Re: login script with two levels of access

jsd219 wrote:
On May 31, 9:31 am, SterLo <sterling.hamil...@xxxxxxxxx> wrote:
Well...

Try this...

It's a little rough but you should get the basic idea.
-------------
<?php
$user1 = "abc";
$user2 = "xyz";
$pass1 = "123";
$pass2 = "456";

$action = (isset($_POST["submit"])) ? $_POST["submit"] :NULL;

if($action == "submit") {
$showForm = false;
$user = $_POST["username"];
$pass = $_POST["password"];
if($user == $user1 && $pass == $pass1) {
/* Include your files here for user1. */
}elseif($user == $user2 && $pass == $pass2) {
/* Include your files here for user2. */
}else{
/* Do error stuff here. */
$showForm = true;
}
}
?>
<?php if($showForm == true) {
<form method="post" action="index.php">
<label for="username">Username:</label>
<input id="username" name="username" type="text" value="" />
<label for="password">Password:</label>
<input id="password" name="password" type="password" value="" />
<input type="submit" name="submit" id="submit" value="Submit" />
</form>
<?php } ?>

Will this not show the user names and passwords in the source code
allowing anyone to pull up the code and get the passwords?

God bless
jason


Jason,

It could - if they could display the code. A properly configured webserver will parse the code and only send the results to the browser, not the code.

But your concern is well founded. I normally put user id's and passwords in an include file outside the document root.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@xxxxxxxxxxxxx
==================
.

Relevant Pages

  • Re: login script with two levels of access
    ... $showForm = false; ... <?php if{ ... Will this not show the user names and passwords in the source code ...
    (comp.lang.php)
  • Re: Capturing Windows Login Name
    ... annoyance of typing their user names and passwords again. ... I am well aware of how it works because I implemented the SASL PHP ... that among other protocols supports NTLM. ... server in the last step, ...
    (comp.lang.php)
  • Re: Question on password visibilty?
    ... > I have been learning PHP on my own time and have an Apache server on my ... Obviously security is not a problem on this setup. ... > Most use an HTML form that calls a separate php program. ... anybody can download the php script and look at the passwords. ...
    (comp.lang.php)
  • script wrapper for smbpasswd?
    ... an administrative user, properly authenticated elsewhere can from a php generated form, submit a request to add users and passwords, or change passwords, from an apache2 web server. ... The man pages on smbpasswd are plain wrong: it no longer uses a password file - instead it is all munged up in a passwd.tdb format, so it seems that executing smbpasswd is the best approach: However when executed by the web server, - user www-data - it won't have sufficient permissions to utilize smbpasswd.. ... A script wrapper executed from the php with setuid set may be an approach.. ...
    (comp.os.linux.misc)
  • Re: [PHP] Preventing Access to Private Files
    ... You could use PHP to read the file and send the proper image format header. ... that's not available to the web server. ... members table to validate passwords. ... generation of "member" pages to members only. ...
    (php.general)