log out.

@pyroApr 30.2004 — #Without closing the browser, you can't actually logout of a .htaccess protected directory. Don't ask my why...

However, there seem to be a few workarounds to this. Take a look at http://www.ssi-developer.net/htaccess/htaccess_logout.shtml and see what you come up with.

@DanUKauthorApr 30.2004 — #[FONT=courier new]Hiya pyro.

The script you made at:

http://forums.webdeveloper.com/showthread.php?threadid=9950&highlight=protected+area

Is this still ok / pretty secure?

Thanks.[/FONT]

@pyroApr 30.2004 — #It's decent. I'd do things a bit differently, now, but more just by way of coding, rather than to plug any security holes.

@DanUKauthorApr 30.2004 — #[FONT=courier new]Hi pyro, thank you.

This is the correct code?

If you could confirm that'd be great. Thanks again.[/FONT]

[code=php]
 Here's some code for you to try out... 
 
 Your login form... 
 
 
 
 code:
 <form method="post" action="passwordreader.php">
 <table>
 <tr><td><b class=rng>Username:</b></td><td> </td><td><input type="text" name="username"></td></tr>
 <tr><td><b class=rng>Password:</b></td><td> </td><td><input type="password" name="password"></td></tr>
 <tr><td colspan="3" align="center"><input type="submit" value=" Submit "></td></tr>
 </table>
 </form>
 
 
 And now make passwordreader.php: 
 
 passwordreader.php 
 
 PHP:
 <?PHP 
 
 # Change the below lines to the results that makepass.php gave you 
 # 
 $user_=_'yourencryptedusername'; 
 $pass_=_'yourencryptedpassword'; 
 # 
 # Change the above lines to the results that makepass.php gave you 
 
 if(md5($_POST['username'])_==_$user_&&_md5($_POST['password'])_==_$pass) 
 { 
 setcookie_("verified",_true); 
 header_("Location:<a href="http://www.yoursite.com/dir/page.htm" target="_blank">http://www.yoursite.com/dir/page.htm</a>"); 
 } 
 else 
 { 
 echo_("Incorrect Password"); 
 } 
 ?> 
 
 
 Now make this file and name it protect.php 
 
 protect.php 
 
 PHP:
 <?PHP_ 
 
 # Protect page from being called directly from web browser 
 $back_=_"<form><input type='button' value='< Back' onclick='history.back()'></form>";_ 
 $acc_denied_=_"<h3>Access Denied</h3>".$back;_# you could add a link to where users can login here... 
 if_(!isset($_COOKIE["verified"]))_{_die($acc_denied);_}_ 
 
 ?> 
 
 
 Now, insert this at the very top of all your pages... 
 
 
 PHP:
 <?_include_once("protect.php");_?> 
 
 
 And, lastly, make a file named makepass.php and use it to make your username and password, which you will insert in passwordreader.php... Once you have made the encrypted usernames/passwords, you can remove from your server. 
 
 makepass.php 
 
 PHP:
 <?PHP 
 if_($_POST['showvalues']) 
 { 
 echo_'User: '_._md5($_POST['username']); 
 echo_'<br>Password: '_._md5($_POST['password']); 
 } 
 ?> 
 
 <form method="post" action="makepass.php"> 
 __<table> 
 ____<tr><td><b class=rng>Username:</b></td><td>&nbsp;</td><td><input type="text" name="username"></td></tr> 
 ____<tr><td><b class=rng>Password:</b></td><td>&nbsp;</td><td><input type="text" name="password"></td></tr> 
 ____<tr><td colspan="3" align="center"><input type="submit" value=" Submit " name="showvalues"></td></tr> 
 __</table> 
 </form> 
 
 
 If you need any help, let me know. Remember to rename pages that are being password protected to .php... 
 [/code]

log out.

4 Comments(s) _↴

Also in #PHP _↴

Success!

Social

Version

log out.

4 Comments(s) ↴

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

4 Comments(s) _↴

Also in #PHP _↴