[Tutorial] Username And Passworded Page

Example of PHP code.

Moderator: Moderators

[Tutorial] Username And Passworded Page

Postby DooBDee on Wed Jun 29, 2005 6:44 pm

Greetings,

This tutorial will tell you how to username and password a page.

Here is the code. I shall walk you through it.

Code: Select all
<?php
/*   Title: password.php
*   Author: DooBDee
*   Website: http://www.doobdee.net
*   Description: Required a username and password to view certain elements
*/

if ($_POST['submit'])
{

   //   Your Username
   $username_value = '';

   //   Your Password :: Use md5 encryption
   $password_value = '';

   $username = isset($_POST['username']) ? stripslashes($_POST['username']) : '';
   $password = isset($_POST['password']) ? md5(stripslashes($_POST['password'])) : '';

   if ($username === $username_value)
   {
      if ($password === $password_value)
      {
         echo 'Username And Password Correct';   //   Show what you want when log-in is complete
      }
      else
      {
         echo 'Your Username or password is incorrect';   //   Show error message if incorrect
      }
   }
   else
   {
      echo 'Your Username or password is incorrect';   //   Show error message if incorrect
   }
   exit;
}
?>
<html>
<head>
<title>Username and password required for page view</title>
</head>
<body>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" enctype="multipart/form-data">
<p>Enter your username and password:</p>
<input name="username" value="" type="text"><br />
<input name="password" value="" type="password"><br />
<input name="submit" value="View Page" type="submit">
</body>
</html>


When the page loads,
Code: Select all
if ($_POST['submit'])
is ignored as the submit button has not been pressed. Therefore, it misses the whole if() statement and moves to the HTML section below.
Code: Select all
<html>
<head>
<title>Username and password required for page view</title>
</head>
<body>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" enctype="multipart/form-data">
<p>Enter your username and password:</p>
<input name="username" value="" type="text"><br />
<input name="password" value="" type="password"><br />
<input name="submit" value="View Page" type="submit">
</body>
</html>


The form action, namely this part:
Code: Select all
<form action="<?php echo $_SERVER['PHP_SELF']; ?>"
tells the form that when to submit it processes itsef. Which is where the if()statement at the top comes into play.

Firstly it looks at:
Code: Select all
   //   Your Username
   $username_value = '';

   //   Your Password :: Use md5 encryption
   $password_value = '';


And set it to those variables. To get md5 encryption for a password, go to this site: http://pajhome.org.uk/crypt/md5/

The script then goes on to set the data filled out by the form to a variable, using stripslashes and isset and md5 for the password as shown below:
Code: Select all
   $username = isset($_POST['username']) ? stripslashes($_POST['username']) : '';
   $password = isset($_POST['password']) ? md5(stripslashes($_POST['password'])) : '';


Once this has been done, it compares the username and the username value and compares them if the two values are equal in both value and data type. (notice the ===).
Code: Select all
   if ($username === $username_value)
If this is true, it then goes on to compare password and password value, once again using ===.
Code: Select all
      if ($password === $password_value)
If this turns out to be true, it displays the data you want to be hidden. In this case:
Code: Select all
         echo "Username And Password Correct";   //   Show what you want when log-in is complete
If the second if() statment is returned false it gives the error. If the first if() statment is false it returns an error, therefore the only way of getting the page to show contents is to get both correct (username and password). The exit; command tells the script to stop running after login has been pressed.

I hope this has been helpful.

Kind regards,

DoobDee
Last edited by DooBDee on Sat Apr 08, 2006 9:32 am, edited 6 times in total.
User avatar
DooBDee
Moderator
Moderator
 
Posts: 3530
Joined: Tue Mar 01, 2005 6:28 pm
Location: DooBDee.net

Re: [Tutorial] Username And Passworded Page

Postby Phantom on Wed Jun 29, 2005 7:55 pm

Code: Select all
code not needed anymore ...

Very well written tutorial. Just one thing, on line 20, I would recommend making $username a post value, $_POST['username']. This isn't crucial, but I would recommend it nonetheless. Good job.
"Best of the best of the best, sir! With honors!" -- MIB
[ jphantom.com ]
Phantom
Registered User
Registered User
 
Posts: 245
Joined: Mon Apr 18, 2005 3:24 am

Postby DooBDee on Wed Jun 29, 2005 7:58 pm

Greetings,

I made a typo in my first post. Thanks for pointing out.

I have ammended it, if yuo scroll up. (line 17)

I tried to make it as easy for people as possible.
DooBDee
Website Ninja
DooBDee.net
User avatar
DooBDee
Moderator
Moderator
 
Posts: 3530
Joined: Tue Mar 01, 2005 6:28 pm
Location: DooBDee.net

Postby X_SD_X on Sat Apr 08, 2006 1:59 am

on line 17 you need a ' after the first username

also, is there a way to convert from md5 encryption back to text?
i like pie...
User avatar
X_SD_X
Registered User
Registered User
 
Posts: 280
Joined: Sun Jan 22, 2006 4:13 am
Location: Just around the corner

Postby DooBDee on Sat Apr 08, 2006 9:34 am

Thanks. Fixed typo. Also I updated code slightly. :)

md5() is one way hash encryption so therefore you can not unhash an md5() :)
DooBDee
Website Ninja
DooBDee.net
User avatar
DooBDee
Moderator
Moderator
 
Posts: 3530
Joined: Tue Mar 01, 2005 6:28 pm
Location: DooBDee.net

Postby X_SD_X on Sat Apr 08, 2006 9:56 am

aaah ok thanks
i like pie...
User avatar
X_SD_X
Registered User
Registered User
 
Posts: 280
Joined: Sun Jan 22, 2006 4:13 am
Location: Just around the corner

Postby DooBDee on Sat Apr 08, 2006 9:58 am

[quote user="X_SD_X" post="72968"]aaah ok thanks[/quote]

This is the method used for storing passwords in phpBB, it therefore made sense to use same method. There are other encryption types which are reversable, but once somebody gets hold of hash it wont be secure.
DooBDee
Website Ninja
DooBDee.net
User avatar
DooBDee
Moderator
Moderator
 
Posts: 3530
Joined: Tue Mar 01, 2005 6:28 pm
Location: DooBDee.net

Postby X_SD_X on Sat Apr 08, 2006 10:04 am

good point ;)
i like pie...
User avatar
X_SD_X
Registered User
Registered User
 
Posts: 280
Joined: Sun Jan 22, 2006 4:13 am
Location: Just around the corner

is this for retrieving a username and password?

Postby dede1963 on Wed Dec 06, 2006 10:31 pm

is this info for retrieving forgotten username and passwords ? and is this the procedure to use if this is the case? where do i access this procedure so that i can perform this action? :D
dede1963
Registered User
Registered User
 
Posts: 3
Joined: Thu Nov 09, 2006 4:13 am

Postby wicho7 on Wed Jan 10, 2007 2:25 am

I do all you mark but i hava a question, if I use this to direct a php page and when use the direct link for that page ( an example: mydomain/folder/archive.php ) it is redirected for the login page and cannot enter if i dont give the correct nick and password, sorry if I dont explain well but I speak spanish and some english but thanks for the person who reply this
wicho7
Registered User
Registered User
 
Posts: 5
Joined: Wed Jan 10, 2007 1:58 am


Return to PHP Tutorials

Who is online

Users browsing this forum: No registered users and 1 guest