Secure Log-in

[annski]

Hi,

I've just joined here and would be grateful for osme advice and help. I would like to have a members only page in my site and with that they would have to log-in within the website to access the site.

How and what do I do to create the log-in window in the site and then once they've entered the correct access they will access the secure page?

I've been reading about having php or build a MsQL database, I've been reading up on the below topics. I don't where and how do I insert these codes in my webpages? Please help.

Basic authentication
We hard code the username and password combination in the login script itself. Suitable for simple application


User & password stored in database
A very common method. We store all the user name and password information in the database


User authentication with image verification

Thank you.

A

[Twey]

I've been reading about having php or build a MsQL database

I take it that means you have both PHP and MySQL? If so, have a look at http://www.twey.co.uk/?q=encpass.

[annski]

Hi Twey,

Thank you. I'm no expert on this and I'm trying to learn, I haven't got a clue about MySQL and by the sounds of it the php will be the easiest and simplest way, I've got php scripts already in my pages, I use them for contact form etc..

I was advice to use a php but how do I create a log-in in my pages to then connect that to the members only page?

[Twey]

I haven't got a clue about MySQL and by the sounds of it the php will be the easiest and simplest way

A login script will probably require both PHP and MySQL, a language and a database.

[annski]

Hi,

I've just visited your site and I'm reading the bit where it says MySQL-based login script, for people who Just Want To Get On With It., that's me

It could be the one I require, where it says code do I cut and paste the code on top of the page to create a log-in box but then how does that script connect to the page the user want access to ie: the private pages?

Are all those codes in one box all for a log-in script? What happens after I have the log-in box?

Thank you

[blm126]

Here's another method you could use. The article is well written and simple, but it is a little out of date.

[Twey]

do I cut and paste the code on top of the page to create a log-in box

No, you need to save the file from the "Download" link at the bottom somewhere, give it a .php extension ('security.inc.php' for example) then include it (<?php include('security.inc.php'); ?>) at the top of the page(s) you wish to protect.

I've just visited your site and I'm reading the bit where it says MySQL-based login script, for people who Just Want To Get On With It.

Gah, I can't even remember the layout of my own site any more >.< I linked you to the wrong page, didn't I. Never mind.

Are all those codes in one box all for a log-in script? What happens after I have the log-in box?

The code there handles both the front- and back-ends of it. A default login page is provided, but you can edit that to match your site -- it's in plain HTML, nestled in amongst the PHP.

[annski]

Hi,

Thank you, yes it was wrong link but I browsed around the site.

No, you need to save the file from the "Download" link at the bottom somewhere, give it a .php extension ('security.inc.php' for example) then include it (<?php include('security.inc.php'); ?>) at the top of the page(s) you wish to protect.

1) Ok I've downloaded it, paste the entire script onto one of my page (at the top of page before Doc etc..then I saved it as an extension .php. ie:secure.page1.php - is that where they should be or should the scripts go under the HEAD tag?

2) I've put <?php 'secure.page1.php'; ?> in three of my .htm web pages - I put it right at the top again - is that where they should be? Is the code how it should be typed?

3) Now I'm wondering where is my log-in box as when I open the .php it all codes etc..so I thouught I'll just copy the secure.page1 but this time I saved it as a .htm page then the log-in box appears but also with the other text like wrong password go back and log-in bla..bla.

4) It's not connecting to the page that I'm supposed to have access to

5) How do I set the password and username?

Sorry for all the questions, I know I'll get there in the end just need a bit of guidance. Thank you.

[blm126]

1) There should be nothing but twey's script in a file called security.inc.php
2)Yes,it goes at the top(before the <html> tag). The code is the following

PHP Code:

<?php require('security.inc.php'); ?>

Please note that any page you are using to protect with this needs to have an extension of PHP or have your server configured to treat them as PHP.
3) see above note
4)Follow number two above
5)Through your preferred database tool.Something like PhpMyAdmin.

[Strangeplant]

A MySQL database is really easy to create, so just do it and get it over with. It is a MUST to make any kind of login work with mulitple or outside users. Don't avoid basic required work. If you want to add, delete, merge or change column widths in the database later, it can be done with ease. There is only one really firm requirement, that you have a column for a unique non-repeating key, and it must be assigned at the start (such as a record number); all other fields can be sorted.

Short, easy to follow examples are on the web to help you. There are many resources, and just one, for example is a cookbook: http://www.webdevelopersnotes.com/tutorials/sql/ If you need help in getting things to work, just ask. For editing it easily, you can use something like MyEdit (or MyAdmin), both freeware, I believe, that gives you a web interface to your database too.

Just two comments that I found helpful: add a date column for 'last accessed', so that you can delete old inactive users since after a while the database can grow to be huge; backup your database regularly (and automatically - as a cron job.)