password protection

[loxfear]

hello.

im trying to password protect my pages in a simple way like this:

http://www.scottconnell.com/sniplets/password_protection/

 

but for some reason it doesnt chek the login file, so it doesnt work:

<?php require_once 'login.php'; ?>

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Untitled Document</title>
<style type="text/css">
#form1 table tr td label {
}
#form1 table {
	text-align: left;
}
#wrapper {
  margin: 20px auto;
  text-align: center;
  font-size: 20px;
}
#wrapper2 {
  margin: 20px auto;
  text-align: center;
  font-size: 20px;
}
</style>
</head>

<body>

<div id="wrapper">
--<a href="tilfojer.html">Tilføj Aktivitet</a>--<br>
--<a href="tilfojtilvalg.html">Tilføj Tilvalg</a>--<br>
--<a href="tilfojrestaurant.html">Tilføj Restaurant</a>--<br>
--<a href="tilfojmenu.html">Tilføj Menu</a>--
</div>

<div id="wrapper2">
--<a href="seaktivitet.php">Se Aktiviteter</a>--<br>
--<a href="setilvalg.php">Se Tilvalg</a>--<br>
--<a href="serestaurant.php">Se Restauranter</a>--<br>
--<a href="semenu.php">Se Menuer</a>--
</div>

</body>

<a href="?logout=1">Logout</a>
</html>

that is how i implemented it. made the file an php file

 

can somone tell me why it doesnt work. and maybe how to make it work, and why that works

 

many thanks

[Jacques1]

Did you read the code you're using? Do you realize that anybody can create any cookie they want? The entire “password protection” is nothing but a giant brainfart, so no wonder it “doesn't work” (whatever that means).

 

Learn PHP and write your own code. It's no rocket science. In this case, you'd simply use standard PHP sessions to store the log-in status.

[loxfear]

i dont need anything really insane, where noone can get in, just something where some standard dude cant enter but ill try looking into that

Edited August 18, 2014 by loxfear

[Jacques1]

Even the dumbest script kiddie knows how to create a cookie. The code is simply nonsense, no matter how low your standards may be.

[ScottConnell]

Thanks for the kind words Jacqass1, and what obvious vulnerabilities can you find with my password protection script? I know very well how to use sessions, but I choose to use a cookie instead. I wanted it to be simple for new coders, and I didn't want the login to expire.when I closed the browser.

 

As far as the login.php not working loxfear, do you have login.php in the same directory as your page? You might try using the full directory path with include_once.

[ScottConnell]

Use parentheses also require_once("login.php");

[mac_gyver]

the  parentheses are not part of the require_once statement (it's not a function.) what using them does is cause php to evaluate the term they enclose, similar to using  parentheses in a math equation to force operator precedence.

[Jacques1]

Thanks for the kind words Jacqass1, and what obvious vulnerabilities can you find with my password protection script?

 

Do you not realize that anybody can create the log-in cookie herself and skip your “protection” entirely? You might as well check the URL for “is_admin=true”.

 

 

 

I know very well how to use sessions, but I choose to use a cookie instead. I wanted it to be simple for new coders, and I didn't want the login to expire.when I closed the browser.

 

Sessions do not expire when you close the browser. The session ID is in fact stored in a cookie, and you can set the lifetime to anything you want.

 

The point is: Unlike your home-made cookie stuff, PHP sessions actually work. We've all used them for many years. Wouldn't it make sense to rely on a proven solution rather than trying to do it all by yourself?

[ScottConnell]

 

The point is: Unlike your home-made cookie stuff, PHP sessions actually work. We've all used them for many years. Wouldn't it make sense to rely on a proven solution rather than trying to do it all by yourself?

 

 

 

Yes it would. Thanks