Jump to content


Photo
- - - - -

Simple login script for admins


  • Please log in to reply
11 replies to this topic

#1 cigraphics

cigraphics

    Young Padawan

  • Members
  • Pip
  • 92 posts
  • Gender:Male
  • Location:London

Posted 01 June 2006 - 09:42 AM

This is a login script for admin

<?php
if($passwd != "yourpassword") {
echo('<form action="'.$_SERVER['PHP_SELF'].'">Type your password:<input type="password" name="passwd" /><input type="submit" value="Enter" /> </form>');
exit;
}
?>
Here add html, php code
if the password is wrong the code after the exit; will not be executed

#2 Indigo

Indigo

    Official Alien

  • Members
  • PipPipPip
  • 617 posts
  • Gender:Male
  • Location:Trondheim, Norway
  • Interests:Computing in general, especially design and programming of all kinds.

Posted 01 June 2006 - 02:27 PM

Personally, I use something like:

if (isset($_SESSION['whatever'])) { echo "welcome to adminarea"; }
else { // print form }

You can also use cookies, check if a variable is set (like isset($var)) or many other ways.
I prefer my way, but that might just be me ;)

#3 NGPixel

NGPixel

    Senior Programmer

  • P2L Staff
  • PipPipPipPip
  • 1,410 posts
  • Gender:Male
  • Location:Montreal, Canada
  • Interests:Web Design : Coding : Animation

Posted 01 June 2006 - 03:24 PM

Actually, the value of the passwd input won't be sent directly to $passwd, you need to use $_POST['passwd'] instead. Also, with this script, you will need to enter the password on every single page, better use sessions...

Edited by NGPixel, 01 June 2006 - 03:24 PM.


#4 Indigo

Indigo

    Official Alien

  • Members
  • PipPipPip
  • 617 posts
  • Gender:Male
  • Location:Trondheim, Norway
  • Interests:Computing in general, especially design and programming of all kinds.

Posted 02 June 2006 - 02:40 AM

NGPixel is right. :cool:
Wow, finally somebody agree with me on using sessions! :blush:

#5 Hayden

Hayden

    P2L Jedi

  • Members
  • PipPipPip
  • 717 posts
  • Gender:Male
  • Location:Texas

Posted 14 July 2006 - 12:53 PM

NG, Indigo: correct me if I'm wrong or miss something, but would we not take his original code and do this...

<?php
session_start();
$pass_check = trim(htmlspecialchars($_POST['passwd'], ENT_QUOTES));

if($pass_check == "yourpassword") { $_SESSION['logged'] = 1; }

//checks Session 'logged' variable is set
if(!$_SESSION['logged']) { ?><form action="<?php echo $_SERVER['PHP_SELF']; ?>'">
Type your password:<input type="password" name="passwd" />
<input type="submit" value="Enter" />
</form><? }
else { ?> Here add html, php code <? }


#6 joe

joe

    Young Padawan

  • Members
  • Pip
  • 115 posts
  • Location:stuck in the middle of cyber space

Posted 21 July 2006 - 02:44 AM

NG, Indigo: correct me if I'm wrong or miss something, but would we not take his original code and do this...

<?php
session_start();
$pass_check = trim(htmlspecialchars($_POST['passwd'], ENT_QUOTES));

if($pass_check == "yourpassword") { $_SESSION['logged'] = 1; }

//checks Session 'logged' variable is set
if(!$_SESSION['logged']) { ?><form action="<?php echo $_SERVER['PHP_SELF']; ?>'">
Type your password:<input type="password" name="passwd" />
<input type="submit" value="Enter" />
</form><? }
else { ?> Here add html, php code <? }


i want to ask u something :
.....
if(!$_SESSION['logged'])
....

from ur code, my question is : why u don't put $_SESSION['logged'] = 1 in
else { (here u put that code ???) )?>
why ??

#7 Hayden

Hayden

    P2L Jedi

  • Members
  • PipPipPip
  • 717 posts
  • Gender:Male
  • Location:Texas

Posted 26 July 2006 - 04:42 PM

i want to ask u something :
.....
if(!$_SESSION['logged'])
....

from ur code, my question is : why u don't put $_SESSION['logged'] = 1 in
else { (here u put that code ???) )?>
why ??


my thought was to use it like an on/off switch. 0 = not logged, 1 = logged. ^_^

#8 eric81

eric81

    Young Padawan

  • Members
  • Pip
  • 258 posts
  • Gender:Male

Posted 28 July 2006 - 02:50 PM

no encryption?

$crypt = crypt($_POST['input']);

or

$md5 = md5($_POST['input']);


#9 Indigo

Indigo

    Official Alien

  • Members
  • PipPipPip
  • 617 posts
  • Gender:Male
  • Location:Trondheim, Norway
  • Interests:Computing in general, especially design and programming of all kinds.

Posted 31 July 2006 - 10:56 AM

Could use SHA1 too, but I like md5 better.
$pass_check = trim(htmlspecialchars($_POST['passwd'], ENT_QUOTES));
Could add addslashes too, if the password lies in a database. Would help agains sql-injections, or something like that (Correct me if I'm wrong)

#10 Matthew.

Matthew.

    Official Spammer .Matt

  • Members
  • PipPipPipPip
  • 2,749 posts
  • Gender:Male
  • Location:England

Posted 31 July 2006 - 11:11 AM

md5 = undecrytable but there are ways to unhash it if thats the correct phrase. Its not 100 safe as with everything.

So what do we do?

$string = sha1( md5( $string ) );

Doublehash :(

The idea of having a login like this is not a good one though.

edit: ya, bruteforce was the word i was looking for :P

Edited by .Matt, 02 August 2006 - 07:45 AM.


#11 Hit3k

Hit3k

    Young Padawan

  • Members
  • Pip
  • 120 posts
  • Gender:Male
  • Location:Australia

Posted 02 August 2006 - 07:31 AM

md5 = undecrytable but there are ways to unhash it if thats the correct phrase. Its not 100 safe as with everything.

So what do we do?

$string = sha1( md5( $string ) );

Doublehash :)

The idea of having a login like this is not a good one though.

With MD5 you "brute force" the MD5 hash with a dictionary attack or "rainbow tables"
and
Thats a pretty good form of encryption and you arnt limited to the sha1() or md5() you put down either :D

Edited by Hit3k, 02 August 2006 - 07:32 AM.


#12 Copernicus

Copernicus

    Young Padawan

  • Members
  • Pip
  • 32 posts

Posted 04 September 2006 - 10:23 PM

Doesn't matter, because people who use brute forcers shouldn't be allowed to own a PC :D.

Especially when they don't know poop about encryption, they just know a brute forcer works ;)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users