/    Sign up×
Community /Pin to ProfileBookmark

Password Protection: Login Coder

Copy linkTweet thisAlerts:
Nov 26.2004

Hi,

Could anybody please help me with a script I found at [URL=http://javascript.internet.com/passwords/login-coder.html]http://javascript.internet.com/passwords/login-coder.html[/URL]
I need to know how to implement it. How do you restict access to the files that you login to view? does the script allow access or something????!! Please help!

Thanks

Ian?

to post a comment
JavaScript

6 Comments(s)

Copy linkTweet thisAlerts:
@GeorgeJohnsonNov 26.2004 — Javascript is not the greatest to use for password protecting files/directories in my opinion. Best bet is to use something like PHP with a MySQL Database. Or for instance, in an Apache server, setup a .htaccess file.
Copy linkTweet thisAlerts:
@bogbrushianauthorNov 26.2004 — ok thanks

Ian
Copy linkTweet thisAlerts:
@GeorgeJohnsonNov 26.2004 — If your server is setup to use PHP and mysql, a quick and easy script for user/pw verification is:

1: <?php

2: $user = $_POST['username'];

3: $pw = $_POST['password'];

4: $host = "localhost";

5: $user = "joeuser";

6: $pass = "somepass";

7: $conn = mysql_connect($host, $user, $pass);

8: mysql_select_db("database_name",$conn);

9: $sql = "SELECT file_permissions, folder_permissions FROM user_table WHERE username = '$user' AND password = '$pw'";

10: $result = mysql_query($sql,$conn);

11: $z = mysql_num_rows($result);

12: if ($z == 1) {

13: $newArray = mysql_fetch_array($result);

14: $file_p = $newArray['file_permissions'];

15: $fold_p = $newArray['folder_permissions'];

16: if (do test to determine if they have the proper permissions) {

17: if they do, then display folder/file

18: } else {

19: print "Error: You do not have permission to view this file/folder";

20: }

21: } else {

22: print "Error: Username/Password incorrect";

23: }

24: ?>

Explanation of the above script:

2 & 3: You getting the username & password from a form here. While I left it simple, you need to do some tests/modifications to the username/password to ensure someone isn't attacking your script. Also, I would use a function or 2 to encrypt the password.

4 - 8: Data needed to connect to your database, this data is relative to your database so the example I have listed probably wouldn't work on your database.

9 - 11: A query is sent to the database, and how many results returned is stored at $z.

12: If Z = 1 then the username & pw matched up to a username & pw in the database. If Z = 0, then either the username, password, or both were incorrect and not found in the database.

13 - 20: Next you would want to retrieve what the user is permitted to do from the database.

21 - 23: Deals with if the username and/or password were incorrect by issuing some form of error.

Of course this script would be much more complex and customized in the end, but that is a general idea to get you started.
Copy linkTweet thisAlerts:
@bogbrushianauthorNov 26.2004 — i'll try that thanks

cheers for the help

Ian
Copy linkTweet thisAlerts:
@ToshiyaNov 26.2004 — I always thought php/mySQL had to be purchased...and usually only seen on www.someonesowndomain.com

could someone create a php/mySQL for say *cough* a geocities.com site?

also, how do you go about step number 1? creating the PHP itself, is it a script posted into a .html file?
Copy linkTweet thisAlerts:
@GeorgeJohnsonNov 26.2004 — Geocities doesn't support PHP as far as I know, in fact I don't think Geocities supports much of anything when it comes to advanced script languages.

Normally you have to pay for a host that supports PHP or Perl or ASP.NET (The ASP.NET I am not sure on that...)

Or you can download everything you need to program in PHP for free, but you would have to run you're own webserver and would need a broadband connection. Albeit, when running one's own webserver, there are lots of security issues to take into account and is generally easier to pay someone some money every year to worry about it for you. ?

To setup you own webserver for free:

Goto: http://www.apache.org and download the free Apache Webserver for Windows or Linux.

Goto: http://www.mysql.com and download the free MySQL database server (the location of the download is a pain to find, but as of this post the current location is: http://dev.mysql.com/downloads/

From there you want a generally available release I believe they call it...Anyway, most webservers out there usually run with version 3.23 or version 4)

Lastly, Goto: http://www.php.net and download it (note: on Linux I believe you have to download the source code and then compile it, but don't quote me on that)

Oh, and to code all you is a text editor like NotePad in Windows.

If your webserver is configured properly PHP can be embedded in HTML files, if not, then the code should reside .php or .phtml files.

Also, to signify the start of PHP code, you incase it in "<?php" or "<?" and end it with a "?>" (Note, you do not end with a php?> or ?php>)

Oh, and while I've never done it, I believe you can also do <script language="php"></script>

Just so you know, all the Hosting companies I've seen out there use the free version of MySQL. Plus, PHP and Apache are always free. If you pay for the software you got ripped off. Needless to say, why a Hosting company wouldn't pay for a professional version of MySQL, when the free version works almost as well and they save some money in the process?

What you are paying for is actually space on someone's else computer and also paying for them to worry about the security issues involved with PHP, MySQL, and Apache. Sites that don't allow PHP or MySQL are easier to secure.

I forgot to mention, while I have an Apache webserver, PHP, and MySQL setup on my computer, I don't host sites on it, but I use it for testing purposes and then pay for a host because I don't have the time or the energy to worry about secure the webserver properly.
×

Success!

Help @bogbrushian spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.18,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...