PDA

View Full Version : I have a new code... now what?



BLiZZaRD
08-05-2005, 09:31 PM
I was in another forum and was given the following code:


<?php
if($_POST['user']) {
if(($_POST['user'] == "john") && ($_POST['pass'] == "travolta")) header("Location: johntravolta.php");
else if(($_POST['user'] == "john") && ($_POST['pass'] == "cusak")) header("Location: johncusak.php");
} else {
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>Log in</title>
</head>
<body>
<form action="<?=$PHP_SELF?>" method="post">
<p>Username: </p><input type="text" name="user"/>
<p>Password: </p><input type="password" name="pass"/>
</form>
</body>
</html>
<?php } ?>
Thank you to Twey for the code and advice...

Now by reading this you can see what I want to accomplish, to seperate destinations from one password box, with two different passwords and one common username (john/travolta & john/cusak in the above example).

Now due to the nature of my site, this is why I am afraid this code wont work. My site is a riddle site where players have to use all availiable resources to find the hidden hints, and manipulate sounds, text and pitctures etc to find the correct word(s) to get to the next level. One of the most common places to hide these clues is the source code.

Obviously I can't have the answers in the source code.

Can anyone tell me where I might find a way to do this code with HTML, using the .htaccess and .password files, OR even some way to disable completely the access to the source code (must be applicable for ALL browsers, and include right clicking, as well as view--souce).

Thank you again to Twey for the original code, and for the help.
(I am playing around with this code to try and make it work)
BLiZZ

Twey
08-06-2005, 08:15 AM
PHP source code is invisible. Only the HTML the PHP outputs is actually sent to the browser; the PHP itself (with the username and password) is totally invisible to the browser and user.

BLiZZaRD
08-06-2005, 10:10 AM
:D YAY!


Learning new things about computer languages is daunting, but I am doing it!

Anyone know where I can go online for a good php recource guide or e-book, or tutorials or lessons, anything? I can't afford schools, and I am better at learning by doing.

Thanks again Twey,


BLiZZ

Twey
08-06-2005, 10:25 AM
The php.net tutorial is a little confusing for beginners. Try the W3Schools one (http://www.w3schools.com/php/default.asp).

There is, by the way, no way to totally hide the source from users. If the browser can see it, the user can see it. The only way to hide code is to execute it server-side (which is what PHP does) so it is never sent to the browser.

BLiZZaRD
08-06-2005, 10:33 AM
Much THANKS again. I will start studying immediatley.


You're a genius Twey.



BLiZZ

Twey
08-06-2005, 12:27 PM
Why thankyou. :p

BLiZZaRD
08-07-2005, 10:17 AM
Okay, color me stupid..... I prefer orange!


anyway, I have the code, I have it set up with my paramaters, header tags lead to my real pages, etc..

I saved it (as a test of course ) as a .php file and uploaded it to my server. Great! I pointed the URL to the page and sure enough, there was a user name box and a password box.

So I tested it out, I entered john in the user field and travolta in the pass field. Then I found my problem. There is no submit button. I have started the w3schools tutorial, and am on page 3 :D

but I fear this request is too advanced for where I am in the tutorials. so I am asking the almighty minds here for some advice and guidance while I continue my learning...

What exactly I want to accomplish is this:

On my web page lets say, www.mypage.com/level1/page1.htm, is a picture. now I have image mapped this picture and the hot spot is what I want to lead to the password box mentioned in the coding above. Now, once again, if the user enters john/travolta I want them to go to www.mysite.com/level2/page2.htm likewise, if they enter john/cusak I want them to go to: www.mysite/level3/page3.htm

So, knowing what I know about .htaccess, what I want isn't easily obtained, so I turned to the php gods... Using the code above, is what I want possible, and if so, where do I place the code? For example, I have to make the hotspot on the image go SOMEWHERE, but the password box will redirect them to the separate pages, right? So do I need to input the code into a .htaccess page, and the code will handle itself? or do I need to forget the hotspot and make a link, etc.

Also, what do I need to do to make a submit button for the password code above? and, ( I am picky huh? ) if at all possible, can this code come into view as a pop up password box, instead of a page on the website?

I hope I have clarified enough, if not ask what you need and I will do my best.

For now... on to page 4 of my lesson! ;)

Twey
08-07-2005, 01:21 PM
Whoops, I did it again :o
<input type="submit" value="Go"/>
will add a submit button. Put it wherever you like (inside the form).

<form action="<?=$PHP_SELF?>" method="post">
<p>Username: <input type="text" name="user"/><br/>
Password: <input type="password" name="pass"/><br/>
<input type="submit" value="Log in"/></p>
</form>
Probably isn't valid, I can't remember the rules for form and paragraph nesting.

So, knowing what I know about .htaccess, what I want isn't easily obtained, so I turned to the php gods... Using the code above, is what I want possible, and if so, where do I place the code? For example, I have to make the hotspot on the image go SOMEWHERE, but the password box will redirect them to the separate pages, right? So do I need to input the code into a .htaccess page, and the code will handle itself? or do I need to forget the hotspot and make a link, etc.
No, what you need to forget about is .htaccess. There's no need to manhandle the webserver in the scenario you describe, and, if you're using PHP, there usually never is. What you want, however, can be done in plain old HTML. It works like so:


<map name="tre" id="tring">
<area href="pass.php" shape="rect" coords="40,159,82,176" alt="" style="cursor:default;"/>
<!-- You should never usually use a blank alt, but in this case an alt
would give away the location of the area. cursor:default stops the
cursor changing to a hand when it moves over the area. coords= is
the location of the rectangle, top-left-x, top-left-y, bottom-right-x, bottom-right-y. -->
</map>
<img src="imgmap.jpg" alt="Image Map" usemap="#tre" style="border:0;"/>


You can also do server-side image maps, but they're evil little beggars.

BLiZZaRD
08-07-2005, 02:40 PM
Twey, you are the man!

Everything works perfectly. I did have to adjust the <p> </p> and made them <br>'s instead, but other than that its a gem!


THANK YOU SO MUCH!

Now, back to my studies... php tutorial page 5!

WEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE

mwinter
08-08-2005, 01:25 PM
<form action="<?=$PHP_SELF?>" method="post">
<p>Username: <input type="text" name="user"/><br/>
Password: <input type="password" name="pass"/><br/>
<input type="submit" value="Log in"/></p>
</form>
Probably isn't valid, I can't remember the rules for form and paragraph nesting.It's valid XHTML, parsable HTML from the point of view of modern browsers, but not what you may expect from the perspective of HTML itself.

I'd write that as:


<form ...>
<div>
<label>Username: <input type="text" name="user"></label>
<label>Password: <input type="password" name="user"></label>
<input type="submit" value="Log in">
</div>
</form>In more complicated forms, I might use a fieldset element instead of a div. In either case, the style sheet would then make those label elements block level, perhaps add margins for a little spacing, and align the child input elements, if desired.


label {
display: block;
margin-bottom: 1ex;
position: relative;
}
label input {
left: 7em;
position: absolute;
}I haven't checked how that would look; it might need (a lot of :)) tweaking.


You should never usually use a blank alt,An empty alt attribute is fine for decorative images.


but in this case an alt would give away the location of the area.If you're worried about tooltips (which shouldn't result from the use of alt, but does in some browsers), then add an empty title attribute.


You can also do server-side image maps, but they're evil little beggars.They're also less accessible as only users that can see the image can know where they're clicking, and where they might be taken.

Mike

Twey
08-08-2005, 02:34 PM
add an empty title attribute
Does a lack of title attribute result in a tooltip?

mwinter
08-08-2005, 02:51 PM
Does a lack of title attribute result in a tooltip?In IE, yes. It will display the content of an alt attribute if there is one, but no title attribute. However, if a title attribute is present (even if empty), it will use that in preference.

Mike

BLiZZaRD
08-09-2005, 02:15 PM
:D Guess who, oh great gods of php (lol)


I have said before that the code I got in the beginning, and now added the submit= line, works great. the two pass. take the viewer to the different pages, just like I wanted...

BUT... now I found another problem. I have made a THIRD page, call it an error page, how can I tweak this code to default to this third page when ANYTHING other than the 2 u/n and p/w specified is input?

does that make sense?

...

Twey
08-09-2005, 05:36 PM
Take this:

if(($_POST['user'] == "john") && ($_POST['pass'] == "travolta")) header("Location: johntravolta.php");
else if(($_POST['user'] == "john") && ($_POST['pass'] == "cusak")) header("Location: johncusak.php");
and add this:

else header("Location: wrong.php");
so you get this:

if(($_POST['user'] == "john") && ($_POST['pass'] == "travolta")) header("Location: johntravolta.php");
else if(($_POST['user'] == "john") && ($_POST['pass'] == "cusak")) header("Location: johncusak.php");
else header("Location: wrong.php");

BLiZZaRD
08-09-2005, 06:05 PM
Weird, I tried that and it didn't work, I was going to be so proud of myself for doing it on my own finally, but NOOOOOOO... lmao


I must have left out a { or something, lol.

But I added the string and it works..

Thanks once again! :D

mwinter
08-10-2005, 01:52 AM
else header("Location: wrong.php");It should be noted that the value of the Location header must be an absolute URI. There's no notion of a base URI when dealing with redirection. Some browsers might assume the request URI, but they don't have to; they're being extremely kind.

Mike

Twey
08-10-2005, 10:22 AM
Oh right.
It works for every browser I've ever tried it in. I'll bear that in mind.

mwinter
08-10-2005, 12:17 PM
Oh right.
It works for every browser I've ever tried it in. I'll bear that in mind.Whatever your opinion is when it comes to standards and HTML, conformance should never be sacrificed when it comes to something as core as the underlying transport protocol. Displaying something incorrectly is one thing. Failing to do anything due to a badly-formed request is something else.

The PHP documentation provides an example for creating absolute URLs in its information regarding the header (http://uk2.php.net/manual/en/function.header.php) function.

As an aside, it's interesting to note that it's not just user agents that may misbehave when a relative URI is used. Someone mentions in the comments that IIS may attempt to follow such a redirect, rather than getting the user agent to do so.

Mike

Twey
08-10-2005, 02:28 PM
I always try to follow the standards. Hence my bearing it in mind. I was saying that it having worked in every browser I had tried it with was the reason why I'd never noticed this before.

BLiZZaRD
08-15-2005, 07:48 PM
HEY, yet another question...

How hard would it be to take this code and have it come in a pop up box instead of being a page in itself?

Meaning, right now I have my players clicking a link that takes them to the page where this code is and THEN entering the username and password infor and clicking submit. What would be awesome is if I could have them click the link and a password box appears and when they enter the correct u/n p/w combo they are taken to the next page?

It would cut out a step and save me some bandwidth. It would also be more asthetically pleasing.

Eventually I would also like to design this password box to fit my site, i.e. colors fonts titles, etc.

I am on page 6 of the tutorial too! and learning TONS!

Thanks for the help!

Twey
08-17-2005, 08:14 PM
You can use the window.prompt(message) function.
password = window.prompt("Please enter your password.");
I'm not at home at the moment, I'll write you an example when I get back - if Mike or John hasn't got there first.

Twey
08-23-2005, 05:43 PM
<script type="text/javascript">
function getPass(url) {
window.location.href = url + "?pass=" + urlencode(window.prompt("Please enter the password:"));
return false;
}
</script>
<a href="passcheck.php" onclick="getPass(this.href);">Go to password page</a>


passcheck.php:


<?php
$pass = $_GET['pass'];
if($pass == "john") {
// Do stuff
} else {
?>
<form method="get" action="<?=$PHP_SELF?>">
<input type="text" name="pass"/><input type="submit" value="OK"/>
</form>
<?php } ?>


Enjoy.

BLiZZaRD
08-24-2005, 03:36 AM
So if I understand right, I make the passcheck.php its own page, in its own folder, then I make the link to that and it will show up as a pop up box?

Will this also protect the file I redirect to if you already know the URL?

And I am guessing i need to add
<input type= "text" name= "user"/>

As well as change the GET_ to include the username...

the problem I have now is that if you KNOW the exact URL to the page I want to protect you can bypass this pop up box. :confused:

I don't mind using the .htaccess, more what I want is to "make" my own, personalized, pop up box.

will this code do that?

Twey
08-24-2005, 11:25 AM
Sort of.
For a username as well, you'll need two popup prompts because of the limitations of window.prompt().

<script type="text/javascript">
function getPass(url) {
window.location.href = url
+ "?user=" + urlencode(window.prompt("Please enter your username:"))
+ "&pass=" + urlencode(window.prompt("Please enter the password:"));
return false;
}
</script>
<a href="passcheck.php" onclick="getPass(this.href);">Go to password page</a>

It's never a good idea to redirect the user to another page when checking authentication. Try to include the check and the content on the same page.

passcheck.php:

<?php
$user = $_GET['user'];
$pass = $_GET['pass'];
if($user == "john" && $pass == "travolta") {
?>

<!-- Success page goes here. -->
<html>
<head>
<title>Passcheck passed!</title>
</head>
<body>
<p>
Congratulations. You've passed the password check!
</p>
</body>
</html>

<?php
} else {
?>

<!-- Failure page goes here. We include an HTML form for non-JS users who couldn't use the prompts. -->
<html>
<head>
<title>Wrong Password</title>
</head>
<body>
<p>
Either you have entered the wrong username/password, or your browser does not support Javascript. Try again below.
</p>
<form method="get" action="<?=$PHP_SELF?>">
User: <input type="text" name="user"/><br/>
Password: <input type="text" name="pass"/>
<input type="submit" value="OK"/>
</form>
</body>
</html>

<?php } ?>