faqts : Computers : Programming : Languages : PHP

+ Search
Add Entry AlertManage Folder Edit Entry Add page to http://del.icio.us/
Did You Find This Entry Useful?

12 of 24 people (50%) answered Yes
Recently 4 of 10 people (40%) answered Yes

Entry

i want to make a place where users must supply their username and password, i havent found anything.

Feb 22nd, 2008 19:58
dman, Ben Harvey, jarrod nettles, http://www.ttnr.org


I created password protection for my homepages as soon as I'd got to 
grips with the concept of PHP. Password protection is easy, but it 
depends on the level of security you're seeking.
You need to create a login page using plain HTML (no PHP is needed) and 
a form. For the form:
  ACTION="password_check_script.php" (or whatever)
  METHOD=post
You have two text input boxes on your login page: user name and 
password, with names defined (for example) as uname and upass. When the 
user clicks the submit button on your form, the values of uname and 
upass will be posted to password_check_script.php as variables: $uname 
and $upass. It's a doddle.
(Look at the source code of my login page for an example: 
http://www.sublimatic.org)
You can easily check the values of $uname and $upass against predefined 
values in your "password_check_script.php" if you're simply after basic 
security. More sophisticated would be a small database of users and 
passwords, against which your script compares the supplied details. 
This has the advantage of enabling you to control who uses your site 
individually, rather than using a single password for everyone.
Once you've confirmed that the supplied details are correct, you need 
to redirect visitors to the protected area of your site. You do this 
using a
  header("Location: newpage.html");
command, but you must ensure that you do this before your 
password_check_script.php outputs ANYTHING at all to the browser. You 
can't print anything to the screen before calling the header command, 
or you'll get an error.
When this is all working, add checks to the content pages of your site, 
and session variables to ensure that nobody's going straight to a 
content page and bypassing the security. This is more tricky, but PHP's 
built-in session functions make it reasonably straightforward.
HTH.
Ben