+ Reply to Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 16

Thread: set a password on ANY page ? :o :o

  1. #1
    Active Member Revenant is on a distinguished road
    Join Date
    May 2004
    Location
    Chicago, IL US of A
    Posts
    108

    set a password on ANY page ? :o :o

    ey, im still workn on that other script to ban ips from submittin a form again, so in the meantime, ill show ya how to slap a pw on any page at all. first we gotta set the page, we'll call it admin.php [this is the only page we're going to need]

    Code:
    <?
    
    /* set the variables */
    $admin_password="var"; // the password
    $submit="Submit"; // the submit button's function
    
    if(!isset($mode)){$mode="login";} // if you haven't logged in, this mode will set itself to the index.
    switch($mode){
    case("login"): // this starts the login mode page
    echo"<link rel=\"stylesheet\" type=\"text/css\" href=\"css/css.css\">";
    echo"<table cellspacing=\"0\" cellpadding=\"5\" border=\"0\" width=\"100%\">";
    echo"<tr>";
    echo"<td align=\"center\">";
    echo"<br><br><br>Login"; // text left of the text field
    echo"</td>";
    echo"</tr>";
    echo"</table>";
    echo"<table cellspacing=\"0\" cellpadding=\"5\" border=\"0\" width=\"100%\">";
    echo"<tr>";
    echo"<td width=\"30%\" height=\"100\"></td>";
    echo"<td align=\"center\">";
    echo"<form action=\"admin.php?mode=index\" method=\"post\">"; // starts the form
    echo"<input type=\"password\" name=\"password\" size=\"15\">"; // password field
    echo"<input type=\"submit\" value=\" Login \">";
    echo"</form>";
    echo"</td>";
    echo"<td width=\"30%\"></td>";
    echo"</tr>";
    echo"</table>";
    break; // ends the mode "login"
    
    ?>
    i have to go right, but ill finish this off later,
    rev
    // Rev
    // Ivan Alfaro
    -- Professional Web Developer

  2. #2
    Full Member wicked_gal00 is on a distinguished road
    Join Date
    May 2004
    Location
    Canada
    Posts
    56
    I don't know much about php, but wouldn't people be able to get the password from the souce? Or do you disable the property with chmod? I'm not exactly sure how that works...

  3. #3
    Web Junky Matt is on a distinguished road
    Join Date
    Dec 2003
    Posts
    71
    Originally posted by wicked_gal00
    I don't know much about php, but wouldn't people be able to get the password from the souce? Or do you disable the property with chmod? I'm not exactly sure how that works...
    Only html will be parsed in the source code. When you go to a .php page, and you view source, it doesn't show all the includes and variables, does it?
    WebmasterLingo.com Team
    Forum Rules

    "Anyone who has never made a mistake has never tried anything new" - Albert Einstein

  4. #4
    Full Member wicked_gal00 is on a distinguished road
    Join Date
    May 2004
    Location
    Canada
    Posts
    56
    Oh I see, so only the echo lines will show?
    Is there no way to get at the rest of the code?

  5. #5
    Web Junky Matt is on a distinguished road
    Join Date
    Dec 2003
    Posts
    71
    Originally posted by wicked_gal00
    Oh I see, so only the echo lines will show?
    Is there no way to get at the rest of the code?
    Unless the server get's hacked, I don't think you can get the variable values.
    WebmasterLingo.com Team
    Forum Rules

    "Anyone who has never made a mistake has never tried anything new" - Albert Einstein

  6. #6
    Full Member dzone is on a distinguished road
    Join Date
    Dec 2003
    Posts
    75
    Good start, but doesn't do much ATM

  7. #7
    Full Member Marshall is on a distinguished road
    Join Date
    May 2004
    Posts
    69
    Id suggest using a cookie so if they enter the password at one page they wont have to re enter it after any link they click, will make it a bit more user friendly.

  8. #8
    Active Member Revenant is on a distinguished road
    Join Date
    May 2004
    Location
    Chicago, IL US of A
    Posts
    108
    and heres the rest >>


    Code:
    case("index"):
    if($password==$admin_password){}else{header("Location: admin.php?mode=login");exit;}
    echo"content here"; // :D Enjoy !!!
    break;}

    so in closing, this is the end result for admin.php >>
    Code:
    <?
    
    /* set the variables */
    $admin_password="var"; // the password
    $submit="Submit"; // the submit button's function
    
    if(!isset($mode)){$mode="login";} // if you haven't logged in, this mode will set itself to the index.
    switch($mode){
    
    case("login"): // this starts the login mode page
    echo"<link rel=\"stylesheet\" type=\"text/css\" href=\"css/css.css\">";
    echo"<table cellspacing=\"0\" cellpadding=\"5\" border=\"0\" width=\"100%\">";
    echo"<tr>";
    echo"<td align=\"center\">";
    echo"<br><br><br>Login"; // text left of the text field
    echo"</td>";
    echo"</tr>";
    echo"</table>";
    echo"<table cellspacing=\"0\" cellpadding=\"5\" border=\"0\" width=\"100%\">";
    echo"<tr>";
    echo"<td width=\"30%\" height=\"100\"></td>";
    echo"<td align=\"center\">";
    echo"<form action=\"admin.php?mode=index\" method=\"post\">"; // starts the form
    echo"<input type=\"password\" name=\"password\" size=\"15\">"; // password field
    echo"<input type=\"submit\" value=\" Login \">";
    echo"</form>";
    echo"</td>";
    echo"<td width=\"30%\"></td>";
    echo"</tr>";
    echo"</table>";
    break; // ends the mode "login"
    
    case("index"):
    if($password==$admin_password){}else{header("Location: admin.php?mode=login");exit;}
    echo"content here";
    break; }
    
    ?>
    enjoy !, if you have any questions, go hed n ask.
    // Rev
    // Ivan Alfaro
    -- Professional Web Developer

  9. #9
    Active Member WorldBuilder is on a distinguished road
    Join Date
    Jan 2004
    Location
    Boston, MA
    Posts
    366
    Whatever happened to just using .htaccess in Apache?! LOL

    Chris
    My Site | My Blog
    "The world is a dangerous place, not because of those who do evil, but because of those who look on and do nothing."
    "Insanity is doing the same thing over and over again, expecting different results"
    --Albert Einstein

  10. #10
    Active Member WorldBuilder is on a distinguished road
    Join Date
    Jan 2004
    Location
    Boston, MA
    Posts
    366
    Ok, since I'm still really new to PHP, answer me this probably stupid question. What is this supposed to DO?

    I set it up here for kicks:

    www.bartlett-family.net/test/admin.php

    As you can see, it's only a login box. WHAT'S the login? What am I missing, eh?!

    Chris
    My Site | My Blog
    "The world is a dangerous place, not because of those who do evil, but because of those who look on and do nothing."
    "Insanity is doing the same thing over and over again, expecting different results"
    --Albert Einstein

  11. #11
    Active Member Revenant is on a distinguished road
    Join Date
    May 2004
    Location
    Chicago, IL US of A
    Posts
    108
    it shud be var .... if you dont mind, cud i see the code you put in ? [just to make sure nothing's wrong]
    // Rev
    // Ivan Alfaro
    -- Professional Web Developer

  12. #12
    Full Member Marshall is on a distinguished road
    Join Date
    May 2004
    Posts
    69
    World try using this, filename can be whatever you want its set to automatically detect it

    Code:
    <?php
    
    /* set the variables */
    $admin_password="var";
    $submitted = $_POST['password'];
    
    
    if(!isset($_POST['submit']) || $_POST['password'] != $admin_password){
    
    echo'<link rel="stylesheet" type="text/css" href="css/css.css">';
    echo'<table cellspacing="0" cellpadding="5" border="0" width="100%">';
    echo'<tr>';
    echo'<td align="center">';
    echo'<br><br><br>Login'; // text left of the text field
    echo'</td>';
    echo'</tr>';
    echo'</table>';
    echo'<table cellspacing="0" cellpadding="5" border="0" width="100%">';
    echo'<tr>';
    echo'<td width="30%" height="100"></td>';
    echo'<td align="center">';
    if(isset($_POST['password'])){
    	if($_POST['password'] != $admin_password){
    		echo '<font color="red">Incorrect Password</font>';
    	}
    }
    echo'<form action="'.$_SERVER['self'].'" method="post">'; // starts the form
    echo'<input type="password" name="password" size="15">'; // password field
    echo'<input type="submit" value=" Login " name="submit">';
    echo'</form>';
    echo'</td>';
    echo'<td width="30%"></td>';
    echo'</tr>';
    echo'</table>';
    
    }else{
    echo 'WOAH you got the password baby!'; //place content here
    }
    
    
    ?>

  13. #13
    Active Member Revenant is on a distinguished road
    Join Date
    May 2004
    Location
    Chicago, IL US of A
    Posts
    108
    good job marshall, specifically the "WOAH you got the password baby!" bit
    // Rev
    // Ivan Alfaro
    -- Professional Web Developer

  14. #14
    Newbie SW-Demon is on a distinguished road
    Join Date
    Jun 2004
    Location
    Russia\\N.Novgorod
    Posts
    3
    The "hole" in the site's defense is usually located not in the lines, where you check password, but in the lines, that follow them, that you are actualy protecting. In your case it is:

    echo 'WOAH you got the password baby!'; //place content here

    You don't tell us, what will be there, so carefully check this part of the script.

  15. #15
    Newbie v3x0rg is on a distinguished road
    Join Date
    Jun 2004
    Posts
    4
    If you don't have a clue about variables and all that, you can try this simple tutorial for beginners: http://na3k.net/tutorials.php?outid=100&section=php

+ Reply to Thread
Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

     

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts