smiles Posted March 13, 2007 Share Posted March 13, 2007 Well, just need visitor type the password and ... then jump to the checklogin.php for checkingIf what is typed similar to my password that I set then redirect to another page, else back to the first page$pass = $_POST['passwordField'];if ($pass == 'myPassword') { ??? }else { ??? }I want to ask about the code for directing page ?Thanks !!! Link to comment Share on other sites More sharing options...
pulpfiction Posted March 13, 2007 Share Posted March 13, 2007 $pass = $_POST['passwordField'];if ($pass == 'myPassword'){$URL = "correctpage.php";}else{$URL = "firstpage.php";}header ("Location: $URL"); Link to comment Share on other sites More sharing options...
smiles Posted March 13, 2007 Author Share Posted March 13, 2007 thanks ! that works correctly ! Link to comment Share on other sites More sharing options...
aspnetguy Posted March 13, 2007 Share Posted March 13, 2007 if the user knows the url of the "protected" page they can just type it in and bypass your login. you need to set sessiosn when they login correctly and check to see if the seesions are correct on every protected page. Link to comment Share on other sites More sharing options...
smiles Posted March 13, 2007 Author Share Posted March 13, 2007 yeah, I will do a research on it ??? Link to comment Share on other sites More sharing options...
smiles Posted March 13, 2007 Author Share Posted March 13, 2007 if the user knows the url of the "protected" page they can just type it in and bypass your login. you need to set sessiosn when they login correctly and check to see if the seesions are correct on every protected page.set session ... uhm maybe I know itbut " check to see if the seesions are correct on every protected page." seems strange to meHow can I do that ??? Link to comment Share on other sites More sharing options...
aspnetguy Posted March 13, 2007 Share Posted March 13, 2007 login page session_start();//////$pass = $_POST['passwordField'];if ($pass == 'myPassword'){ $_SESSION["login"] = "yes"; $URL = "correctpage.php";}if(isset($_SESSION["login"]) && $_SESSION["login"] == "yes") header ("Location: $URL"); correctpage.php session_start();if(!isset($_SESSION["login"]) || $_SESSION["login"] != "yes") header("Location: login.php");//Session is set so contiue with rest of page//// Link to comment Share on other sites More sharing options...
smiles Posted March 13, 2007 Author Share Posted March 13, 2007 (edited) Thanks Aspnetguy :)It works great !!!do you think should I put these code for all the rest pages session_start();if(!isset($_SESSION["login"]) || $_SESSION["login"] != "yes") header("Location: login.php"); Edited March 13, 2007 by smiles Link to comment Share on other sites More sharing options...
Nakor Posted March 13, 2007 Share Posted March 13, 2007 You would want to put that code at the top of every page that requires the user be authenticated. You could add an element to the login.php form as well so that it can recognize where it came from and redirect them back to that same page they were requesting. Link to comment Share on other sites More sharing options...
smiles Posted March 13, 2007 Author Share Posted March 13, 2007 I want to ask, does it create cookie so when you log in successfully, you can easily navigate to all pages without asking password the second time (twice) ?If I want to try my code again, so I must delete all Cookies ???thanks !!! Link to comment Share on other sites More sharing options...
justsomeguy Posted March 14, 2007 Share Posted March 14, 2007 It stores a cookie, but the only thing the cookie contains is a session ID. PHP uses that session ID to look up the session information for that user. So there is a cookie there, but the information you store in the session is not what is in the cookie. If you want to store that information in the cookie, then you need to do that explicitly with setcookie. But even though there is a cookie involved, you still need to check it on every page. It's up to you to do whatever checking you want or need to do, so just because someone logs in and gets a cookie doesn't mean that every other page is automatically protected without you needing to do anything else, you still need to check.Also, session cookies get deleted as soon as you close the browser or leave the website. I think. I know they get deleted when you close the browser. Link to comment Share on other sites More sharing options...
smiles Posted March 15, 2007 Author Share Posted March 15, 2007 thanks justsomeguy, browser off and cookie lost Link to comment Share on other sites More sharing options...
smiles Posted April 21, 2007 Author Share Posted April 21, 2007 well friend, here is my forum http://myloves124.ifastnet.com/main_forum.php and I use Session as my friends had guided above, so when you click to another link at top, you will be asked for password ...Is that safe enough what I have to do for more protecting ?thanks !!! Link to comment Share on other sites More sharing options...
zppblood Posted April 23, 2007 Share Posted April 23, 2007 I would say to make the password not simple/easily guessed (a word that is related to your site). Don't use words that are found in dictionaries, and use non alpha-numeric characters. Make the password long (not too long that people can't remember, have to write down if it's sensitive information, etc.) Use hash functions such as SHA-1.Read this from microsoft.com about strong passwordshttp://www.microsoft.com/athome/security/p...y/password.mspxUse this if you want to check if your password(s) are weak, medium, strong, or besthttp://www.microsoft.com/athome/security/p...rd_checker.mspx Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now