Jump to content

Simple PHP Question


PHP_Genius1877

Recommended Posts

Thank you for your reply! My application only allows .html .css and .js files. However I can write PHP in the HTML files. I was thinking the code would look something along the lines of this:

<?php
$user = 'admin';
$password = 'test';
if ($_POST['username'] == $user  && $_POST['password'] == $password) {
  echo 'successfully logged in';    
} else {
  echo 'you have entered the wrong username or password.';
}

But, I am a beginner to PHP so it doesn’t work yet 🤣

Edited by PHP_Genius1877
Link to comment
Share on other sites

If you aren't allowed to write to files, find another host.

It seems your only option may be a hard-coded array. Create passwords using password_hash() for added security.

$pwds = [
           'john'   => '$2y$10$Vp/6Bk1eNcl3V/cKZCcZN.d43uYTgEMyHSkkFv..S22LbIhkTATPK',
           'paul'   => '$2y$10$hMcamjUSx5/ixfMjd34gL.ChXtO/EsbPYoYb82tFw3YBrqGwADAEW',
           'george' => '$2y$10$kjFY1j.0GfmUbNEa0rOfE.UfFCZ19sYIHzEh2T4NeqOCsC8jnDlPG',
           'ringo'  => '$2y$10$XgFC90JsmmpCeU68y/gm8epw1PZRgSDTNn0GdoCG9MdKkiVigTvkG'
        ];
        
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $pass = $pwds[ $_POST['username'] ];
    if (password_verify($_POST['password'], $pass)) {
        echo "Log in successful<br>";
    }
    else {
        echo "Invalid log in<br>";
    }
}

The 4 passwords are password1, password2, password3, password4

Edited by Barand
Link to comment
Share on other sites

Ok so this is the PHP I am using:

<?php
$password = [
    'john'   => 'password1',
    'paul'   => 'password2',
    'george' => 'password3',
    'robert'  => 'password4'
];
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
    $pass = @$password [ $_POST['username'] ];
    if (!isset($pass))
    {
        echo "Invalid log in<br>";
    }
    else
    {
        if ($_POST['password'] == $pass)
        {
            echo "Log in successful<br>";
        }
        else
        {
            echo "Invalid username or password<br>";
        }
    }
}
?>

And this is the HTML for the login form:

<body>    
    <center> <h1>Login</h1> </center>   
    <form action="" method="POST">
        <div class="container">   
            <label>Username:</label>   
            <input type="text" placeholder="Enter Username" name="username" required>  
            <label>Password:</label>   
            <input type="password" placeholder="Enter Password" name="password" required>  
            <button type="submit">Login</button>   
            <input type="checkbox" checked="checked"> Remember me   
            <button type="button" class="cancelbtn"> Cancel</button>   
            <a href="">Forgot password?</a>
        </div>   
    </form>
</body>     
</html>

I only have one problem. The PHP is showing up as text on the login page even though I put the <?php tags… Any thoughts?

Link to comment
Share on other sites

<!DOCTYPE html>
<html>   
<head>
<form action="./index_php.html">
<meta name="viewport" content="width=device-width, initial-scale=1">  
<title>Login Page</title>
<style>

<!-- My CSS here -->
  
</style>   
</head>
<body>    
    <center> <h1>Login</h1> </center>   
    <form action="" method="GET">
        <div class="container">   
            <label>Username:</label>   
            <input type="text" placeholder="Enter Username" name="username" required>  
            <label>Password:</label>   
            <input type="password" placeholder="Enter Password" name="password" required>  
            <button type="submit">Login</button>   
            <input type="checkbox" checked="checked"> Remember me   
            <button type="button" class="cancelbtn"> Cancel</button>   
            <a href="">Forgot password?</a>
        </div>   
    </form>
</body>     
</html>

<?php
$password = [
    'robert'   => 'password1',
    'mike'   => 'password2',
    'george' => 'password3',
    'john'  => 'password4'
];
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
    $pass = @$password [ $_POST['username'] ];
    if (!isset($pass))
    {
        echo "Invalid log in<br>";
    }
    else
    {
        if ($_POST['password'] == $pass)
        {
            echo "Log in successful<br>";
        }
        else
        {
            echo "Invalid username or password<br>";
        }
    }
}
?>

This is my code in the login.html file, what am I doing wrong? I can still log in no matter what username or password I enter.

Edited by PHP_Genius1877
Link to comment
Share on other sites

4 minutes ago, Barand said:

A .php file can contain HTML

A .html file cannot contiain php (and process it)

Alright. I guess that answers my question. I do have one more. Is there a way to tell the HTML to require a specific password as I have illustrated below?

<body>    
    <center> <h1>Login</h1> </center>   
    <form action="" method="GET">
        <div class="container">   
            <label>Username:</label>   
            <input type="text" placeholder="Enter Username" name="username" required> <!-- Require a specific username -->
            <label>Password:</label>   
            <input type="password" placeholder="Enter Password" name="password" required> <!-- Require a specific password -->
            <button type="submit">Login</button>   
            <input type="checkbox" checked="checked"> Remember me   
            <button type="button" class="cancelbtn"> Cancel</button>   
            <a href="">Forgot password?</a>
        </div>   
    </form>
</body>     
</html>

 

Link to comment
Share on other sites

Your site would be "localhost". EG

http://localhost/login.php

or

http://aaa.bbb.ccc.ddd/login.php

where aaa.bbb.ccc.ddd is your IP address, though I don't don''t know if it will work for your friends - never tried it. There is free site hosting available, but you get what you pay for!

Edited by Barand
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.