-
Senior Member
PHP authentication
Hi,
I found this script on the net and find it pretty easy and usefull. But I have a fe questions though....
Is there a way that when you have access to the page you can add
a user? Maybe by calling the username and password from a
seperate file? I don't need this top-secure but is it a
bit secure?
PHP Code:
<?php
$LOGIN = "Username";
$PASSWORD = "Password";
function error ($error_message) {
echo $error_message."<BR>";
print "Access denied";
exit;
}
if ( (!isset($PHP_AUTH_USER)) || ! (($PHP_AUTH_USER == $LOGIN) && ( $PHP_AUTH_PW == "$PASSWORD" )) ) {
header("WWW-Authenticate: Basic entrer=\"Form2txt admin\"");
header("HTTP/1.0 401 Unauthorized");
error("<BR>");
}
?>
<HTML><HEAD><TITLE>protected page</TITLE></HEAD>
<BODY BGCOLOR="#F2F1EE">
My page
</BODY>
</HTML>
Thanks in advance
Vincent
SWIS BV
Last edited by Markp.com on 07-23-2003 at 02:25 AM
-
Hi,
the general problem with basic auth is not really to keep people from getting in but rather to add a feature where they can get out again
As long as you do not want a logout button on your main page, this is fine
Musicman
-
Senior Member
Thanks
Is there a way to add a user (with password) by using another script and that this script gets it's usernames and passwords from another file (.txt?)
I would like it to have it so that when a user log's in he can change his username/password/add a user.
Thanks again....
Vincent
SWIS BV
Last edited by Markp.com on 07-23-2003 at 02:25 AM
-
Hi,
there should be a few scripts around that are intended to work with a conventional login form. They should work with your setup too.
Make sure to put the textfile in a protected area different from this one...
// fragment to check user/pass
$fp = fopen("../secret/passwords.txt", "r");
$ok = 0;
while($line = fgets($fp, 100))
{ $fields = split("\t", $line);
if($fields[0] == $PHP_AUTH_USER && $fields[1] == $PHP_AUTH_PW)
$ok = 1;
}
if(!$ok)
{ // send them back to the auth form
header("HTTP/1.0 401 Unauthorized");
BTW - you cannot use this system to protect individual images unless you serve them through a php script too
Musicman
-
Senior Member
Thanks Musicman, you're extremely helpfull
I'm having problems with it though
Where should I put this code, should it replace part of the existing code?
Sorry to be such a pain.....
Vincent
SWIS BV
Last edited by Markp.com on 07-23-2003 at 02:25 AM
-
Hi,
one way to get it all together ... there are others - I just want to avoid duplicate code
Code:
<?
function deny () {
header("WWW-Authenticate: Basic entrer=\"Form2txt admin\"");
header("HTTP/1.0 401 Unauthorized")
print "Access denied";
exit;
}
if(!isset($PHP_AUTH_USER)) deny();
$fp = fopen("../secret/passwords.txt", "r");
$ok = 0;
while($line = fgets($fp, 100))
{ $fields = split("\t", $line);
if($fields[0] == $PHP_AUTH_USER && $fields[1] == $PHP_AUTH_PW)
$ok = 1;
}
if(!$ok) deny();
?>
<HTML><HEAD><TITLE>protected page</TITLE></HEAD>
<BODY BGCOLOR="#F2F1EE">
My page
</BODY>
</HTML>
BTW - I silently assume that there are more than those two fields on the line, otherwise you would probably have to change the code in italics to
$fields = split("\t", ereg_replace("\n", "", $line));
Musicman
-
Senior Member
Again Thanks!
two more questions
How should I format passwords.txt; I tried several ways...
I silently assume that there are more than those two fields
I need to replace the italic code witg that line if I have more then two user?
Thanks again.
Vincent
SWIS BV
Last edited by Markp.com on 07-23-2003 at 02:25 AM
-
Hi,
it should be
username TAB password TAB other
username TAB password TAB other
You need to change the italicized code if you do not have any "other" type columns, because the linebreak would otherwise appear as part of the password
Musicman
-
Senior Member
Perfect! thanks so much
Vincent
SWIS BV
Last edited by Markp.com on 07-23-2003 at 02:25 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|