Jump to content

Archived

This topic is now archived and is closed to further replies.

simcoweb

What's the best way to require a login to access this?

Recommended Posts

This is a simple script that logs and then displays a log of IP addresses that has accessed certain areas of a website. I'd like to require that the site owner use a password in order to access it. But, I don't want to use standard .htaccess stuff cuz that lame grey box is butt ugly. So, when they want to access this 'view' script I want them to enter a password into a form field and on submit it would check it against a password variable set in say a config.php file then, if true, display the data as normal. If the password entered is false then it should display the 'failed' message with a chance to re-enter.

The question is, can I do this within one script or do I need a separate login.php script to perform that action then it takes them to the view-ips.php script?

I found a login snippet here in the code library and was trying to adapt that. Here it is:

[code]session_start();
include("config.php");
$password = strip_tags(chop($_POST[password]));

if($_GET[logout] == "true") {
  session_start();
  unset($_SESSION['logged_in']);
  session_destroy();
}

if($password == $admin_password) {
    session_register("logged_in");
    $_SESSION[logged_in] = "true";
}

if($_SESSION[logged_in] == "true") {



echo "Logged in!<bR>
<a href=$_SERVER[PHP_SELF]?logout=true>logout</a>";



} else {
echo "<form method=post action=$_SERVER[PHP_SELF]>
<input type=text name=password></form>";
}[/code]

Here's the script part of my view-ips.php file. If this can be adapted to work within then great. If externally, then that's great also but need some help with how to do that.

[code]<?php

//IP logger file viewer - set variables
include 'config.php';
include 'header.php';
$title = "<center><h4>IP Log File - Unauthorized Access Results</h4></center><p>";

// Here's The Snippet Inserted

// authenticate the user as the administrator
session_start();
include("config.php");
$password = strip_tags(chop($_POST[password]));

if($_GET[logout] == "true") {
  session_start();
  unset($_SESSION['logged_in']);
  session_destroy();
}

if($password == $admin_password) {
    session_register("logged_in");
    $_SESSION[logged_in] = "true";
}

if($_SESSION[logged_in] == "true") {



echo "Logged in!<bR>
<a href=$_SERVER[PHP_SELF]?logout=true>logout</a>";



} else {
echo "<form method=post action=$_SERVER[PHP_SELF]>
<input type=text name=password></form>";
}

[b]END OF THE SNIPPET[/b]

// if successful it will connect to the database and display the info
mysql_connect('$dbhost', '$dbuser', '$dbpass') or die(mysql_error());
mysql_select_db($dbname) or die(mysql_error());

echo "$title<p>";

print "<table align='center' width='600' border='0'><tr><td>";
// loop through array and print each line

$query = "SELECT * FROM iplog";

$result = mysql_query($query) or die(mysql_error());

while($row = mysql_fetch_array($result)){
echo $row['ip']. " - ". $row['date'];
echo "<br />";
}

echo "</tr></td><tr><td><p><font face='Verdana' size='2'><strong>When you are through viewing these results click below to download an Excel CSV file or to erase the entries from the database.</strong></font><p></td></tr></table>";
?>
<table width="400" align="center">
<tr><td width="200" align="center">
<form action="closefile.php" method="POST">
<input type="submit" name="submit" value="Close File">
</form>
</td><td>
<form action="download.php" method="POST">
<input type="submit" name"download" value="Download Excel File">
</form>
</td></tr></table>[/code]


I marked in there where the snippet starts and ends. It's between the 'Bold' tags that look out of place.

Keeping in mind i'm a total newber and i'm using this little script as my launching pad to PHP greatness, any explanations of the code you change/add/suggest and what it does is GREATLY appreciated!

Thanks! This forum rocks!

Share this post


Link to post
Share on other sites
something like this:
[code=php:0]<?php
session_start();

//IP logger file viewer - set variables
include 'config.php';
include 'header.php';

$title = "<center><h4>IP Log File - Unauthorized Access Results</h4></center><p>";

// authenticate the user as the administrator
$password = strip_tags(chop($_POST['password']));

if($_GET['logout'] == true)
{
  unset($_SESSION['logged_in']);
  session_destroy();
}

if($password == $admin_password) {
    // session_register("logged_in"); -- this is not needed
    $_SESSION['logged_in'] = true;
}

if($_SESSION['logged_in'] == true)
{
    echo 'Logged in!<br><a href="' . $_SERVER['PHP_SELF'] . '?logout=true">logout</a>';

    // if successful it will connect to the database and display the info
    mysql_connect('$dbhost', '$dbuser', '$dbpass') or die(mysql_error());
    mysql_select_db($dbname) or die(mysql_error());

    echo $title . "<p>\n";

    print "<table align='center' width='600' border='0'><tr><td>";
    // loop through array and print each line

    $query = "SELECT * FROM iplog";

    $result = mysql_query($query) or die(mysql_error());

    while($row = mysql_fetch_array($result))
    {
    echo $row['ip']. " - ". $row['date'];
    echo "<br />";
    }

    echo <<<HTML
</tr></td><tr><td><p><font face='Verdana' size='2'><strong>When you are through viewing these results click below to download an Excel CSV file or to erase the entries from the database.</strong></font><p></td></tr></table>
<table width="400" align="center">
<tr><td width="200" align="center">
<form action="closefile.php" method="POST">
<input type="submit" name="submit" value="Close File">
</form>
</td><td>
<form action="download.php" method="POST">
<input type="submit" name"download" value="Download Excel File">
</form>
</td></tr></table>
HTML;
}
else
{
    echo '<form method="post" action="' . $_SERVER['PHP_SELF'] . '">
<input type="text" name="password">
<input type="submit" name="login" value="Login">
</form>';
}
?>[/code]

Share this post


Link to post
Share on other sites
This worked like a charm. Thanks for taking the time!

Quick question, you inserted an HTML tag with 3 <<<'s  Just curious what the purpose is for the 3 and if it's required that I have the HTML label in there.

Share this post


Link to post
Share on other sites
It's heredoc syntax, a way to print out long chunks of html. Check it <a href="http://www.tizag.com/phpT/strings.php">here</a>.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.