loxfear Posted August 18, 2014 Share Posted August 18, 2014 hello. im trying to password protect my pages in a simple way like this: http://www.scottconnell.com/sniplets/password_protection/ but for some reason it doesnt chek the login file, so it doesnt work: <?php require_once 'login.php'; ?> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Untitled Document</title> <style type="text/css"> #form1 table tr td label { } #form1 table { text-align: left; } #wrapper { margin: 20px auto; text-align: center; font-size: 20px; } #wrapper2 { margin: 20px auto; text-align: center; font-size: 20px; } </style> </head> <body> <div id="wrapper"> --<a href="tilfojer.html">Tilføj Aktivitet</a>--<br> --<a href="tilfojtilvalg.html">Tilføj Tilvalg</a>--<br> --<a href="tilfojrestaurant.html">Tilføj Restaurant</a>--<br> --<a href="tilfojmenu.html">Tilføj Menu</a>-- </div> <div id="wrapper2"> --<a href="seaktivitet.php">Se Aktiviteter</a>--<br> --<a href="setilvalg.php">Se Tilvalg</a>--<br> --<a href="serestaurant.php">Se Restauranter</a>--<br> --<a href="semenu.php">Se Menuer</a>-- </div> </body> <a href="?logout=1">Logout</a> </html> that is how i implemented it. made the file an php file can somone tell me why it doesnt work. and maybe how to make it work, and why that works many thanks Quote Link to comment https://forums.phpfreaks.com/topic/290515-password-protection/ Share on other sites More sharing options...
Jacques1 Posted August 18, 2014 Share Posted August 18, 2014 Did you read the code you're using? Do you realize that anybody can create any cookie they want? The entire “password protection” is nothing but a giant brainfart, so no wonder it “doesn't work” (whatever that means). Learn PHP and write your own code. It's no rocket science. In this case, you'd simply use standard PHP sessions to store the log-in status. Quote Link to comment https://forums.phpfreaks.com/topic/290515-password-protection/#findComment-1488129 Share on other sites More sharing options...
loxfear Posted August 18, 2014 Author Share Posted August 18, 2014 (edited) i dont need anything really insane, where noone can get in, just something where some standard dude cant enter but ill try looking into that Edited August 18, 2014 by loxfear Quote Link to comment https://forums.phpfreaks.com/topic/290515-password-protection/#findComment-1488130 Share on other sites More sharing options...
Jacques1 Posted August 18, 2014 Share Posted August 18, 2014 Even the dumbest script kiddie knows how to create a cookie. The code is simply nonsense, no matter how low your standards may be. Quote Link to comment https://forums.phpfreaks.com/topic/290515-password-protection/#findComment-1488132 Share on other sites More sharing options...
ScottConnell Posted August 18, 2014 Share Posted August 18, 2014 Thanks for the kind words Jacqass1, and what obvious vulnerabilities can you find with my password protection script? I know very well how to use sessions, but I choose to use a cookie instead. I wanted it to be simple for new coders, and I didn't want the login to expire.when I closed the browser. As far as the login.php not working loxfear, do you have login.php in the same directory as your page? You might try using the full directory path with include_once. Quote Link to comment https://forums.phpfreaks.com/topic/290515-password-protection/#findComment-1488151 Share on other sites More sharing options...
ScottConnell Posted August 18, 2014 Share Posted August 18, 2014 Use parentheses also require_once("login.php"); Quote Link to comment https://forums.phpfreaks.com/topic/290515-password-protection/#findComment-1488160 Share on other sites More sharing options...
mac_gyver Posted August 18, 2014 Share Posted August 18, 2014 the parentheses are not part of the require_once statement (it's not a function.) what using them does is cause php to evaluate the term they enclose, similar to using parentheses in a math equation to force operator precedence. Quote Link to comment https://forums.phpfreaks.com/topic/290515-password-protection/#findComment-1488165 Share on other sites More sharing options...
Jacques1 Posted August 18, 2014 Share Posted August 18, 2014 Thanks for the kind words Jacqass1, and what obvious vulnerabilities can you find with my password protection script? Do you not realize that anybody can create the log-in cookie herself and skip your “protection” entirely? You might as well check the URL for “is_admin=true”. I know very well how to use sessions, but I choose to use a cookie instead. I wanted it to be simple for new coders, and I didn't want the login to expire.when I closed the browser. Sessions do not expire when you close the browser. The session ID is in fact stored in a cookie, and you can set the lifetime to anything you want. The point is: Unlike your home-made cookie stuff, PHP sessions actually work. We've all used them for many years. Wouldn't it make sense to rely on a proven solution rather than trying to do it all by yourself? Quote Link to comment https://forums.phpfreaks.com/topic/290515-password-protection/#findComment-1488170 Share on other sites More sharing options...
ScottConnell Posted August 18, 2014 Share Posted August 18, 2014 The point is: Unlike your home-made cookie stuff, PHP sessions actually work. We've all used them for many years. Wouldn't it make sense to rely on a proven solution rather than trying to do it all by yourself? Yes it would. Thanks Quote Link to comment https://forums.phpfreaks.com/topic/290515-password-protection/#findComment-1488213 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.