 |
 |
 |
 |
June 7th, 2004, 12:03 PM
|
#1
|
|
Registered User
Join Date: May 2004
Location: Chicago, IL US of A
Posts: 110
|
set a password on ANY page ? :o :o
ey, im still workn on that other script to ban ips from submittin a form again, so in the meantime, ill show ya how to slap a pw on any page at all. first we gotta set the page, we'll call it admin.php [this is the only page we're going to need]
Code:
<?
/* set the variables */
$admin_password="var"; // the password
$submit="Submit"; // the submit button's function
if(!isset($mode)){$mode="login";} // if you haven't logged in, this mode will set itself to the index.
switch($mode){
case("login"): // this starts the login mode page
echo"<link rel=\"stylesheet\" type=\"text/css\" href=\"css/css.css\">";
echo"<table cellspacing=\"0\" cellpadding=\"5\" border=\"0\" width=\"100%\">";
echo"<tr>";
echo"<td align=\"center\">";
echo"<br><br><br>Login"; // text left of the text field
echo"</td>";
echo"</tr>";
echo"</table>";
echo"<table cellspacing=\"0\" cellpadding=\"5\" border=\"0\" width=\"100%\">";
echo"<tr>";
echo"<td width=\"30%\" height=\"100\"></td>";
echo"<td align=\"center\">";
echo"<form action=\"admin.php?mode=index\" method=\"post\">"; // starts the form
echo"<input type=\"password\" name=\"password\" size=\"15\">"; // password field
echo"<input type=\"submit\" value=\" Login \">";
echo"</form>";
echo"</td>";
echo"<td width=\"30%\"></td>";
echo"</tr>";
echo"</table>";
break; // ends the mode "login"
?>
i have to go right, but ill finish this off later,
rev
__________________
// Rev
// Ivan Alfaro
-- Professional Web Developer
|
|
|
|
June 7th, 2004, 08:17 PM
|
#2
|
|
Registered User
Join Date: May 2004
Location: Canada
Posts: 54
|
I don't know much about php, but wouldn't people be able to get the password from the souce? Or do you disable the property with chmod? I'm not exactly sure how that works...
|
|
|
|
|
June 7th, 2004, 08:29 PM
|
#3
|
|
Web Junky
Join Date: Dec 2003
Posts: 73
|
Quote:
Originally posted by wicked_gal00
I don't know much about php, but wouldn't people be able to get the password from the souce? Or do you disable the property with chmod? I'm not exactly sure how that works...
|
Only html will be parsed in the source code. When you go to a .php page, and you view source, it doesn't show all the includes and variables, does it? 
__________________
WebmasterLingo.com Team
Forum Rules
"Anyone who has never made a mistake has never tried anything new" - Albert Einstein
|
|
|
|
|
June 7th, 2004, 08:44 PM
|
#4
|
|
Registered User
Join Date: May 2004
Location: Canada
Posts: 54
|
Oh I see, so only the echo lines will show?
Is there no way to get at the rest of the code?
|
|
|
|
|
June 7th, 2004, 09:01 PM
|
#5
|
|
Web Junky
Join Date: Dec 2003
Posts: 73
|
Quote:
Originally posted by wicked_gal00
Oh I see, so only the echo lines will show?
Is there no way to get at the rest of the code?
|
Unless the server get's hacked, I don't think you can get the variable values.
__________________
WebmasterLingo.com Team
Forum Rules
"Anyone who has never made a mistake has never tried anything new" - Albert Einstein
|
|
|
|
|
June 8th, 2004, 09:31 AM
|
#6
|
|
PHP addict
Join Date: Dec 2003
Location: Russia, Nizhny Novgorod
Posts: 71
|
Good start, but doesn't do much ATM |
|
|
|
|
June 8th, 2004, 04:07 PM
|
#7
|
|
Registered User
Join Date: May 2004
Posts: 70
|
Id suggest using a cookie so if they enter the password at one page they wont have to re enter it after any link they click, will make it a bit more user friendly.
|
|
|
|
|
June 8th, 2004, 09:30 PM
|
#8
|
|
Registered User
Join Date: May 2004
Location: Chicago, IL US of A
Posts: 110
|
and heres the rest >>
Code:
case("index"):
if($password==$admin_password){}else{header("Location: admin.php?mode=login");exit;}
echo"content here"; // :D Enjoy !!!
break;}
so in closing, this is the end result for admin.php >>
Code:
<?
/* set the variables */
$admin_password="var"; // the password
$submit="Submit"; // the submit button's function
if(!isset($mode)){$mode="login";} // if you haven't logged in, this mode will set itself to the index.
switch($mode){
case("login"): // this starts the login mode page
echo"<link rel=\"stylesheet\" type=\"text/css\" href=\"css/css.css\">";
echo"<table cellspacing=\"0\" cellpadding=\"5\" border=\"0\" width=\"100%\">";
echo"<tr>";
echo"<td align=\"center\">";
echo"<br><br><br>Login"; // text left of the text field
echo"</td>";
echo"</tr>";
echo"</table>";
echo"<table cellspacing=\"0\" cellpadding=\"5\" border=\"0\" width=\"100%\">";
echo"<tr>";
echo"<td width=\"30%\" height=\"100\"></td>";
echo"<td align=\"center\">";
echo"<form action=\"admin.php?mode=index\" method=\"post\">"; // starts the form
echo"<input type=\"password\" name=\"password\" size=\"15\">"; // password field
echo"<input type=\"submit\" value=\" Login \">";
echo"</form>";
echo"</td>";
echo"<td width=\"30%\"></td>";
echo"</tr>";
echo"</table>";
break; // ends the mode "login"
case("index"):
if($password==$admin_password){}else{header("Location: admin.php?mode=login");exit;}
echo"content here";
break; }
?>
enjoy !, if you have any questions, go hed n ask.
__________________
// Rev
// Ivan Alfaro
-- Professional Web Developer
|
|
|
|
|
June 8th, 2004, 10:08 PM
|
#9
|
|
Big Daddy
Join Date: Jan 2004
Location: Boston, MA
Posts: 380
|
Whatever happened to just using .htaccess in Apache?! LOL
Chris
__________________
My Site | My Blog
"The world is a dangerous place, not because of those who do evil, but because of those who look on and do nothing."
"Insanity is doing the same thing over and over again, expecting different results"
--Albert Einstein
|
|
|
|
|
June 8th, 2004, 10:13 PM
|
#10
|
|
Big Daddy
Join Date: Jan 2004
Location: Boston, MA
Posts: 380
|
Ok, since I'm still really new to PHP, answer me this probably stupid question. What is this supposed to DO?
I set it up here for kicks:
www.bartlett-family.net/test/admin.php
As you can see, it's only a login box. WHAT'S the login? What am I missing, eh?!
Chris
__________________
My Site | My Blog
"The world is a dangerous place, not because of those who do evil, but because of those who look on and do nothing."
"Insanity is doing the same thing over and over again, expecting different results"
--Albert Einstein
|
|
|
|
|
June 8th, 2004, 10:28 PM
|
#11
|
|
Registered User
Join Date: May 2004
Location: Chicago, IL US of A
Posts: 110
|
it shud be var .... if you dont mind, cud i see the code you put in ? [just to make sure nothing's wrong]
__________________
// Rev
// Ivan Alfaro
-- Professional Web Developer
|
|
|
|
|
June 9th, 2004, 01:00 AM
|
#12
|
|
Registered User
Join Date: May 2004
Posts: 70
|
World try using this, filename can be whatever you want its set to automatically detect it
Code:
<?php
/* set the variables */
$admin_password="var";
$submitted = $_POST['password'];
if(!isset($_POST['submit']) || $_POST['password'] != $admin_password){
echo'<link rel="stylesheet" type="text/css" href="css/css.css">';
echo'<table cellspacing="0" cellpadding="5" border="0" width="100%">';
echo'<tr>';
echo'<td align="center">';
echo'<br><br><br>Login'; // text left of the text field
echo'</td>';
echo'</tr>';
echo'</table>';
echo'<table cellspacing="0" cellpadding="5" border="0" width="100%">';
echo'<tr>';
echo'<td width="30%" height="100"></td>';
echo'<td align="center">';
if(isset($_POST['password'])){
if($_POST['password'] != $admin_password){
echo '<font color="red">Incorrect Password</font>';
}
}
echo'<form action="'.$_SERVER['self'].'" method="post">'; // starts the form
echo'<input type="password" name="password" size="15">'; // password field
echo'<input type="submit" value=" Login " name="submit">';
echo'</form>';
echo'</td>';
echo'<td width="30%"></td>';
echo'</tr>';
echo'</table>';
}else{
echo 'WOAH you got the password baby!'; //place content here
}
?>
|
|
|
|
|
June 10th, 2004, 01:03 AM
|
#13
|
|
Registered User
Join Date: May 2004
Location: Chicago, IL US of A
Posts: 110
|
good job marshall, specifically the "WOAH you got the password baby!" bit 
__________________
// Rev
// Ivan Alfaro
-- Professional Web Developer
|
|
|
|
|
June 21st, 2004, 03:07 PM
|
#14
|
|
Registered User
Join Date: Jun 2004
Location: Russia\\N.Novgorod
Posts: 3
|
The "hole" in the site's defense is usually located not in the lines, where you check password, but in the lines, that follow them, that you are actualy protecting. In your case it is:
echo 'WOAH you got the password baby!'; //place content here
You don't tell us, what will be there, so carefully check this part of the script.
|
|
|
|
|
June 29th, 2004, 06:51 AM
|
#15
|
|
Registered User
Join Date: Jun 2004
Posts: 7
|
|
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
Rate This Thread |
 Linear Mode
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 05:25 AM.
|
|
 |
 |
 |
 |
|
