PDA

View Full Version : Secure Log-in



annski
08-21-2006, 09:45 PM
Hi,

I've just joined here and would be grateful for osme advice and help. I would like to have a members only page in my site and with that they would have to log-in within the website to access the site.

How and what do I do to create the log-in window in the site and then once they've entered the correct access they will access the secure page?

I've been reading about having php or build a MsQL database, I've been reading up on the below topics. I don't where and how do I insert these codes in my webpages? Please help.:eek:

Basic authentication
We hard code the username and password combination in the login script itself. Suitable for simple application


User & password stored in database
A very common method. We store all the user name and password information in the database


User authentication with image verification

Thank you.

A

Twey
08-21-2006, 09:57 PM
I've been reading about having php or build a MsQL databaseI take it that means you have both PHP and MySQL? If so, have a look at http://www.twey.co.uk/?q=encpass.

annski
08-21-2006, 10:09 PM
Hi Twey,

Thank you. I'm no expert on this and I'm trying to learn, I haven't got a clue about MySQL and by the sounds of it the php will be the easiest and simplest way, I've got php scripts already in my pages, I use them for contact form etc..

I was advice to use a php but how do I create a log-in in my pages to then connect that to the members only page?

Twey
08-21-2006, 10:29 PM
I haven't got a clue about MySQL and by the sounds of it the php will be the easiest and simplest wayA login script will probably require both PHP and MySQL, a language and a database.

annski
08-21-2006, 10:36 PM
Hi,

I've just visited your site and I'm reading the bit where it says MySQL-based login script, for people who Just Want To Get On With It., that's me

It could be the one I require, where it says code do I cut and paste the code on top of the page to create a log-in box but then how does that script connect to the page the user want access to ie: the private pages?

Are all those codes in one box all for a log-in script? What happens after I have the log-in box?

Thank you

blm126
08-21-2006, 10:44 PM
Here's (http://www.sitepoint.com/article/http-authentication-php) another method you could use. The article is well written and simple, but it is a little out of date.

Twey
08-21-2006, 10:58 PM
do I cut and paste the code on top of the page to create a log-in boxNo, you need to save the file from the "Download" link at the bottom somewhere, give it a .php extension ('security.inc.php' for example) then include it (<?php include('security.inc.php'); ?>) at the top of the page(s) you wish to protect.
I've just visited your site and I'm reading the bit where it says MySQL-based login script, for people who Just Want To Get On With It.Gah, I can't even remember the layout of my own site any more >.< I linked you to the wrong page, didn't I. Never mind.
Are all those codes in one box all for a log-in script? What happens after I have the log-in box?The code there handles both the front- and back-ends of it. A default login page is provided, but you can edit that to match your site -- it's in plain HTML, nestled in amongst the PHP.

annski
08-21-2006, 11:46 PM
Hi,

Thank you, yes it was wrong link but I browsed around the site.

No, you need to save the file from the "Download" link at the bottom somewhere, give it a .php extension ('security.inc.php' for example) then include it (<?php include('security.inc.php'); ?>) at the top of the page(s) you wish to protect.

1) Ok I've downloaded it, paste the entire script onto one of my page (at the top of page before Doc etc..then I saved it as an extension .php. ie:secure.page1.php - is that where they should be or should the scripts go under the HEAD tag?

2) I've put <?php 'secure.page1.php'; ?> in three of my .htm web pages - I put it right at the top again - is that where they should be? Is the code how it should be typed?

3) Now I'm wondering where is my log-in box as when I open the .php it all codes etc..so I thouught I'll just copy the secure.page1 but this time I saved it as a .htm page then the log-in box appears but also with the other text like wrong password go back and log-in bla..bla.

4) It's not connecting to the page that I'm supposed to have access to

5) How do I set the password and username?

Sorry for all the questions, I know I'll get there in the end just need a bit of guidance. Thank you.

blm126
08-22-2006, 12:30 PM
1) There should be nothing but twey's script in a file called security.inc.php
2)Yes,it goes at the top(before the <html> tag). The code is the following


<?php require('security.inc.php'); ?>

Please note that any page you are using to protect with this needs to have an extension of PHP or have your server configured to treat them as PHP.
3) see above note
4)Follow number two above
5)Through your preferred database tool.Something like PhpMyAdmin.

Strangeplant
08-22-2006, 01:12 PM
A MySQL database is really easy to create, so just do it and get it over with. It is a MUST to make any kind of login work with mulitple or outside users. Don't avoid basic required work. If you want to add, delete, merge or change column widths in the database later, it can be done with ease. There is only one really firm requirement, that you have a column for a unique non-repeating key, and it must be assigned at the start (such as a record number); all other fields can be sorted.

Short, easy to follow examples are on the web to help you. There are many resources, and just one, for example is a cookbook: http://www.webdevelopersnotes.com/tutorials/sql/ If you need help in getting things to work, just ask. For editing it easily, you can use something like MyEdit (or MyAdmin), both freeware, I believe, that gives you a web interface to your database too.

Just two comments that I found helpful: add a date column for 'last accessed', so that you can delete old inactive users since after a while the database can grow to be huge; backup your database regularly (and automatically - as a cron job.)

annski
08-22-2006, 03:09 PM
Thank you for your replies guys, much appreciated. I've been reading through the MySQL I think it's more complicated than doing the php bit.

Hi Blm126

1) There should be nothing but twey's script in a file called security.inc.php. Apology for sounding dah but I don't know what you mean should be nothing.
I've pasted the whole scripts in one of my webpage right at the top of the source code (the page is a normal webpage it has images, text colours etc) or should I paste the script in an empty page then save it as ie: firstpage.secure.php?

2)Yes,it goes at the top(before the <html> tag). The code is the following
PHP Code:
<?php require('security.inc.php'); ?>
Please note that any page you are using to protect with this needs to have an extension of PHP or have your server configured to treat them as PHP.

Ok for example I have this web page called abc.htm, I then insert <?php require ('firstpage.secure.php'); ?> right at the top of the source code before the bit where it says <!DOCTYPE HTML PUBLIC " and save it as abc.php, is that correct?

3) see above note Sorry can you elaborate on this, which file am I going to use for log-in page?

4)Follow number two above I'll check this one

5)Through your preferred database tool.Something like PhpMyAdmin. I'm so sorry but I don't know where I could find this and how to use it?

I'm new on this as you could tell but I'm determine to learn no matter how long it takes as hopefully one day when the questions arises again maybe I'll be able to help others a little at least.

Thank you so much.

Twey
08-22-2006, 03:25 PM
I've been reading through the MySQL I think it's more complicated than doing the php bit.But you have a MySQL database set up, yes?
I've pasted the whole scripts in one of my webpage right at the top of the source code (the page is a normal webpage it has images, text colours etc) or should I paste the script in an empty page then save it as ie: firstpage.secure.php?It should be in a separate file.
Ok for example I have this web page called abc.htm, I then insert <?php require ('firstpage.secure.php'); ?> right at the top of the source code before the bit where it says <!DOCTYPE HTML PUBLIC " and save it as abc.php, is that correct?Yes, if you've called the file firstpage.secure.php.
which file am I going to use for log-in page? All the protected pages will generate a login form if the user isn't logged in; there's no need to create a separate page.
I'm so sorry but I don't know where I could find [phpMyAdmin] and how to use it?http://www.google.com/search?q=phpmyadmin&btnI=true

annski
08-22-2006, 04:25 PM
Hi,

No, I have not a clue about MySQL I've mentioned it as I was reading up about it but I'd rather use this php thing as it seems quicker to set up, I hope.

Thank you for that. I think I'm getting the understanding of it, a little. Ok I've done all that now, I've pasted the script and save it then put all the php code on each of the file I want protecting then save it as filename.php instead of htm.

When I fist tried it out, yes it prompted me to log-in so I just put whatever name and password then it got me in (worrying) but then when Itried to log-in again it says this message Access denied for user: 'apache@localhost' (Using password: NO)

I've checked out that Phpmyadmin link you sent, there are three version to download, do I download one? Which version then what happens after I've downloaded it?

Many thanks.

Twey
08-22-2006, 05:51 PM
No, I have not a clue about MySQL I've mentioned it as I was reading up about it but I'd rather use this php thing as it seems quicker to set up, I hope.My script, as with most PHP scripts of this type, uses MySQL as a backend. You will need a working database to use it. You seem to be under the impression that PHP and MySQL are alternatives. This is not so. MySQL is only a database system. It has a limited Structured Query Language that can perform some operations, but these are mostly limited to result selection. To manipulate the data retrieved, a language like PHP is required.

annski
08-22-2006, 08:25 PM
Hi,

I did think it was kind of an option which one to use, oh dear I thought I've got it going then:(

So now I've also got to learn MsQL and download that phpmyadmin as well, which I've no clue of using?

So I can't just use the scripts that you gave me then I also have to create MySQL database, hmmmmmm:confused: how do I do start? and where do I start? I've seen within my hosting account that there is MySQL, it says either you could create or upload it? How do you create it? Is it like a webpage or what?

I'm so disappointed with my silly self now because I thought yes I've cracked it despite others have been telling me not to bother but I was determine to learn and that.:(

blm126
08-22-2006, 08:46 PM
*sigh* you don't need MySQL. It is entirely possible to create a flat file(just PHP) alternative. However, before I go on. Is the password/user list updated often?Don't get discouraged, this is going to be a great learning experience for you! Also, what is your host? They may provide PhpMyAdmin.

annski
08-22-2006, 09:47 PM
Hi,

Thank you, it certainly is a learning curve for me, but when I do crack the code hey presto I'll celebrate and I have you all guys to thank for, you've all been very very patience and helpful.

I'm off to find out about phpMyAdmin. Hope I get it all working before I'm old and grey:D

annski
08-25-2006, 12:36 AM
Hi,

I have checked with my host they say I need to see MySQL then the phpmyadmin can be accessed there something like that, please can anyone help to get onto the next process as I think it will hopefully work just the password & username that I don't know how to do:confused: :confused:

blm126
08-25-2006, 02:39 AM
Does your host use Cpanel?

annski
08-29-2006, 09:45 AM
Hi,

Thank you for your reply. Yes I think it is on Linux server and using Cpanel.

blm126
08-29-2006, 03:53 PM
http://www.cpanel.net/docs/cpanel/
This will take you to the Cpanel documentation. In the menu, there is one just for MySQL. Read through that chapter is will get you going

annski
08-29-2006, 04:30 PM
Hi,

Thank you for that link, looks very helpful. Just want to check even though I've got the php scripts, log-in etc within my web pages, do I still need to create MySQL database?

blm126
08-29-2006, 05:28 PM
Yes. MySQL is merely a storage method. PHP is the "front end"