OP
OP
murdocsvan
Web Programmer
- Messages
- 896
- Location
- Surrey, UK
Awesome, thanks. Can you see anything i've missed out?
PHP form password with MD5
- Thread starter murdocsvan
- Start date
- Status
OP
OP
murdocsvan
Web Programmer
- Messages
- 896
- Location
- Surrey, UK
I was also reading about sessions and i read that the old session has been depracated by $_SESSION. I've tried changing it, but i've found i've got a parse error when i request the session on the other pages. No problem with registering it though.
This is the code that gives me an error:
And this is the code that sets the variable on the check_login page:
Lol it probably isn't very secure.
Thanks in advanced.
This is the code that gives me an error:
PHP:
<?php
session_start();
if(!isset($_SESSION['logged'))
{
header("location:login/main_login.htm");
}
?>And this is the code that sets the variable on the check_login page:
PHP:
if($count==1)
{
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['logged'] = "yes";
header("location:login_success.php");
}
else
{
echo "Error: Wrong Username or Password";
}Lol it probably isn't very secure.
Thanks in advanced.
I don't see anything that would give an error. Can you post the error you get?
Also, instead of doing $_SESSION['logged'] = "yes", make it a Boolean. $_SESSION['logged'] = true.
Then, when you check for it, do if ($_SESSION['logged'] == true) { //asdfasdf }
OP
OP
murdocsvan
Web Programmer
- Messages
- 896
- Location
- Surrey, UK
haha turned out i was just using the wrong type of bracket, if you look at $_SESSON i put ['logged') instead of ['logged']. Most of the time it seems like really simple stuff like this is what catches me out lol.
OP
OP
murdocsvan
Web Programmer
- Messages
- 896
- Location
- Surrey, UK
Okay well that's all working dandy now.
A couple of questions. First of all, when i log in, sometimes it says successful, but then takes me back to the login page anyway.
Also, do i have to put this bit code on every page i want protected by the login system:
or is there a simpler way to protect all my pages?
A couple of questions. First of all, when i log in, sometimes it says successful, but then takes me back to the login page anyway.
Also, do i have to put this bit code on every page i want protected by the login system:
PHP:
//Check user is logged in
session_start();
if(!isset($_SESSION['logged']))
{
header("location:login/main_login.htm");
}or is there a simpler way to protect all my pages?
Personally, I like to use flow control for the entire section that I want protected.
For example;
Since the header() function just sends headers to the browser, there is probably a way to block or manipulate that data (though, I'm just guessing here) so if that were the case, your script offers no protection. My script displays the logged in stuff ONLY if they are logged in.
Remember that when you are making scripts such as these, always code as if every user is a malicious user and will attempt to use the script in ways you didn't intend.
For example;
PHP:
<?php
session_start();
if (isset ($_SESSION['logged'])) {
// do logged in stuff
} else {
// not logged in
header('location: login/main_login.html');
}
?>Since the header() function just sends headers to the browser, there is probably a way to block or manipulate that data (though, I'm just guessing here) so if that were the case, your script offers no protection. My script displays the logged in stuff ONLY if they are logged in.
Remember that when you are making scripts such as these, always code as if every user is a malicious user and will attempt to use the script in ways you didn't intend.
OP
OP
murdocsvan
Web Programmer
- Messages
- 896
- Location
- Surrey, UK
Are you sure about that? It just looks like it does the same thing. Also if i used that code on a document with HTML, i'd have to put Echo before every line of HTML code
OP
OP
murdocsvan
Web Programmer
- Messages
- 896
- Location
- Surrey, UK
And also, how would i protect a file which i can't put PHP in, life a .txt or a .pdf? Isn't there a way to just protect a sub directory?
You don't need to echo every line, you can echo once and then put all of your HTML inside. Or, you can just end the PHP and then continue it later.
Here's examples of both methods.
To protect an external file, you have two fairly easy methods. One is to do funky things with .htaccess. Another option is to store the files in a folder that's not an obvious name. Then, have long random file names for the files. Store the names in a database and then when the file is requested, just get it from the database. You could even have the name change on each request, or after a certain time period.
It's difficult to truly protect external files, I don't really know of any other way except what I just mentioned.
PHP:
<?php
session_start();
if (isset ($_SESSION['logged'])) {
echo '<b>Multiple</b>
<i>lines of</i>
<u>wonderful HTML!</u>';
} else {
// not logged in
header('location: login/main_login.html');
}
?>
PHP:
<?php
session_start();
if (isset ($_SESSION['logged'])) {
// do logged in stuff
?>
You've ended the PHP tags, so do your junk here.
<?php
// then you can restart here. PHP doesn't care
} else {
// not logged in
header('location: login/main_login.html');
}
?>Here's examples of both methods.
To protect an external file, you have two fairly easy methods. One is to do funky things with .htaccess. Another option is to store the files in a folder that's not an obvious name. Then, have long random file names for the files. Store the names in a database and then when the file is requested, just get it from the database. You could even have the name change on each request, or after a certain time period.
It's difficult to truly protect external files, I don't really know of any other way except what I just mentioned.
- Status
