stickynote427 Posted July 21, 2009 Share Posted July 21, 2009 I'm trying to create an authentication system from scratch. I want to be able to edit the content of my Web site's home page without having to log in through my host's cPanel deal, navigate through cPanel, and navigate through a couple directories just to edit a single file. I know I can use .htaccess, but I was wondering if I could use an HTML-PHP form to authenticate myself to gain access to something. Here is my from-scratch authentication form. <?php //the correct username $un="username"; //the correct password $pw="password"; //if the form has been submitted... if (isset($_POST['submitBtn'])) { //if the username is incorrect... if ($_POST['username']!=$un) { //echo text echo("The username was incorrect. Click <a href=".$_SERVER['PHP_SELF']."?page=someLoginPage />here</a> to try again."); } //otherwise, if the password is incorrect... else if ($_POST['password']!=$pw) { //echo text echo("The password was incorrect. Click <a href=".$_SERVER['PHP_SELF']."?page=someLoginPage />here</a> to try again."); } //otherwise, the username and password ARE correct else { //Do stuff here, such as: echo("The username and password were correct."); } } //if the form has not been submitted, display the form else { ?> <table align="center" style="color: white;"> <form name="authForm" method="POST" action="<?=$_SERVER['PHP_SELF']?>?page=someLoginPage"> <tr><td align="right">Username:</td><td><input type="text" name="username" /></td></tr> <tr><td align="right">Password:</td><td><input type="password" name="password" /></td></tr> <tr><td colspan=2 align="center"><input type="submit" name="submitBtn" value="Log In" /></td></tr> </form> </table> <?php } ?> Seems to work fine. Of course instead of making some text appear when I log in, I will create something that will allow me to edit and save my Web site's home page from there. Is this method secure? None of the PHP code obviously shows up when I view the page's source code, so I don't see how someone would be able to figure out the username and password (which I will also change). Thanks, stickynot427 Link to comment https://forums.phpfreaks.com/topic/166850-creating-authentication-system-from-scratch/ Share on other sites More sharing options...
jamesxg1 Posted July 21, 2009 Share Posted July 21, 2009 Maybe use cURL to login to the CPanel. James. Link to comment https://forums.phpfreaks.com/topic/166850-creating-authentication-system-from-scratch/#findComment-879768 Share on other sites More sharing options...
ozone Posted July 21, 2009 Share Posted July 21, 2009 Chmod'e file to 644 and you are good to go. Link to comment https://forums.phpfreaks.com/topic/166850-creating-authentication-system-from-scratch/#findComment-879772 Share on other sites More sharing options...
stickynote427 Posted July 21, 2009 Author Share Posted July 21, 2009 @James: If that could be a faster way to log in to cPanel, that's not what I'm looking for, but thanks. @ozone: Can you explain a little bit more? Are you talking about the PHP chmod function; how should I use it, and what is this "644"? Link to comment https://forums.phpfreaks.com/topic/166850-creating-authentication-system-from-scratch/#findComment-879778 Share on other sites More sharing options...
stickynote427 Posted July 23, 2009 Author Share Posted July 23, 2009 BUMP All I'm wondering at this point is if this method is secure. Is there any way someone could gain access to the stuff I have password-protected? Link to comment https://forums.phpfreaks.com/topic/166850-creating-authentication-system-from-scratch/#findComment-881551 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.