Help - Search - Members - Calendar
Full Version: Simple login script for admins
Pixel2Life Forum > Member Tutorials and Requests > Forum Tutorial Archives > PHP Tutorials
cigraphics
Jun 1 2006, 09:42 AM
This is a login script for admin

CODE
<?php
if($passwd != "yourpassword") {
echo('<form action="'.$_SERVER['PHP_SELF'].'">Type your password:<input type="password" name="passwd" /><input type="submit" value="Enter" /> </form>');
exit;
}
?>
Here add html, php code

if the password is wrong the code after the exit; will not be executed
Indigo
Jun 1 2006, 02:27 PM
Personally, I use something like:

if (isset($_SESSION['whatever'])) { echo "welcome to adminarea"; }
else { // print form }

You can also use cookies, check if a variable is set (like isset($var)) or many other ways.
I prefer my way, but that might just be me smile.gif
NGPixel
Jun 1 2006, 03:24 PM
Actually, the value of the passwd input won't be sent directly to $passwd, you need to use $_POST['passwd'] instead. Also, with this script, you will need to enter the password on every single page, better use sessions...
Indigo
Jun 2 2006, 02:40 AM
NGPixel is right. bigwink.gif
Wow, finally somebody agree with me on using sessions! tongue.gif
Hayden
Jul 14 2006, 12:53 PM
NG, Indigo: correct me if I'm wrong or miss something, but would we not take his original code and do this...

CODE
<?php
session_start();
$pass_check = trim(htmlspecialchars($_POST['passwd'], ENT_QUOTES));

if($pass_check == "yourpassword") { $_SESSION['logged'] = 1; }

//checks Session 'logged' variable is set
if(!$_SESSION['logged']) { ?><form action="<?php echo $_SERVER['PHP_SELF']; ?>'">
Type your password:<input type="password" name="passwd" />
<input type="submit" value="Enter" />
</form><? }
else { ?> Here add html, php code <? }
joe
Jul 21 2006, 02:44 AM
QUOTE(SpatialVisionary @ Jul 15 2006, 12:53 AM) *
NG, Indigo: correct me if I'm wrong or miss something, but would we not take his original code and do this...

CODE
<?php
session_start();
$pass_check = trim(htmlspecialchars($_POST['passwd'], ENT_QUOTES));

if($pass_check == "yourpassword") { $_SESSION['logged'] = 1; }

//checks Session 'logged' variable is set
if(!$_SESSION['logged']) { ?><form action="<?php echo $_SERVER['PHP_SELF']; ?>'">
Type your password:<input type="password" name="passwd" />
<input type="submit" value="Enter" />
</form><? }
else { ?> Here add html, php code <? }


i want to ask u something :
.....
if(!$_SESSION['logged'])
....

from ur code, my question is : why u don't put $_SESSION['logged'] = 1 in
else { (here u put that code ???) )?>
why ??
Hayden
Jul 26 2006, 04:42 PM
QUOTE(joe @ Jul 21 2006, 07:44 AM) *
i want to ask u something :
.....
if(!$_SESSION['logged'])
....

from ur code, my question is : why u don't put $_SESSION['logged'] = 1 in
else { (here u put that code ???) )?>
why ??


my thought was to use it like an on/off switch. 0 = not logged, 1 = logged. tongue.gif
fiv3isaliv3
Jul 28 2006, 02:50 PM
no encryption?

CODE
$crypt = crypt($_POST['input']);


or

CODE
$md5 = md5($_POST['input']);
Indigo
Jul 31 2006, 10:56 AM
Could use SHA1 too, but I like md5 better.
CODE
$pass_check = trim(htmlspecialchars($_POST['passwd'], ENT_QUOTES));

Could add addslashes too, if the password lies in a database. Would help agains sql-injections, or something like that (Correct me if I'm wrong)
Matthew.
Jul 31 2006, 11:11 AM
md5 = undecrytable but there are ways to unhash it if thats the correct phrase. Its not 100 safe as with everything.

So what do we do?

CODE
$string = sha1( md5( $string ) );


Doublehash bigwink.gif

The idea of having a login like this is not a good one though.

edit: ya, bruteforce was the word i was looking for tongue.gif
Hit3k
Aug 2 2006, 07:31 AM
QUOTE(.Matt @ Jul 31 2006, 04:10 PM) *
md5 = undecrytable but there are ways to unhash it if thats the correct phrase. Its not 100 safe as with everything.

So what do we do?

CODE
$string = sha1( md5( $string ) );


Doublehash bigwink.gif

The idea of having a login like this is not a good one though.

With MD5 you "brute force" the MD5 hash with a dictionary attack or "rainbow tables"
and
Thats a pretty good form of encryption and you arnt limited to the sha1() or md5() you put down either tongue.gif
Copernicus
Sep 4 2006, 10:23 PM
Doesn't matter, because people who use brute forcers shouldn't be allowed to own a PC smile.gif.

Especially when they don't know poop about encryption, they just know a brute forcer works tongue.gif
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.