webmaster1 Posted November 12, 2008 Share Posted November 12, 2008 Hi Freaks! I have two text fields (username, password) and a submit button that I want at the top of all my pages for website I'm working on. When its authenticated I want it to redirect to a private page. Most tutorials only show me how to put a link on each page that only when clicked pulls up the text fields and submit button (in a seperate page) upon directing to the url. Can anyone help me out? I'm very new to PHP. ??? Thanks! Quote Link to comment https://forums.phpfreaks.com/topic/132457-solved-password-authentication-and-then-redirect/ Share on other sites More sharing options...
trq Posted November 12, 2008 Share Posted November 12, 2008 Im not sure I understand the question? Quote Link to comment https://forums.phpfreaks.com/topic/132457-solved-password-authentication-and-then-redirect/#findComment-688647 Share on other sites More sharing options...
premiso Posted November 12, 2008 Share Posted November 12, 2008 Sounds like an html issue, not php. I fail to see where this involves PHP? Quote Link to comment https://forums.phpfreaks.com/topic/132457-solved-password-authentication-and-then-redirect/#findComment-688651 Share on other sites More sharing options...
webmaster1 Posted November 12, 2008 Author Share Posted November 12, 2008 Im not sure I understand the question? What an expedient response! Here's how most tutorials advise how to password protect a page: Intended Page: <?php include "password_protect_page.php"; ?> PHP Page: <?php session_start(); $admin_user_name = "admin"; $admin_password = "pass"; //you can change the username and password by changing the above two strings if (!isset($HTTP_SESSION_VARS['user'])) { if(isset($HTTP_POST_VARS['u_name'])) $u_name = $HTTP_POST_VARS['u_name']; if(isset($HTTP_POST_VARS['u_password'])) $u_password = $HTTP_POST_VARS['u_password']; if(!isset($u_name)) { ?> <HTML> <BODY bgcolor=#ffffff> A working example can be found here with the username as 'admin' and the password as 'pass': http://www.phpbuddy.com/sample/password_pg.php This IS NOT what I want to do. Instead I want the form (picture below) to be situated in the top right of all of my pages When the correct details are entered I want the user to be redirected to the desired page. The difference is that the tutorials require a url to be followed and only then pulls up the password form. I want the password form to be available on all my page and to redirect upon the users correct submission. I hope this makes sense. Quote Link to comment https://forums.phpfreaks.com/topic/132457-solved-password-authentication-and-then-redirect/#findComment-688668 Share on other sites More sharing options...
webmaster1 Posted November 12, 2008 Author Share Posted November 12, 2008 Sounds like an html issue, not php. I fail to see where this involves PHP? I'm relying on PHP to authenticate the given username and password. Quote Link to comment https://forums.phpfreaks.com/topic/132457-solved-password-authentication-and-then-redirect/#findComment-688669 Share on other sites More sharing options...
revraz Posted November 12, 2008 Share Posted November 12, 2008 Subsitute the code you have to use the form variables then? Quote Link to comment https://forums.phpfreaks.com/topic/132457-solved-password-authentication-and-then-redirect/#findComment-688680 Share on other sites More sharing options...
webmaster1 Posted November 12, 2008 Author Share Posted November 12, 2008 Subsitute the code you have to use the form variables then? That went over my head. Is their anything else I can provide to help you lads to help me? Quote Link to comment https://forums.phpfreaks.com/topic/132457-solved-password-authentication-and-then-redirect/#findComment-688699 Share on other sites More sharing options...
Goldeneye Posted November 12, 2008 Share Posted November 12, 2008 Hmmm a little general clarification might help (rewording your problem) What it seems like you're asking right now is how to put the HTML form in the same page as the PHP script. Is that what you're trying to achieve? Quote Link to comment https://forums.phpfreaks.com/topic/132457-solved-password-authentication-and-then-redirect/#findComment-688725 Share on other sites More sharing options...
webmaster1 Posted November 12, 2008 Author Share Posted November 12, 2008 Hmmm a little general clarification might help (rewording your problem) What it seems like you're asking right now is how to put the HTML form in the same page as the PHP script. Is that what you're trying to achieve? Sorry about being so incoherent. Hopefully this will help: index.html Contains the regular content of my home page (text and graphics) Also contains a password form (text field, password field and sumbit button). I want PHP to firstly verify the correct user input and secondly redirect the user to the desired page. privatepage.html Contains the content of the private page (text and graphics). I don't think this needs any php. Quote Link to comment https://forums.phpfreaks.com/topic/132457-solved-password-authentication-and-then-redirect/#findComment-688744 Share on other sites More sharing options...
revraz Posted November 12, 2008 Share Posted November 12, 2008 What do you mean by redirect to the desired page? What determines the desired page and what restrictions are on this page? Quote Link to comment https://forums.phpfreaks.com/topic/132457-solved-password-authentication-and-then-redirect/#findComment-688777 Share on other sites More sharing options...
premiso Posted November 12, 2008 Share Posted November 12, 2008 Your form action should take you to valid.php valid.php <?php $valid_username = "admin"; $valid_password = "password"; $username = isset($_POST['username'])?$_POST['username']:""; $password = isset($_POST['password'])?$_POST['password']:""; if ($username == $valid_username && $password == $valid_password) { header("Location: privatepage.html"); }else { header("Location: index.html"); } ?> Something like that? As long as you have the form and the field names are username and password that should work. Quote Link to comment https://forums.phpfreaks.com/topic/132457-solved-password-authentication-and-then-redirect/#findComment-688786 Share on other sites More sharing options...
webmaster1 Posted November 12, 2008 Author Share Posted November 12, 2008 What do you mean by redirect to the desired page? What determines the desired page and what restrictions are on this page? The 'desired page' is single page where I want the client to be able to submit text to database I've created. It'll be set up using PHP. There is only one 'desired page' thought I don't want it to be publically accessable. Quote Link to comment https://forums.phpfreaks.com/topic/132457-solved-password-authentication-and-then-redirect/#findComment-688792 Share on other sites More sharing options...
webmaster1 Posted November 12, 2008 Author Share Posted November 12, 2008 Your form action should take you to valid.php valid.php <?php $valid_username = "admin"; $valid_password = "password"; $username = isset($_POST['username'])?$_POST['username']:""; $password = isset($_POST['password'])?$_POST['password']:""; if ($username == $valid_username && $password == $valid_password) { header("Location: privatepage.html"); }else { header("Location: index.html"); } ?> Something like that? As long as you have the form and the field names are username and password that should work. Thanks so much Premiso; I'm checking this now and will get back to you in a few minutes! Quote Link to comment https://forums.phpfreaks.com/topic/132457-solved-password-authentication-and-then-redirect/#findComment-688793 Share on other sites More sharing options...
webmaster1 Posted November 12, 2008 Author Share Posted November 12, 2008 I was hoping to clarify a few basics based on the code provided by Premiso. To try out the code I have a page.html with the following code: <html> <head></head> <body> <input type="text" name="username"> <input type="password" name="password"> <input type="button" name="login" value="login"> </body> </html> How do I link the form to valid.php? Sorry for being such a newb, I know these are probably very basic questions but I apreciate the help. Quote Link to comment https://forums.phpfreaks.com/topic/132457-solved-password-authentication-and-then-redirect/#findComment-688817 Share on other sites More sharing options...
revraz Posted November 12, 2008 Share Posted November 12, 2008 Search on the HTML FORM tag. Quote Link to comment https://forums.phpfreaks.com/topic/132457-solved-password-authentication-and-then-redirect/#findComment-688828 Share on other sites More sharing options...
trq Posted November 12, 2008 Share Posted November 12, 2008 Given this form... <html> <head></head> <body> <form action="login.php" method="post"> <input type="text" name="username"> <input type="password" name="userpass"> <input type="submit" name="login" value="login"> </form> </body> </html> If you create another page called login.php. <?php if (isset($_POST['username']) && isset($_POST['userpass'])) { $username = mysql_real_escape_string($_POST['username']); $userpass = mysql_real_escape_string($_POST['userpass']); $sql = "SELECT username FROM users WHERE username = '$username' && userpass = MD5('$userpass')"; if ($result = mysql_query($sql)) { if (mysql_num_rows($result)) { session_start(); $_SESSION['logged'] = true; header("location: http://yoursite.com/private.php"); } else { header("location: http://yoursite.com/incorrect.php"); } } } ?> All you need do now is create your private.php page. <?php session_start(); if (isset($_SESSION['logged'])) { // private stuff oges here. } else { echo "Sorry, you need to be logged in to view this page"; } ?> Of course you'll also need to create a registration page and what not, but really, this is just a simple example. There are literally thousands of examples of login/registration systems built with php. You just need to get your head around the logic so you can make them fit your own needs. Quote Link to comment https://forums.phpfreaks.com/topic/132457-solved-password-authentication-and-then-redirect/#findComment-688831 Share on other sites More sharing options...
webmaster1 Posted November 12, 2008 Author Share Posted November 12, 2008 So far I've gotten Premiso's to work (thank you so much): page.html <html> <head></head> <body> <form action="valid.php" method="post"> <input type="text" name="username"> <input type="password" name="password"> <input type="submit"> </form> </body> </html> valid.php <?php $valid_username = "admin"; $valid_password = "password"; $username = isset($_POST['username'])?$_POST['username']:""; $password = isset($_POST['password'])?$_POST['password']:""; if ($username == $valid_username && $password == $valid_password) { header("Location: privatepage.html"); }else { header("Location: index.html"); } ?> I'm looking into Thorpes method as soon as I finish creating the database. I just have a few questions: Is my password method less secure if I don't use SQL? Can I just 'include' the form as a header in my html page or must any page I use the form with have the .php extension? (e.g. index.php) Is it possible use an image as button (with a javascript rollover effect) with the php code or should I not even bother googling it? Sorry for badgering but I'm sure this thread will help round up this topic for other newbies like me. Quote Link to comment https://forums.phpfreaks.com/topic/132457-solved-password-authentication-and-then-redirect/#findComment-688862 Share on other sites More sharing options...
trq Posted November 12, 2008 Share Posted November 12, 2008 1: Not really, just allot more limited. 2: If you wish to call the include function your page must be parsed by php. Your server can be configured to parse *.html files as php, but I wouldn't recommend it. 3: Of course you can. Quote Link to comment https://forums.phpfreaks.com/topic/132457-solved-password-authentication-and-then-redirect/#findComment-688885 Share on other sites More sharing options...
Aonxe Posted November 12, 2008 Share Posted November 12, 2008 If you want your password to be more secure, encrypt it with md5 or sha1, and storing it in a database allows for you to maintain the security even if someone were to get a hold of your files. Quote Link to comment https://forums.phpfreaks.com/topic/132457-solved-password-authentication-and-then-redirect/#findComment-688966 Share on other sites More sharing options...
webmaster1 Posted November 13, 2008 Author Share Posted November 13, 2008 If you want your password to be more secure, encrypt it with md5 or sha1, and storing it in a database allows for you to maintain the security even if someone were to get a hold of your files. Right, I'm back. Thanks for the input. I'll post my code as soon as its completed. (obviously not for any of you brainchilds but for any fellow newbs that stumble across this thread via a search engine.) Quote Link to comment https://forums.phpfreaks.com/topic/132457-solved-password-authentication-and-then-redirect/#findComment-688990 Share on other sites More sharing options...
webmaster1 Posted November 13, 2008 Author Share Posted November 13, 2008 I've attempted Thorpes method but I keep on getting the following error: Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'nobody'@'localhost' (using password: NO) in XXX/login.php on line 8 I've used the following code: page.php <html> <head></head> <body> <form action="login.php" method="post"> <input type="text" name="username"> <input type="password" name="password"> <input type="submit"> </form> </body> </html> login.php <?php include("dbinfo.inc.php"); if (isset($_POST['username']) && isset($_POST['password'])) { $username = mysql_real_escape_string($_POST['username']); $userpass = mysql_real_escape_string($_POST['password']); $sql = "SELECT username FROM users WHERE username = '$username' && password = MD5('$password')"; if ($result = mysql_query($sql)) { if (mysql_num_rows($result)) { session_start(); $_SESSION['logged'] = true; header("location: private.php"); } else { header("location: invalid.php"); } } } ?> dbinfo.inc.php <? $username="XXX"; $password="XXX"; $database="XXX"; ?> private.php <?php session_start(); if (isset($_SESSION['logged'])) { // private stuff goes here. } else { echo "Sorry, you need to be logged in to view this page"; } ?> Can anybody spot where I've gone wrong? It occurs when I click the submit button on my form. My database is already created. I know I'm close to completing this but I can't seem to get passed this error. Quote Link to comment https://forums.phpfreaks.com/topic/132457-solved-password-authentication-and-then-redirect/#findComment-689038 Share on other sites More sharing options...
webmaster1 Posted November 13, 2008 Author Share Posted November 13, 2008 My only concern with Premiso's method is that the URL of the private page can be accessed by typing it in to the address bar. Quote Link to comment https://forums.phpfreaks.com/topic/132457-solved-password-authentication-and-then-redirect/#findComment-689049 Share on other sites More sharing options...
trq Posted November 13, 2008 Share Posted November 13, 2008 You haven't made any connection to the database! Quote Link to comment https://forums.phpfreaks.com/topic/132457-solved-password-authentication-and-then-redirect/#findComment-689068 Share on other sites More sharing options...
trq Posted November 13, 2008 Share Posted November 13, 2008 My only concern with Premiso's method is that the URL of the private page can be accessed by typing it in to the address bar. Same with mine. Both however won't display the private stuff unless your logged in. Is this for multiple users or what? if its just a simple single username / password your probably best just using Premiso's, mine will allow for mutliple users. Quote Link to comment https://forums.phpfreaks.com/topic/132457-solved-password-authentication-and-then-redirect/#findComment-689069 Share on other sites More sharing options...
premiso Posted November 13, 2008 Share Posted November 13, 2008 The simple solution to the problem with my method is rename privateplace.html to privateplace.php. Then add a check like in thropes to display the private stuff. Modified version of my script to set a session variable: <?php session_start(); $valid_username = "admin"; $valid_password = "password"; $username = isset($_POST['username'])?$_POST['username']:""; $password = isset($_POST['password'])?$_POST['password']:""; if ($username == $valid_username && $password == $valid_password) { $_SESSION['logged'] = true; header("Location: privatepage.html"); }else { $_SESSION['logged'] = false; header("Location: index.html"); } ?> Than your private page would be <?php sesson_start(); if (!$_SESSION['logged']) header("location: index.html"); // put the private data here, no one will see it unless they are logged in. ?> Basically everything you need is contained in this post, just pick and choose and implement. Quote Link to comment https://forums.phpfreaks.com/topic/132457-solved-password-authentication-and-then-redirect/#findComment-689070 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.