Jump to content

What's the best way to require a login to access this?

simcoweb

By simcoweb
in PHP Coding Help

 Share

Recommended Posts

simcoweb Advanced Member

simcoweb

Posted
Posted
This is a simple script that logs and then displays a log of IP addresses that has accessed certain areas of a website. I'd like to require that the site owner use a password in order to access it. But, I don't want to use standard .htaccess stuff cuz that lame grey box is butt ugly. So, when they want to access this 'view' script I want them to enter a password into a form field and on submit it would check it against a password variable set in say a config.php file then, if true, display the data as normal. If the password entered is false then it should display the 'failed' message with a chance to re-enter.

The question is, can I do this within one script or do I need a separate login.php script to perform that action then it takes them to the view-ips.php script?

I found a login snippet here in the code library and was trying to adapt that. Here it is:

[code]session_start();
include("config.php");
$password = strip_tags(chop($_POST[password]));

if($_GET[logout] == "true") {
  session_start();
  unset($_SESSION['logged_in']);
  session_destroy();
}

if($password == $admin_password) {
    session_register("logged_in");
    $_SESSION[logged_in] = "true";
}

if($_SESSION[logged_in] == "true") {



echo "Logged in!<bR>
<a href=$_SERVER[PHP_SELF]?logout=true>logout</a>";



} else {
echo "<form method=post action=$_SERVER[PHP_SELF]>
<input type=text name=password></form>";
}[/code]

Here's the script part of my view-ips.php file. If this can be adapted to work within then great. If externally, then that's great also but need some help with how to do that.

[code]<?php

//IP logger file viewer - set variables
include 'config.php';
include 'header.php';
$title = "<center><h4>IP Log File - Unauthorized Access Results</h4></center><p>";

// Here's The Snippet Inserted

// authenticate the user as the administrator
session_start();
include("config.php");
$password = strip_tags(chop($_POST[password]));

if($_GET[logout] == "true") {
  session_start();
  unset($_SESSION['logged_in']);
  session_destroy();
}

if($password == $admin_password) {
    session_register("logged_in");
    $_SESSION[logged_in] = "true";
}

if($_SESSION[logged_in] == "true") {



echo "Logged in!<bR>
<a href=$_SERVER[PHP_SELF]?logout=true>logout</a>";



} else {
echo "<form method=post action=$_SERVER[PHP_SELF]>
<input type=text name=password></form>";
}

[b]END OF THE SNIPPET[/b]

// if successful it will connect to the database and display the info
mysql_connect('$dbhost', '$dbuser', '$dbpass') or die(mysql_error());
mysql_select_db($dbname) or die(mysql_error());

echo "$title<p>";

print "<table align='center' width='600' border='0'><tr><td>";
// loop through array and print each line

$query = "SELECT * FROM iplog";

$result = mysql_query($query) or die(mysql_error());

while($row = mysql_fetch_array($result)){
echo $row['ip']. " - ". $row['date'];
echo "<br />";
}

echo "</tr></td><tr><td><p><font face='Verdana' size='2'><strong>When you are through viewing these results click below to download an Excel CSV file or to erase the entries from the database.</strong></font><p></td></tr></table>";
?>
<table width="400" align="center">
<tr><td width="200" align="center">
<form action="closefile.php" method="POST">
<input type="submit" name="submit" value="Close File">
</form>
</td><td>
<form action="download.php" method="POST">
<input type="submit" name"download" value="Download Excel File">
</form>
</td></tr></table>[/code]


I marked in there where the snippet starts and ends. It's between the 'Bold' tags that look out of place.

Keeping in mind i'm a total newber and i'm using this little script as my launching pad to PHP greatness, any explanations of the code you change/add/suggest and what it does is GREATLY appreciated!

Thanks! This forum rocks!
Link to comment
Share on other sites
wildteen88 Regular Member

wildteen88

Posted
Posted
something like this:
[code=php:0]<?php
session_start();

//IP logger file viewer - set variables
include 'config.php';
include 'header.php';

$title = "<center><h4>IP Log File - Unauthorized Access Results</h4></center><p>";

// authenticate the user as the administrator
$password = strip_tags(chop($_POST['password']));

if($_GET['logout'] == true)
{
  unset($_SESSION['logged_in']);
  session_destroy();
}

if($password == $admin_password) {
    // session_register("logged_in"); -- this is not needed
    $_SESSION['logged_in'] = true;
}

if($_SESSION['logged_in'] == true)
{
    echo 'Logged in!<br><a href="' . $_SERVER['PHP_SELF'] . '?logout=true">logout</a>';

    // if successful it will connect to the database and display the info
    mysql_connect('$dbhost', '$dbuser', '$dbpass') or die(mysql_error());
    mysql_select_db($dbname) or die(mysql_error());

    echo $title . "<p>\n";

    print "<table align='center' width='600' border='0'><tr><td>";
    // loop through array and print each line

    $query = "SELECT * FROM iplog";

    $result = mysql_query($query) or die(mysql_error());

    while($row = mysql_fetch_array($result))
    {
    echo $row['ip']. " - ". $row['date'];
    echo "<br />";
    }

    echo <<<HTML
</tr></td><tr><td><p><font face='Verdana' size='2'><strong>When you are through viewing these results click below to download an Excel CSV file or to erase the entries from the database.</strong></font><p></td></tr></table>
<table width="400" align="center">
<tr><td width="200" align="center">
<form action="closefile.php" method="POST">
<input type="submit" name="submit" value="Close File">
</form>
</td><td>
<form action="download.php" method="POST">
<input type="submit" name"download" value="Download Excel File">
</form>
</td></tr></table>
HTML;
}
else
{
    echo '<form method="post" action="' . $_SERVER['PHP_SELF'] . '">
<input type="text" name="password">
<input type="submit" name="login" value="Login">
</form>';
}
?>[/code]
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.