[PHP] Help Pl0x :S

Hey guys, i am having a bit of trouble with php and only just started learning, i am wanting a basic user auth to access another php file, but i dont want it to connect through a MySQL data base or w/e... can anyone help me

::EDIT::
I have read tutorials and all, but i can't seem to get it right...
The website I was looking at was: http://au2.php.net/features.http-auth

Please someone help >_<

 

well, have a form, two fields, one called username and other called password, then have it go to login.php

in login.php have

Code:

<?php

$username = $_POST['username'];
$password = $_POST['password'];

$users = "filename.txt";

$contents = fread($users, filesize($users));
if (preg_match("/".$username."-".$password."/"im, $contents)) {
echo "Now Logged In!";
}else {
die("Wrong details.");
}
?>

in the second file have it set up as

and so on and forth.

This is untested but should work

 

Thanks that is a start, but isn't the type of auth i wanted... what i wanted was this:

it is supposed to pop up asking for details... >_<

 

that's most likely a htpasswd protection scheme (Google will help you more at this point)
You'll need two files, .htaccess and .htpasswd, and if your server is running IIS it wont work.

 

:huh: hmm... i am sure i have seen it down on php as well... eg:

Code:

if (!isset($_SERVER['PHP_AUTH_USER'])) {

    header('WWW-Authenticate: Basic realm="My Realm"');
    header('HTTP/1.0 401 Unauthorized');
} else {

and so on, etc... but i dont fully understand it, i have tried google and found a site containing stuff like this, but as i said i dont fully understand how it works >_<

 

Here's a nice free script that does that. It's just a password, not a user.

PHP:

<?php
/*************************************************
 * Max's Site Protector
 *
 * Version: 1.0
 * Date: 2007-11-27
 *
 ****************************************************/
class maxProtector{
    var $password = 'aisudfha';
    
    function showLoginForm(){
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
   <title>Max's File Uploader</title>
   <link href="style/style.css" rel="stylesheet" type="text/css" />
</head>
<body>
       <div id="container">
            <div id="header"><div id="header_left"></div>
            <div id="header_main">Max's Site Protector</div><div id="header_right"></div></div>
            <div id="content">
                <form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post">
                     <center>
                         <label>Password:
                             <input name="passwd" type="password" size="20" />
                         </label><br/>
                         <label>
                             <input type="submit" name="submitBtn" class="sbtn" value="Login" />
                         </label>
                     </center>
                 </form>
             </div>
             <div id="footer"><a href="http://www.phpf1.com" target="_blank">Powered by PHP F1</a></div>
         </div>
</body>         
<?php
    }

    function login(){
        $loggedin = isset($_SESSION['loggedin']) ? $_SESSION['loggedin'] : false;
        if ( (!isset($_POST['submitBtn'])) && (!($loggedin))){
            $_SESSION['loggedin'] = false;
               $this->showLoginForm();
               exit();
        } else if (isset($_POST['submitBtn'])) {
               $pass = isset($_POST['passwd']) ? $_POST['passwd'] : '';
      
               if ($pass != $this->password) {
                   $_SESSION['loggedin'] = false;
                   $this->showLoginForm();
                   exit();     
               } else {
                   $_SESSION['loggedin'] = true;
               }
        }

    }
}

// Auto create
session_start();
$protector = new maxProtector();
$protector->login();
?>


And then in all the files you want it to protect...

PHP:

<?php require_once("maxProtector.class.php"); ?>

However, if you want to have a user and password collection on text files, that's possible, but it'd take some alteration, and you'd have to have a series of strings/ifs/ and possibilities... probably ending in a bit of hacking, unsafeness.


This script works well, i've had no problems with it:

http://downstage.tv/game/


Just remember, if you use it, that you have to CLICK THE LOGIN BUTTON. You can't just press enter... it doesn't work.


Enjoy, any alterations needed will cost .

 

Code:

<?PHP if (!isset($_SERVER['PHP_AUTH_USER']) && !isset ($_SERVER['PHP_AUTH_PW']))
{
header('WWW-Authenticate: Basic realm="my Realm"');
header('HTTP/1.0 401 Unauthorized');
echo '<b>Authorization Required - Access Denied!</b>';
// now unset user/name entered to retry
unset($_SERVER['PHP_AUTH_USER']);
unset($_SERVER['PHP_AUTH_PW']);
exit;
}
else
{
// user is now auth
echo 'Welcome ' . $_SERVER['PHP_AUTH_USER'];
} ?>

(http://www.phpbuilder.com/board/archive/index.php/t-10257980.html)

I've tested it, and it works perfectly as if you used an .htaccess file.

 

Um... as i said i dont understand php very well.. but where do i put the password (l0l >_<)

 

You have to do the password checking yourself.

Code:

<?PHP if (!isset($_SERVER['PHP_AUTH_USER']) && !isset ($_SERVER['PHP_AUTH_PW']))
{
header('WWW-Authenticate: Basic realm="Enter User Data!"');
header('HTTP/1.0 401 Unauthorized');
echo '<b>Authorization Required - Access Denied!</b>';
// now unset user/name entered to retry
unset($_SERVER['PHP_AUTH_USER']);
unset($_SERVER['PHP_AUTH_PW']);
exit;
}
else
{
if($_SERVER['PHP_AUTH_USER']=="USERNAME" && $_SERVER['PHP_AUTH_PW']=="PASSWORD") {
echo "You are logged in!";
}
else {
echo "Wrong password information!";
}
} ?>

 

Grr... Still doesnt work... its prob the host i am using >_<

 

What doesn't work exactly..?

 

Do you get any error messages...? None of the functions are generally disabled on any hosts...