Jump to content


Photo

What's the best way to require a login to access this?


  • Please log in to reply
4 replies to this topic

#1 simcoweb

simcoweb
  • Members
  • PipPipPip
  • Advanced Member
  • 1,102 posts
  • LocationCA

Posted 17 July 2006 - 10:11 PM

This is a simple script that logs and then displays a log of IP addresses that has accessed certain areas of a website. I'd like to require that the site owner use a password in order to access it. But, I don't want to use standard .htaccess stuff cuz that lame grey box is butt ugly. So, when they want to access this 'view' script I want them to enter a password into a form field and on submit it would check it against a password variable set in say a config.php file then, if true, display the data as normal. If the password entered is false then it should display the 'failed' message with a chance to re-enter.

The question is, can I do this within one script or do I need a separate login.php script to perform that action then it takes them to the view-ips.php script?

I found a login snippet here in the code library and was trying to adapt that. Here it is:

session_start();
include("config.php");
$password = strip_tags(chop($_POST[password]));

if($_GET[logout] == "true") {
  session_start();
  unset($_SESSION['logged_in']);
  session_destroy();
}

if($password == $admin_password) {
    session_register("logged_in");
    $_SESSION[logged_in] = "true";
}

if($_SESSION[logged_in] == "true") {



echo "Logged in!<bR>
<a href=$_SERVER[PHP_SELF]?logout=true>logout</a>";



} else {
echo "<form method=post action=$_SERVER[PHP_SELF]>
<input type=text name=password></form>";
}

Here's the script part of my view-ips.php file. If this can be adapted to work within then great. If externally, then that's great also but need some help with how to do that.

<?php

//IP logger file viewer - set variables
include 'config.php'; 
include 'header.php';
$title = "<center><h4>IP Log File - Unauthorized Access Results</h4></center><p>";

// Here's The Snippet Inserted

// authenticate the user as the administrator
session_start();
include("config.php");
$password = strip_tags(chop($_POST[password]));

if($_GET[logout] == "true") {
  session_start();
  unset($_SESSION['logged_in']);
  session_destroy();
}

if($password == $admin_password) {
    session_register("logged_in");
    $_SESSION[logged_in] = "true";
}

if($_SESSION[logged_in] == "true") {



echo "Logged in!<bR>
<a href=$_SERVER[PHP_SELF]?logout=true>logout</a>";



} else {
echo "<form method=post action=$_SERVER[PHP_SELF]>
<input type=text name=password></form>";
}

[b]END OF THE SNIPPET[/b]

// if successful it will connect to the database and display the info
mysql_connect('$dbhost', '$dbuser', '$dbpass') or die(mysql_error());
mysql_select_db($dbname) or die(mysql_error());

echo "$title<p>";

print "<table align='center' width='600' border='0'><tr><td>";
// loop through array and print each line

$query = "SELECT * FROM iplog"; 
	 
$result = mysql_query($query) or die(mysql_error());

while($row = mysql_fetch_array($result)){
	echo $row['ip']. " - ". $row['date'];
	echo "<br />";
}
 
echo "</tr></td><tr><td><p><font face='Verdana' size='2'><strong>When you are through viewing these results click below to download an Excel CSV file or to erase the entries from the database.</strong></font><p></td></tr></table>";
?> 
<table width="400" align="center">
<tr><td width="200" align="center">
<form action="closefile.php" method="POST">
<input type="submit" name="submit" value="Close File">
</form>
</td><td>
<form action="download.php" method="POST">
<input type="submit" name"download" value="Download Excel File">
</form>
</td></tr></table>


I marked in there where the snippet starts and ends. It's between the 'Bold' tags that look out of place.

Keeping in mind i'm a total newber and i'm using this little script as my launching pad to PHP greatness, any explanations of the code you change/add/suggest and what it does is GREATLY appreciated!

Thanks! This forum rocks!

#2 simcoweb

simcoweb
  • Members
  • PipPipPip
  • Advanced Member
  • 1,102 posts
  • LocationCA

Posted 18 July 2006 - 02:49 PM

** bump **  :)

#3 wildteen88

wildteen88
  • Staff Alumni
  • Advanced Member
  • 10,482 posts
  • LocationUK, Bournemouth

Posted 18 July 2006 - 06:21 PM

something like this:
<?php
session_start();

//IP logger file viewer - set variables
include 'config.php';
include 'header.php';

$title = "<center><h4>IP Log File - Unauthorized Access Results</h4></center><p>";

// authenticate the user as the administrator
$password = strip_tags(chop($_POST['password']));

if($_GET['logout'] == true)
{
  unset($_SESSION['logged_in']);
  session_destroy();
}

if($password == $admin_password) {
    // session_register("logged_in"); -- this is not needed
    $_SESSION['logged_in'] = true;
}

if($_SESSION['logged_in'] == true)
{
    echo 'Logged in!<br><a href="' . $_SERVER['PHP_SELF'] . '?logout=true">logout</a>';

    // if successful it will connect to the database and display the info
    mysql_connect('$dbhost', '$dbuser', '$dbpass') or die(mysql_error());
    mysql_select_db($dbname) or die(mysql_error());

    echo $title . "<p>\n";

    print "<table align='center' width='600' border='0'><tr><td>";
    // loop through array and print each line

    $query = "SELECT * FROM iplog";

    $result = mysql_query($query) or die(mysql_error());

    while($row = mysql_fetch_array($result))
    {
    	echo $row['ip']. " - ". $row['date'];
    	echo "<br />";
    }

    echo <<<HTML
</tr></td><tr><td><p><font face='Verdana' size='2'><strong>When you are through viewing these results click below to download an Excel CSV file or to erase the entries from the database.</strong></font><p></td></tr></table>
<table width="400" align="center">
<tr><td width="200" align="center">
<form action="closefile.php" method="POST">
<input type="submit" name="submit" value="Close File">
</form>
</td><td>
<form action="download.php" method="POST">
<input type="submit" name"download" value="Download Excel File">
</form>
</td></tr></table>
HTML;
}
else
{
    echo '<form method="post" action="' . $_SERVER['PHP_SELF'] . '">
<input type="text" name="password">
<input type="submit" name="login" value="Login">
</form>';
}
?>


#4 simcoweb

simcoweb
  • Members
  • PipPipPip
  • Advanced Member
  • 1,102 posts
  • LocationCA

Posted 18 July 2006 - 10:00 PM

This worked like a charm. Thanks for taking the time!

Quick question, you inserted an HTML tag with 3 <<<'s  Just curious what the purpose is for the 3 and if it's required that I have the HTML label in there.


#5 yonta

yonta
  • Members
  • PipPipPip
  • Advanced Member
  • 70 posts

Posted 19 July 2006 - 12:29 AM

It's heredoc syntax, a way to print out long chunks of html. Check it <a href="http://www.tizag.com....php">here</a>.
do it, do it right, do it right now




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users