...

View Full Version : Adding logout to simple password protection script



Errica
02-14-2006, 07:06 PM
I found the following script I'd like to use for a simple password protected page. Is there a way to add a logout href? Also, is it possible have a javascript alert popup if the username or password is entered incorrectly?


<?php

// Designate your username and password
$username = "user";
$password = "pass";

if ($_POST['user'] != $username || $_POST['pass'] != $password) {

?>

<h1>Login</h1>

<form name="form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<p><label for="user">Username:</label><br>
<input type="text" title="Please enter your Username" name="user"></p>

<p><label for="pass">Password:</label><br>
<input type="password" title="Please enter your Password" name="pass"></p>

<p><input type="submit" name="Submit" value="Login"></p>

</form>

<?php

}
else {

?>

<!-- Place your Password Protected content here -->

<p>Content.</p>

<?php

}

?>

nst
02-14-2006, 07:10 PM
Hi.
Where do you intend to store the user-password information?

Errica
02-14-2006, 07:12 PM
Hmm, didn't even think about that? Is there a simple alternative/solution? Also, what about the alert?...any ideas there?

nst
02-14-2006, 07:26 PM
Also, what about the alert?...any ideas there?

Putting the password in a javascript function, means that it can be easily revealed by viewing the source of the page.
I 've seen that once, but it was a humoristic page, therefore there was no real risk.

Normally you will want to store the password in a db or even a plain text file on the server (which is also not the most secure idea). You will always have to let the server do the check and if it returns 'false' you could have an alert box pop up, but imho it has no sense, since the server will reply too.
The only way to invoke the alert box properly is to have the password inside a Javascript code, but as I said it depends on what you want to do, since it will not be a real password anymore.

Maybe it is better if you describe better your intention.

Element
02-14-2006, 07:36 PM
I don't know javascript too well, but this may work better for you, its very simple, thouugh.




<?php

session_start();

// Designate your username and password
$username = "user";
$password = "pass";

if (isset($_POST['user']) && isset($_POST['pass'])) {
if ($_POST['user'] == $username && $_POST['pass'] == $password) {
$_SESSION['username'] = $_POST['user'];
$_SESSION['password'] = md5($_POST['pass']);
$logged_in = true;
} else {
$logged_in = false;
}
}

if ($_SESSION['username'] != $username && $_SESSION['password'] != md5($password)) {
$logged_in = true;
} else {
$logged_in = false;
}


if (!$logged_in) {

?>

<h1>Login</h1>

<form name="form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<p><label for="user">Username:</label><br>
<input type="text" title="Please enter your Username" name="user"></p>

<p><label for="pass">Password:</label><br>
<input type="password" title="Please enter your Password" name="pass"></p>

<p><input type="submit" name="Submit" value="Login"></p>

</form>

<?php

}
else {

?>

<!-- Place your Password Protected content here -->

<p>Content.</p>

<?php

}

?>

Zegg90
02-14-2006, 07:54 PM
If your use data is set in sessions, use this to delete those sessions:


session_unset();
session_destroy();

Element
02-14-2006, 08:53 PM
yeah, so all you would need to do is put that in a if statement under the member content, and then have it only execute if $_GET['logout'] == 1 or something similar

Errica
02-15-2006, 01:58 PM
Great! Looks like the logout is solved.

I need to clarify the other question though. With the js alert, I was hoping for an alert telling the person that is attempting to log in that their username and/or password was enterered incorectly...please try again.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum