/    Sign up×
Community /Pin to ProfileBookmark

using php to hide passwords

Copy linkTweet thisAlerts:
Nov 11.2007

I’m using the password redirect script found here: [url]http://javascript.internet.com/passwords/multiple-users-source.html[/url]

And I tried to hide it with php like in this tutorial: [url]http://www.developertutorials.com/tutorials/php/hide-your-javascript-with-php-050419/page1.html[/url]

But the login button stopped working. Does anybody know a way to fix this? I don’t need it super secure or anything, just wanna hide it from people who know how to view a page source. Thanks.

Or if this same thing can be done totally in php, that would be great also.

to post a comment
PHP

20 Comments(s)

Copy linkTweet thisAlerts:
@scragarNov 11.2007 — ? first of all it's very unfair to those with javascript disabled. secondly it's impossible to hide the source, even if you set the file to not be cached(which will be a big problem for that code atm). and finaly if you have PHP why not test if the password is correct using PHP rather than javascript? PHP is far better suited and server side, so viewing your source won't reveal any passwords.
Copy linkTweet thisAlerts:
@AliasJaneDoeauthorNov 11.2007 — if you have PHP why not test if the password is correct using PHP rather than javascript? [/QUOTE]

Because I don't know how. Can you point me in the right direction? I've found directions on passwording things, but nothing that will secure things and also redirect different users to different places.
Copy linkTweet thisAlerts:
@scragarNov 11.2007 — try something like this for your PHP[code=php]<?php
$u = $_POST['username'];
$p = $_POST['password'];
switch($u){
case "username1":
if($p == "password1")
header("Location: http://www.example.com/path/page.html");
else
die("bad username or password.");
break;
case "username2":
if($p == "password2")
header("Location: http://www.example.com/path/page.html");
else
die("bad username or password.");
break;
case "username2":
if($p == "password2")
header("Location: http://www.example.com/path/page.html");
else
die("bad username or password.");
break;
case "username3":
if($p == "password3")
header("Location: http://www.example.com/path/page.html");
else
die("bad username or password.");
break;

default:
die("bad username or password.");
break;
[/code]


should be easy to customise, but it is far more efficient to use a database for this sort of thing.
Copy linkTweet thisAlerts:
@AliasJaneDoeauthorNov 11.2007 — Awesome! How do I put a username and password field into my html page that will call this? I'm a total php newbie.
Copy linkTweet thisAlerts:
@scragarNov 11.2007 — [code=html]<form action="YOURPAGEWITHTHEPHPCODEGOESHERE" method="POST">
<p><label for="username">Username:</label>
<input type="text" id="username" name="username" value="" /></p>
<p><label for="password">Password:</label>
<input type="password" id="password" name="password" value="" /></p>
<p><input type="submit" value="submit" /></p>[/code]
code shouldn't be too much difference from your previous code.
Copy linkTweet thisAlerts:
@AliasJaneDoeauthorNov 11.2007 — So for my php page, do I put some kind of "$access = false;" thing in it to keep people from just grabbing the source of that? Or do I need to put it in a private directory?
Copy linkTweet thisAlerts:
@scragarNov 11.2007 — you don't need to bother with anything like that, PHP is naturaly very secure because it is handled on the server, not the users page. there is no method for the user to see the page without somehow gaining access to your server(possibly via ftp?) and downloading a copy of your files.

it might be worthwhile setting a simple session or cookie with PHP to store the users login info so they do not have to re-enter it every time, but that might require a few edits to almost every page...
Copy linkTweet thisAlerts:
@AliasJaneDoeauthorNov 11.2007 — When I hit the submit button, it opens a save file window for my php page. What did I do wrong?
Copy linkTweet thisAlerts:
@scragarNov 11.2007 — are you sure your host supports PHP?

and if so are you sure that the links arn't to files that you would normaly download.
Copy linkTweet thisAlerts:
@AliasJaneDoeauthorNov 11.2007 — I'm sure I've just messed up the php thing. Yes, my host does support it. Here is what I did. I copied your php and saved it as login.php and then I pasted your html code into my login.html page (changing it to point to my login.php file), then I uploaded both of these into the same folder on my site. When I hit the submit button, it tries to download the login.php file.
Copy linkTweet thisAlerts:
@scragarNov 11.2007 — this may be the same problem as you had last time, double check that none of your passwords/usernames contain "<?" or "?>", then check that you have PHP enabled(some host's offer PHP, but then demand that you activate it yourself from the control panel, go figure). if neither of these are the problem it may be related to a bug in PHP 4, but that's highly unlikly(the bug caused PHP to ignore certain files)
Copy linkTweet thisAlerts:
@AliasJaneDoeauthorNov 11.2007 — Now I get this:

Parse error: syntax error, unexpected $end in /home/janedoe/public_html/Jane/frames/login.php on line 32
Copy linkTweet thisAlerts:
@scragarNov 11.2007 — sorry, add this to the bottom of the PHP page.

[code=php]};
?>[/code]
I kinda forgot about it.
Copy linkTweet thisAlerts:
@AliasJaneDoeauthorNov 11.2007 — Now I think it works. You rock! Is there a way to keep people from getting other users' folders by typing them in the browser URL bar? Or do I just need to make the folders really hard to guess names like a random string of letters/numbers?
Copy linkTweet thisAlerts:
@scragarNov 11.2007 — 2 methods as I see it, the first is to usr PHP sessions to handle this sort of content, the second is to just use htaccess.

htaccess makes your login script somewhat redundant, but it's usage is significantly effective.

PHP sessions work wonders, simply add:[code=php]<?php
session_start();
if($_SESSION['uname'] != "PERSONS USERNAME HERE")
die("access denied");
?>[/code]to the top of your secret files, then edit login.php page like soL[code=php]case "username1":
if($p == "password1"){
$_SESSION['uname'] = $_POST['username'];
header("Location: http://www.example.com/path/page.html");
}else
die("bad username or password.");
break;[/code]all your pages will need session_start at the top though in PHP code.
Copy linkTweet thisAlerts:
@AliasJaneDoeauthorNov 11.2007 — 
all your pages will need session_start at the top though in PHP code.[/QUOTE]

can you put that in an html page? And where can I learn about htaccess?
Copy linkTweet thisAlerts:
@scragarNov 11.2007 — no. you can use htaccess to treat HTML pages as PHP though to save you needing to rename them all and adjust the links.
Copy linkTweet thisAlerts:
@AliasJaneDoeauthorNov 11.2007 — no. you can use htaccess to treat HTML pages as PHP though to save you needing to rename them all and adjust the links.[/QUOTE]

Can you point me in the direction of a good htaccess tutorial?
Copy linkTweet thisAlerts:
@scragarNov 11.2007 — I'm afraid not actualy, I tend to learn by trying and using reference sheets.

best I can recommend is to google it, sorry.
Copy linkTweet thisAlerts:
@AliasJaneDoeauthorNov 11.2007 — 
best I can recommend is to google it, sorry.[/QUOTE]

Okay, thanks.
×

Success!

Help @AliasJaneDoe spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.16,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...