<?php if($passwd != "yourpassword") { echo('<form action="'.$_SERVER['PHP_SELF'].'">Type your password:<input type="password" name="passwd" /><input type="submit" value="Enter" /> </form>'); exit; } ?> Here add html, php codeif the password is wrong the code after the exit; will not be executed
Simple login script for admins
#1
Posted 01 June 2006 - 09:42 AM
#2
Posted 01 June 2006 - 02:27 PM
if (isset($_SESSION['whatever'])) { echo "welcome to adminarea"; }
else { // print form }
You can also use cookies, check if a variable is set (like isset($var)) or many other ways.
I prefer my way, but that might just be me
#3
Posted 01 June 2006 - 03:24 PM
Edited by NGPixel, 01 June 2006 - 03:24 PM.
#4
Posted 02 June 2006 - 02:40 AM
Wow, finally somebody agree with me on using sessions!
#5
Posted 14 July 2006 - 12:53 PM
<?php session_start(); $pass_check = trim(htmlspecialchars($_POST['passwd'], ENT_QUOTES)); if($pass_check == "yourpassword") { $_SESSION['logged'] = 1; } //checks Session 'logged' variable is set if(!$_SESSION['logged']) { ?><form action="<?php echo $_SERVER['PHP_SELF']; ?>'"> Type your password:<input type="password" name="passwd" /> <input type="submit" value="Enter" /> </form><? } else { ?> Here add html, php code <? }
#6
Posted 21 July 2006 - 02:44 AM
NG, Indigo: correct me if I'm wrong or miss something, but would we not take his original code and do this...
<?php session_start(); $pass_check = trim(htmlspecialchars($_POST['passwd'], ENT_QUOTES)); if($pass_check == "yourpassword") { $_SESSION['logged'] = 1; } //checks Session 'logged' variable is set if(!$_SESSION['logged']) { ?><form action="<?php echo $_SERVER['PHP_SELF']; ?>'"> Type your password:<input type="password" name="passwd" /> <input type="submit" value="Enter" /> </form><? } else { ?> Here add html, php code <? }
i want to ask u something :
.....
if(!$_SESSION['logged'])
....
from ur code, my question is : why u don't put $_SESSION['logged'] = 1 in
else { (here u put that code ???) )?>
why ??
#7
Posted 26 July 2006 - 04:42 PM
i want to ask u something :
.....
if(!$_SESSION['logged'])
....
from ur code, my question is : why u don't put $_SESSION['logged'] = 1 in
else { (here u put that code ???) )?>
why ??
my thought was to use it like an on/off switch. 0 = not logged, 1 = logged.
#8
Posted 28 July 2006 - 02:50 PM
$crypt = crypt($_POST['input']);
or
$md5 = md5($_POST['input']);
#9
Posted 31 July 2006 - 10:56 AM
$pass_check = trim(htmlspecialchars($_POST['passwd'], ENT_QUOTES));Could add addslashes too, if the password lies in a database. Would help agains sql-injections, or something like that (Correct me if I'm wrong)
#10
Posted 31 July 2006 - 11:11 AM
So what do we do?
$string = sha1( md5( $string ) );
Doublehash
The idea of having a login like this is not a good one though.
edit: ya, bruteforce was the word i was looking for
Edited by .Matt, 02 August 2006 - 07:45 AM.
#11
Posted 02 August 2006 - 07:31 AM
With MD5 you "brute force" the MD5 hash with a dictionary attack or "rainbow tables"md5 = undecrytable but there are ways to unhash it if thats the correct phrase. Its not 100 safe as with everything.
So what do we do?$string = sha1( md5( $string ) );
Doublehash
The idea of having a login like this is not a good one though.
and
Thats a pretty good form of encryption and you arnt limited to the sha1() or md5() you put down either
Edited by Hit3k, 02 August 2006 - 07:32 AM.
#12
Posted 04 September 2006 - 10:23 PM
Especially when they don't know poop about encryption, they just know a brute forcer works
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users