password protection - does this work?

Re: password protection - does this work?

In article <t9-dne16aqmKyoTfRV n-sw@comcast.com> ,
"juglesh" <juglesh@nospam RadioKDUG.com> wrote:
[color=blue]
> <body><div align="center">
> <?php
> if (!isset($passwo rd)){
> ?><form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
> type password here&nbsp;<inpu t name="password" type="text" size="8"> then
> <input name="submit" type="submit">
> </form>
> <?php
> die;
> }
> if ($password != "secretword " ){
> echo "wrong";
> ?>
> <form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
> type password here&nbsp;<inpu t name="password" type="text" size="8"> then
> <input name="submit" type="submit">
> </form>
> <?php
> die;
> }
> ?>
> // rest of admin script follows...
>
> and yes, I realize anyone with access to the users' computer could probly
> get in, but I'm not worried about that.
>
> I looked for a way to use .htacess to protect just this file, but couldn't
> find anything.
>
> found some other scripts out there that used the auth headers, but they
> didn't work, I could never get past the login...
>
> thanks for your time,
> juglesh[/color]

AFAIK, you can't password protect files unless you use something like
ZIP or STUFFIT with a password. Or just encrypt the file.

You can use the Apache .htaccess feature on directories. It al boils
down to the web page sending the correct headers to the browser. If you
setup .htaccess, Apache will do it. Or you can setup php to send the
authentication headers.

If all this is gobbledgook, hire someone.

--
DeeDee, don't press that button! DeeDee! NO! Dee...

Re: password protection - does this work?

"juglesh" <juglesh@nospam RadioKDUG.com> wrote in message
news:t9-dne16aqmKyoTfRV n-sw@comcast.com. ..[color=blue]
> <body><div align="center">
> <?php
> if (!isset($passwo rd)){
> ?><form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
> type password here&nbsp;<inpu t name="password" type="text" size="8"> then
> <input name="submit" type="submit">
> </form>
> <?php
> die;
> }
> if ($password != "secretword " ){
> echo "wrong";
> ?>
> <form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
> type password here&nbsp;<inpu t name="password" type="text" size="8"> then
> <input name="submit" type="submit">
> </form>
> <?php
> die;
> }
> ?>
> // rest of admin script follows...
>
> and yes, I realize anyone with access to the users' computer could probly
> get in, but I'm not worried about that.
>
> I looked for a way to use .htacess to protect just this file, but couldn't
> find anything.
>
> found some other scripts out there that used the auth headers, but they
> didn't work, I could never get past the login...
>
> thanks for your time,
> juglesh[/color]

Don't see why it wouldn't work. In fact, I've done something similiar in the
past.

Re: password protection - does this work?


"juglesh" <juglesh@nospam RadioKDUG.com> wrote in message
news:t9-dne16aqmKyoTfRV n-sw@comcast.com. ..[color=blue]
> <body><div align="center">
> <?php
> if (!isset($passwo rd)){
> ?><form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
> type password here&nbsp;<inpu t name="password" type="text" size="8"> then
> <input name="submit" type="submit">
> </form>
> <?php
> die;
> }
> if ($password != "secretword " ){
> echo "wrong";
> ?>
> <form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
> type password here&nbsp;<inpu t name="password" type="text" size="8"> then
> <input name="submit" type="submit">
> </form>
> <?php
> die;
> }
> ?>
> // rest of admin script follows...
>
> and yes, I realize anyone with access to the users' computer could probly
> get in, but I'm not worried about that.
>
> I looked for a way to use .htacess to protect just this file, but couldn't
> find anything.
>
> found some other scripts out there that used the auth headers, but they
> didn't work, I could never get past the login...
>
> thanks for your time,
> juglesh
>
>[/color]

I presume you have

$password = $_POST['password'];

at the top of your page ?
--
----------------------------------------------------------------------------
http://www.clickonlingerie.com?SIG - Exotic Erotic Lingerie
----------------------------------------------------------------------------

Re: password protection - does this work?


"MS" <SpamNoThnx_san ta____clause@ho tmail.com> wrote in message
news:cvcp5t$cb4 $1@titan.btinte rnet.com...[color=blue]
>
> "juglesh" <juglesh@nospam RadioKDUG.com> wrote in message
> news:t9-dne16aqmKyoTfRV n-sw@comcast.com. ..[color=green]
>> <body><div align="center">
>> <?php
>> if (!isset($passwo rd)){
>> ?><form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
>> type password here&nbsp;<inpu t name="password" type="text" size="8">
>> then
>> <input name="submit" type="submit">
>> </form>
>> <?php
>> die;
>> }
>> if ($password != "secretword " ){
>> echo "wrong";
>> ?>
>> <form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
>> type password here&nbsp;<inpu t name="password" type="text" size="8">
>> then
>> <input name="submit" type="submit">
>> </form>
>> <?php
>> die;
>> }
>> ?>
>> // rest of admin script follows...
>>
>> and yes, I realize anyone with access to the users' computer could probly
>> get in, but I'm not worried about that.
>>
>> I looked for a way to use .htacess to protect just this file, but
>> couldn't
>> find anything.
>>
>> found some other scripts out there that used the auth headers, but they
>> didn't work, I could never get past the login...
>>
>> thanks for your time,
>> juglesh
>>
>>[/color]
>
> I presume you have
>
> $password = $_POST['password'];
>
> at the top of your page ?[/color]

no, and that reminds me of another question.

But first, would I need that for password protection? an intruder could put
the password in the query string, but he'd still have to know the password.

yeah, on that $_POST['password']; thing, its working fine without it, and
for that matter, I don't usually have to use $_GET either, my scripts
usually can 'get' the variable from the query string automagically. I just
use the variable that I have sent. what's up with that?

juglesh

Re: password protection - does this work?

[color=blue][color=green]
> > I presume you have
> >
> > $password = $_POST['password'];
> >
> > at the top of your page ?[/color]
>
> no, and that reminds me of another question.
>
> But first, would I need that for password protection? an intruder could[/color]
put[color=blue]
> the password in the query string, but he'd still have to know the[/color]
password.[color=blue]
>
> yeah, on that $_POST['password']; thing, its working fine without it, and
> for that matter, I don't usually have to use $_GET either, my scripts
> usually can 'get' the variable from the query string automagically. I[/color]
just[color=blue]
> use the variable that I have sent. what's up with that?
>
> juglesh
>
>[/color]

Im not sure about the automagically assigning values to variables

If you make your form POST instead of GET the passed variables of the form
are not visible within the URL

In which case you would use
$password = $_POST['password'];
to retrieve the passed value of password

If you use GET in your form the values are visible within the URL and you
would use
$password = $_GET['password'];
to retrieve the passed value of password

--
----------------------------------------------------------------------------
http://www.clickonlingerie.com?SIG - Exotic Erotic Lingerie
----------------------------------------------------------------------------

Re: password protection - does this work?


"MS" <SpamNoThnx_san ta____clause@ho tmail.com> wrote in message
news:cvdsbr$pcr $1@titan.btinte rnet.com...[color=blue]
>[color=green][color=darkred]
>> > I presume you have
>> >
>> > $password = $_POST['password'];
>> >
>> > at the top of your page ?[/color]
>>
>> no, and that reminds me of another question.
>>
>> But first, would I need that for password protection? an intruder could[/color]
> put[color=green]
>> the password in the query string, but he'd still have to know the[/color]
> password.[color=green]
>>
>> yeah, on that $_POST['password']; thing, its working fine without it, and
>> for that matter, I don't usually have to use $_GET either, my scripts
>> usually can 'get' the variable from the query string automagically. I[/color]
> just[color=green]
>> use the variable that I have sent. what's up with that?
>>
>> juglesh
>>
>>[/color]
>
> Im not sure about the automagically assigning values to variables
>
> If you make your form POST instead of GET the passed variables of the form
> are not visible within the URL
>
> In which case you would use
> $password = $_POST['password'];
> to retrieve the passed value of password
>
> If you use GET in your form the values are visible within the URL and you
> would use
> $password = $_GET['password'];
> to retrieve the passed value of password[/color]

well, yeah, I know all about that (and I am using obviously post in my
password form), what I'm saying is it works without $_POST['password']. the
script above is exactly what I'm using, from the top. yeah, I just tested
it, if I put "?password=secr etword" in the address bar, I am 'logged in'.
So, I'm wondering if there's some special circumstances where you need to
use $_POST[] and $_GET[] to get those values. Maybe older versions of php?

--
juglesh

Re: password protection - does this work?

.oO(juglesh)
[color=blue]
>well, yeah, I know all about that (and I am using obviously post in my
>password form), what I'm saying is it works without $_POST['password']. the
>script above is exactly what I'm using, from the top. yeah, I just tested
>it, if I put "?password=secr etword" in the address bar, I am 'logged in'.
>So, I'm wondering if there's some special circumstances where you need to
>use $_POST[] and $_GET[] to get those values. Maybe older versions of php?[/color]

Not older, but newer versions, where register_global s is disabled by
default. Using $_POST, $_GET etc. is the correct and recommended way.

Micha