page-in-php/#findComment-687172 Share on other sites More sharing options...
darkfreaks Posted November 11, 2008 Share Posted November 11, 2008 while you can't hide the login you can make a "remember me" option where you can set the cookie for months/days or even years. Quote Link to comment https://forums.phpfreaks.com/topic/132201-how-to-hide-a-page-in-php/#findComment-687281 Share on other sites More sharing options...
awpti Posted November 11, 2008 Share Posted November 11, 2008 Storing a password in a session or cookie is also asking for trouble. Quote Link to comment https://forums.phpfreaks.com/topic/132201-how-to-hide-a-page-in-php/#findComment-687490 Share on other sites More sharing options...
BioBob Posted November 11, 2008 Share Posted November 11, 2008 /agree At least hash it, then check the hash when it comes back. <?php if ( (isset($_COOKIE['TestCookie'])) AND ($_COOKIE['TestCookie'] === md5('password') ) ) { //show secret stuff here } else if ( (isset($_POST['password'])) AND ($_POST['password'] === "password") ) { setcookie("TestCookie", md5($_POST['password']), time()+3600); //1 hour //show secret stuff here too } else { //login form } Quote Link to comment https://forums.phpfreaks.com/topic/132201-how-to-hide-a-page-in-php/#findComment-687623 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.