Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 8 of 8
  1. #1
    Regular Coder
    Join Date
    Aug 2005
    Posts
    252
    Thanks
    23
    Thanked 0 Times in 0 Posts

    Adding logout to simple password protection script

    I found the following script I'd like to use for a simple password protected page. Is there a way to add a logout href? Also, is it possible have a javascript alert popup if the username or password is entered incorrectly?

    PHP Code:
    <?php 

    // Designate your username and password 
    $username "user"
    $password "pass"

    if (
    $_POST['user'] != $username || $_POST['pass'] != $password) { 

    ?> 

    <h1>Login</h1> 

    <form name="form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> 
         <p><label for="user">Username:</label><br> 
         <input type="text" title="Please enter your Username" name="user"></p> 

         <p><label for="pass">Password:</label><br> 
         <input type="password" title="Please enter your Password" name="pass"></p> 

         <p><input type="submit" name="Submit" value="Login"></p> 

    </form> 

    <?php 


    else { 

    ?> 

    <!-- Place your Password Protected content here --> 

    <p>Content.</p> 

    <?php 



    ?>

  • #2
    nst
    nst is offline
    New Coder
    Join Date
    Jul 2005
    Posts
    57
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hi.
    Where do you intend to store the user-password information?

  • #3
    Regular Coder
    Join Date
    Aug 2005
    Posts
    252
    Thanks
    23
    Thanked 0 Times in 0 Posts
    Hmm, didn't even think about that? Is there a simple alternative/solution? Also, what about the alert?...any ideas there?

  • #4
    nst
    nst is offline
    New Coder
    Join Date
    Jul 2005
    Posts
    57
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Also, what about the alert?...any ideas there?
    Putting the password in a javascript function, means that it can be easily revealed by viewing the source of the page.
    I 've seen that once, but it was a humoristic page, therefore there was no real risk.

    Normally you will want to store the password in a db or even a plain text file on the server (which is also not the most secure idea). You will always have to let the server do the check and if it returns 'false' you could have an alert box pop up, but imho it has no sense, since the server will reply too.
    The only way to invoke the alert box properly is to have the password inside a Javascript code, but as I said it depends on what you want to do, since it will not be a real password anymore.

    Maybe it is better if you describe better your intention.

  • #5
    Regular Coder Element's Avatar
    Join Date
    Jul 2004
    Location
    Lynnwood, Washington, US
    Posts
    855
    Thanks
    2
    Thanked 2 Times in 2 Posts
    I don't know javascript too well, but this may work better for you, its very simple, thouugh.


    PHP Code:
    <?php 

    session_start
    ();

    // Designate your username and password 
    $username "user"
    $password "pass"

    if (isset(
    $_POST['user']) && isset($_POST['pass'])) {
      if (
    $_POST['user'] == $username && $_POST['pass'] == $password) {
          
    $_SESSION['username'] = $_POST['user'];
          
    $_SESSION['password'] = md5($_POST['pass']);
          
    $logged_in true;
      } else {
          
    $logged_in false;
      }


    if (
    $_SESSION['username'] != $username && $_SESSION['password'] != md5($password)) {
          
    $logged_in true;
    } else {
          
    $logged_in false;
    }


    if (!
    $logged_in) { 

    ?> 

    <h1>Login</h1> 

    <form name="form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> 
         <p><label for="user">Username:</label><br> 
         <input type="text" title="Please enter your Username" name="user"></p> 

         <p><label for="pass">Password:</label><br> 
         <input type="password" title="Please enter your Password" name="pass"></p> 

         <p><input type="submit" name="Submit" value="Login"></p> 

    </form> 

    <?php 


    else { 

    ?> 

    <!-- Place your Password Protected content here --> 

    <p>Content.</p> 

    <?php 



    ?>
    Last edited by Element; 02-14-2006 at 06:43 PM.

  • #6
    New Coder
    Join Date
    Jan 2006
    Posts
    53
    Thanks
    0
    Thanked 0 Times in 0 Posts
    If your use data is set in sessions, use this to delete those sessions:

    PHP Code:
        session_unset();
        
    session_destroy(); 

  • #7
    Regular Coder Element's Avatar
    Join Date
    Jul 2004
    Location
    Lynnwood, Washington, US
    Posts
    855
    Thanks
    2
    Thanked 2 Times in 2 Posts
    yeah, so all you would need to do is put that in a if statement under the member content, and then have it only execute if $_GET['logout'] == 1 or something similar

  • #8
    Regular Coder
    Join Date
    Aug 2005
    Posts
    252
    Thanks
    23
    Thanked 0 Times in 0 Posts
    Great! Looks like the logout is solved.

    I need to clarify the other question though. With the js alert, I was hoping for an alert telling the person that is attempting to log in that their username and/or password was enterered incorectly...please try again.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •