Password protect sites

tonytony ModeratorAdministrator
in Coding Languages
i have a gallery
and i want to password protect the page with the pictures
its a html page although i know ill have to change that, and im fairly new to php so if you could be really detailed in putting a code it would be a great help, theres only 1 user possibly 2
and the pages uses an iframe if that matters?

so if you know of a code would you be able to write it here please?
cheers

Comments

  • celicaukcelicauk Beginner Link Clerk
    You can approach this from two directions, either secure the directory so the users get a popup requesting a username and password, or if you want something a little more flexible with multiple users etc then the following code for a login page should help:

    Create a file called index.php and put the following code into it:

    [code:1:968b1191ef]
    <html>
    <head>
    <basefont face="Verdana">
    </head>

    <body>

    <center>
    <table border="0" cellspacing="5" cellpadding="5">
    <form action="login.php" method="POST">
    <tr>
    <td>
    Username
    </td>
    <td>
    <input type="text" size="10" name="f_user">
    </td>
    </tr>
    <tr>
    <td>
    Password
    </td>
    <td>
    <input type="password" size="10" name="f_pass">
    </td>
    </tr>
    <tr>
    <td colspan="2" align="center">
    <input type="submit" name="submit" value="Log In">
    </td>
    </tr>
    </form>
    </table>
    </center>

    </body>

    </html>
    [/code:1:968b1191ef]

    Next create a file called login.php with the following code:

    [code:1:968b1191ef]
    <?

    // login.php - performs validation

    // authenticate using form variables
    $status = authenticate($_POST['f_user'], $_POST['f_pass']);

    // if user/pass combination is correct
    if ($status == 1)
    {
    // initiate a session
    session_start();

    // register some session variables
    $_SESSION['SESSION_STARTED']="is_set";

    // including the username
    $_SESSION['SESSION_UNAME']=$_POST['f_user'];

    // redirect to protected page
    header("Location: inner.sanctum.php");
    exit();
    }
    else
    // user/pass check failed
    {
    // redirect to error page
    header("Location: error.php?e=$status");
    exit();
    }

    // authenticate username/password against a database
    // returns: 0 if username and password is incorrect
    // 1 if username and password are correct
    function authenticate($user, $pass)
    {
    // configuration variables
    // normally these should be sourced from an external file
    // for example: include("dbconfig.php");
    // variables explicitly set here for illustrative purposes
    $db_host = "dev00";

    // connect
    $connection=@ocilogon(;$user, $pass, $db_host); // or die ("unable to connect to DB!");


    // if row exists -> user/pass combination is correct
    if ($connection)
    {
    return 1;
    }
    // user/pass combination is wrong
    else
    {
    return 0;
    }
    }

    ?>
    [/code:1:968b1191ef]

    And inner.sanctum.php:

    [code:1:968b1191ef]
    <?
    // inner.sanctum.php - secure page

    // session check
    session_start();

    if (!isset($_SESSION['SESSION_STARTED'])) {
    header("Location: error.php?e=2");
    exit();
    }
    ?>

    <html>
    <head>
    <basefont face="Verdana">
    </head>

    <body>

    <center>
    Welcome to the inner sanctum. We've been waiting for you. </center> <p
    align="right"> <font size="-1"><a href="logout.php">Goodbye</a></font>
    </body>
    </html>
    [/code:1:968b1191ef]

    error.php:
    [code:1:968b1191ef]
    <?
    // error.php - destroys session and returns to login form
    ?>

    <html>
    <head>
    <basefont face="Verdana">
    </head>

    <body>

    <?

    if (isset($_GET['e'])) {
    $e=$_GET['e'];
    }
    else {
    $e=-1;
    }

    // check the error code and generate an appropriate error message
    switch ($e) {
    case -1:
    $message = "No such user.";
    break;

    case 0:
    $message = "Invalid username and/or password.";
    break;

    case 2:
    $message = "Unauthorized access.";
    break;

    default:
    $message = "An unspecified error occurred.";
    break;
    }
    ?>

    <center>
    <? echo $message; ?>
    <br>
    Please <a href="index.php">log in</a> again.
    </center>

    </body>
    </html>
    [/code:1:968b1191ef]

    And finally logout.php:
    [code:1:968b1191ef]
    <?
    // logout.php - destroys session and returns to login form

    // destroy all session variables
    session_start();
    session_destroy();

    // redirect browser back to login page
    header("Location: index.php");
    ?>
    [/code:1:968b1191ef]

    You now have a basic login system which authenticates by succesful connection to a DB, in this case Oracle. You can change the login process by ammending login.php, this could reference a file with MD5 encoded passwords, or it could automatically connect to a mySQL DB and check the entered username and password against a users table. If your site has a forum, then often linking into the forums user table from this script is a neat way of doing things wiothout having to maintain multiple datasets for your users. If you get stuck, send me a pm and I'll create an example for phpBB for you.

    Cheers

    Simon
  • pfgannonpfgannon Moderator Administrator
    wow!
    thanks alot!
    i think that deserves an award :D
    logo.png
    Submit your threads
    Music Forum
    My Web Entrepreneur Blog
    VolumeBoost - Member Chosen Music News
  • tonytony Moderator Administrator
    i think that does deserve an award

    im new to this php/mysql malarky
    so you said that was for an oracle database my host doesnt have that, what would i have to change to make it work with mysql? and i dont have a forum yet so i dont need to do that, although it is a good idea

    and im presuming inner.sanctum would be where my gallery goes?

    and thanks for the help that was a lot of detail
  • celicaukcelicauk Beginner Link Clerk
    modified login.php file to suit mySQL database:

    [code:1:4a1955d90e]
    <?

    // login.php - performs validation

    // authenticate using form variables
    $status = authenticate($_POST['f_user'], $_POST['f_pass']);

    // if user/pass combination is correct
    if ($status == 1)
    {
    // initiate a session
    session_start();

    // register some session variables
    $_SESSION['SESSION_STARTED']="is_set";

    // including the username
    $_SESSION['SESSION_UNAME']=$_POST['f_user'];

    // redirect to protected page
    header("Location: inner.sanctum.php");
    exit();
    }
    else
    // user/pass check failed
    {
    // redirect to error page
    header("Location: error.php?e=$status");
    exit();
    }

    // authenticate username/password against a database
    // returns: 0 if username and password is incorrect
    // 1 if username and password are correct
    function authenticate($user, $pass)
    {
    // configuration variables
    // normally these should be sourced from an external file
    // for example: include("dbconfig.php");
    // variables explicitly set here for illustrative purposes
    $dbserver = "localhost";

    // connect
    $connection=mysql_connect($dbserver, $user, $pass); // or die ("unable to connect to DB!");

    // connection failed
    if (!$connection)
    {
    return 0;
    }
    // Connected ok
    else
    {
    return 1;
    }
    }

    ?>
    [/code:1:4a1955d90e]

    Note that as with the Oracle version this is only testing success by using the DB login, you would normally have a user table to verify the data entered against. If your stuck I can knock one up for you. Also not that in mySQL you need to select the database to use once your logged onto the server.

    Cheers

    Simon
Sign In or Register to comment.