/    Sign up×
Community /Pin to ProfileBookmark

New Guy with a Question

Copy linkTweet thisAlerts:
Nov 03.2008

Hello,

I’m a new at Web Hosting and need some help. I’m working on setting up my friends site and he asked me if we could setup a page that required a password and a login name. This page would have access to automotive engine build sheets, video’s and other information that the normal vistor would not be able to see. I’m not sure how to set this up, so if anyone would be willing to give me some assitance, I would really appreciate it and remember, I am new at this, so please be patient because i’m sure I will have tons of questions.
This is the link to the page if you want to see how far I’ve come with the site.
[url]www.kstarautomotive.com[/url]
Any tips or comments would be appreciated for I am wanting to do a good job for him, seeing he really helped me out with my engine deal…

Thank you,
Bruce

to post a comment
HTML

6 Comments(s)

Copy linkTweet thisAlerts:
@TheBearMayNov 03.2008 — Looks like you're running Apache/1.3.29 on FreeBSD Unix, with PHP/5.2.5 and FrontPage/5.0.2.2623 so you have a few options (is MySQL installed?). The easiest would be to use .htaccess to restrict access to a specific directory, however, since you have PHP installed, you could use it to hide and manipulate the directory and its contents also.
Copy linkTweet thisAlerts:
@berleafauthorNov 03.2008 — TheBearMay,

Thank you for the reply, but let me tell you something, I have very limited knowledge to what you just suggested. I'm new at this and I'm starting from ground zero on this project.

If you could help me to understand what you just said, that would be a BIG help.

I took on this project because of all the help this engine builder did for me and we became good friends and this is my way of saying thank you to him.

Like I said, I am new and I mean new at this so if you could put things into simple english for me, I'd really appreciate it.

I had troubles with his site once before and the last thing I want to do is have things mess up again.

thank you

Bruce
Copy linkTweet thisAlerts:
@cbVisionNov 03.2008 — A simple approach would be to use PHP cookies. You would have 3 pages:

- loginform.php (login form)

- logincheck.php (checks to see if information was correct & sets a cookie, redirects to secure page)

- secureinfo.php (page containing secured information)

loginform.php (simple html page with a form):

<form action="logincheck.php" method="post">

<input type="text" name="username" />

<input type="password" name="password" />

</form>

logincheck.php (checks the login & pass):

<?php

extract($_POST);

if ($username == "john" && $password == "doe") {

setcookie("logincheck", "loggedin", time()+3600);

header('Location: secureinfo.php');

} else {

print("Login failed");

}

?>

secureinfo.php (basic html page containing your secured information with a cookie check at the top):

<?php if (!$_COOKIE['loggincheck']) {

print("bad password!"); } else {

?>

Secured info would go here

<?php } ?>
Copy linkTweet thisAlerts:
@savvykmsNov 09.2008 — I know of a simple method with the Apache web server, I forgot how to do it exactly. It is in the Apache documentation though.

Basically it has a system of using a password file that you set up (i think via either .htaccess file or via httpd.conf, or both). You place said file with encrypted passwords using the htpassword tool that comes with apache (i think) somewhere outside of the DocumentRoot and it has the authentification box show up. It has to do with apache authentification system. It works like going to an FTP site does, but allows access to a DocumentRoot directory.
Copy linkTweet thisAlerts:
@TheBearMayNov 09.2008 — Documentation related to .htaccess implementation: http://httpd.apache.org/docs/2.2/howto/auth.html

More complex, but also more flexible is using PHP to store and retrieve documents and images from within a database, as well as creating a login and password system.
Copy linkTweet thisAlerts:
@savvykmsNov 11.2008 — A tip if you use PHP and databases...

NEVER use something like this:
[code=php]
mysql_query("select * from users where username = '" . $_POST['username'] . "'");
[/code]
SQL injection can occur via username as this: ' or 1 = 1 or something

i heard it advised not to do something like that without validating for bad characters and escaping them
×

Success!

Help @berleaf spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 6.18,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @nearjob,
tipped: article
amount: 1000 SATS,

tipper: @meenaratha,
tipped: article
amount: 1000 SATS,

tipper: @meenaratha,
tipped: article
amount: 1000 SATS,
)...