PDA

View Full Version : php private area in php (no database) - customization



scareface
11-18-2008, 10:44 AM
hi there

I'm setting up a private area for a website, the private area is in php whit the username/password stored in a php file there's no need for a database in mysql.

after trying a lot of different php scripts I found whit this one that suits my case well.

everything is working fine but I would like to add two things, as my new to php I didn't got it working fine

- a logout page that deletes the cookies
- deny the direct acces to protected files if the user is not logged (so I suppose a php control over the cookie)

the script is basically this two php files:

login form
form.php


<head>
<title>Private area</title><?
require ("config.php");?>
<link href="form1.css" rel="stylesheet" type="text/css">
<link href="button.css" rel="stylesheet" type="text/css">

<link href="orsa2.css" rel="stylesheet" type="text/css">
<style type="text/css">
.style1 {
font-weight: bold;
text-decoration: underline;
font-size: 17px;
}
</style>
</head>

<div align="center">
<form name="Offmania_Pages_Protected" method="post" action="invia.php">
<table width="<? echo $lunghezza_tabella ?>" border="0" align="center" cellpadding="0" class="tabella">
<tr>
<td><span class="titlefont">Utente</span></td>
</tr>
<tr>
<td>
<input name=primo class="form1" size="<? echo $lunghezza_campo1 ?>" maxlength="<? echo $lunghezza_max_campo1 ?>" style="width: 140px"><br></td>
</tr>
<tr>
<td><span class="titlefont">password</span></td>
</tr>
<tr>
<td>
<input name=secondo type="password" class="form1" size="<? echo $lunghezza_campo2 ?>" maxlength="<? echo $lunghezza_max_campo2 ?>" style="width: 140px"></td>
</tr>
<td><input type="submit" name="Submit" value="Entra" class=button >
<input type="reset" name="Submit2" value="Cancella" class=button >
<?
echo "<input type=hidden name=ipadress value=$REMOTE_ADDR>";
echo "<input type=hidden name=referer value=$HTTP_REFERER>";
echo "<input type=hidden name=ora value=$ora>";
echo "<input type=hidden name=data value=$data>";
?>
</td>

</table></form>
</div>



invia.php

contains the username/passwords, the link to the protected pages as well the link to the error file


<title>Private area</title>
<?
require ("config.php");?>
<html><head></head><body margineight="50">
<?
if ($primo == "Admin" and $secondo == "Admin")

{
include ("area/1.php"); ### protected page of the firs user
}
elseif ($primo == "demo" and $secondo == "demo")
{
include ("area/2.php"); ### protected page of the second user
}
########### decommentare (eliminare #) per aumentare le pagina de proteggere naturalmente se ne possono aggiungere altre

###elseif ($primo == "3" and $secondo == "33")
### {
### include ("protette_000p/esempio3.php"); ### indirizzo della pagina da proteggere in cui si accede dopo la login
###}
###elseif ($primo == "4" and $secondo == "44")
### {
### include ("protette_000p/esempio4.php"); ### indirizzo della pagina da proteggere in cui si accede dopo la login
###}
############
else (include "area/err.php"); ### error page
?>
</body></html>

so what part of the php code do I have to change to get that issues fixed?!

many thanks!!!

JasonDFR
11-21-2008, 05:50 PM
<?php session_start();?>
<?php

if ( isset($_POST['login']) ) { // Login branch

$_SESSION['LOGGED_IN'] = false; // Assume false

// Process Login

$user_name = $pass_word = false;

if ( !empty($_POST['user_name']) && !empty($_POST['pass_word']) ) {

$user_name = $_POST['user_name'];
$pass_word = $_POST['pass_word'];

if ($user_name == "admin" and $pass_word == "admin") {

$_SESSION['ADMIN'] = true;
header("Location: area/2.php"); ### protected page of the first user
exit;

} elseif ($user_name == "demo" and $pass_word == "demo") {

$_SESSION['DEMO'] = true;
header("Location: area/2.php"); ### protected page of the second user
exit;

} else {

header("Location: area/err.php"); ### error page
exit;
}

} else {

header("Location: area/err.php"); ### error page
exit;

}

}
?>

******* PUT YOUR HTML HEADER HERE *******

<div id="content">

<form id="login" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">

<h2>Login</h2>

<fieldset>

<legend>Enter your information below</legend>

<label for="user_name">User Name</label>
<input type="text" id="user_name" name="user_name" value="" />

<label for="pass_word">Pass Word</label>
<input type="password" id="pass_word" name="pass_word" value="" />

<input type="hidden" name="login" value="1" />

<p><input name="submit" type="submit" /></p>

</fieldset>

</form> <!-- end login -->

</div> <!-- end content -->

****** PUT YOUR HTML FOOTER HERE ******

Then on area/1.php and area/2.php put this (change ADMIN to DEMO for 2.php):



<?php session_start(); ?>
</php
if ( isset($_SESSION['ADMIN']) ) {
if ( $_SESSION['ADMIN'] == true ) {
?>
THIS AREA IS PROTECTED. ONLY 'ADMIN' CAN SEE IT

******* PUT YOUR HTML HEADER HERE *******

<div id="content">

</div> <!-- end content -->

******* PUT YOUR HTML FOOTER HERE *******
<?php
} else {
exit("Go Away");
}
} else {
exit("Go Away");
}
?>

There might be one or two mistakes in my code. I didn't test it out. This is also pretty basic security. You can easily build on it to make it more advanced as you learn more.

I'll let you or someone else figure out the logout part. I'll give you a hint: session_destroy();

Good Luck.