How to hide a page in PHP?

[divadiva]

I have  a PHP Page that asks user to "Enter database Password"  every time I had to Login to the Report section.My aim to get rid of that screen .

By that I mean ,basically whenever I should hit Reports.Php page"sessionpassword" should go into the database password automatically.I should only see what ever is  there in Report Page.

 

"Enter database password" comes from this form :

<FORM>
<%*/ function superpw() {
%>
	<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="0"> 
	  <TBODY> 
		 <TR> 
			<TD>Database Password</TD> 
			<TD>  </TD> 
			<TD> 
			  <INPUT TYPE="PASSWORD" NAME="super_pass" SIZE="20"></TD> 
			<TD>  </TD> 
			<TD> 
			    <INPUT TYPE="SUBMIT" NAME="Submit1" VALUE="GO"></TD> 
		 </TR> 
	  </TBODY> 
	</TABLE>
<%} /*%>
 </FORM>

 

Super_pass Function Is defined as:

 

function opendb() {
globvars('super_pass');
global $globvars; extract($globvars) ;
$GLOBALS['db'] = $dbnam ;
$cfgServer['host'] = $dbhst;


$GLOBALS['link'] = '' ;
if($super_pass) {
	// user supadmin login

	$cfgServer['user'] = $_SESSION['user'];
	$cfgServer['password'] = $_SESSION['password'] ;

	//$cfgServer['password'] = sp_code($_SESSION['password'],'d') ;
	//print_r($cfgServer);

	$GLOBALS['link'] = mysql_connect(  $cfgServer['host'] ,$cfgServer['user'] , $cfgServer['password'] );
	//$globvars['dblog'] = $cfgServer['user'] ;
	$globvars['dblog'] = $dbsup ;

}

 

 

 

Report where this function has been called:

 

template('Reporting > MIS Reports');
  function main() {
globvars();
global $globvars; extract($globvars) ;



  	if($dblog == $dbsup  ) {
	if($done) {
		dispres() ;
	}
	else {
        	form() ;
	}
}
else {

	superpw() ;


}

  }
  
  function form() {
global $globvars; extract($globvars) ;
$globvars['super_pass'] = sp_code($super_pass,'e') ;
ihide('super_pass');
%>
	<TABLE BORDER="0" CELLPADDING="4" CELLSPACING="1" CLASS="dtable" WIDTH="100%"> 
	  <TBODY> 
		 <TR> 
			<TD> 
}

$globvars['super_pass'] = sp_code($_SESSION['password'],'e') ;
//$globvars['super_pass'] = sp_code($super_pass,'e') ;	
ihide('super_pass', 'done', 'manufacturer', 'process', 'wafer', 'purchase_from', 'as_of', 'location', 'group_by', 'output_to');
%>
	<INPUT TYPE="HIDDEN" NAME="output_to" VALUE="xls"> <BR> 
	<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="0"> 
	  <TBODY> 
		 <TR> 
			<TD><A HREF="javascript:main.submit();">Open in Excel</A></TD> 
			<TD><IMG SRC="../images/blank.gif" WIDTH="100" HEIGHT="1" BORDER="0"
			  ALT=" "></TD> 
			<TD><A HREF="misreport.php">New Report</A></TD> 
			<TD><IMG SRC="../images/blank.gif" WIDTH="100" HEIGHT="1" BORDER="0"
			  ALT=" "></TD> 
			<TD><A HREF="#top">Top of Page</A></TD> 
		 </TR> 
	  </TBODY> 
	</TABLE><%
  }

 

[darkfreaks]

i dont think it is possible to get rid of the login and just be auto logged in everytime. it wouldn't be very safe anyways.

[premiso]

One thing you can look at is cookies. You can set cookies to expire in 20 minutes, days or never. This way if you close your browser and you come back you are still logged in, not very secure but definitely an option you have. I usually set cookies to expire within an hour or the day then require the user to login after that time has passed.

[sKunKbad]

if using sessions, unless specified otherwise, the cookie is destroyed when the browser is closed. This may be the best solution.

[darkfreaks]

while you can't hide the login you can make a "remember me" option where you can set the cookie for months/days or even years.

[awpti]

Storing a password in a session or cookie is also asking for trouble.

[BioBob]

/agree

 

At least hash it, then check the hash when it comes back.

 

<?php
if ( (isset($_COOKIE['TestCookie'])) AND ($_COOKIE['TestCookie'] === md5('password') ) )  {
  //show secret stuff here
  }
else if ( (isset($_POST['password'])) AND ($_POST['password'] === "password") )  {
  setcookie("TestCookie", md5($_POST['password']), time()+3600);  //1 hour
  //show secret stuff here too
  }
else  {
  //login form
  }