I am very new to php. In fact this is my first time ever. I have an html page called DocumentLinks.html How can I create a secure login page in php that will allow users to log in to it. I don’t need to use LDAP beause there will only be one username and one password. It has to be in php because my boss want’s it to be consitent with the whole website (designed using php). I have a code snippet that authenticates aginst cookies but it does’nt seem to be working and from what I’ve been told, cookies are unsecure. Cab anyone help me out?
If I understand correctly, you are looking to have a single username and password that will authorize access to a page, without using a database.
Please give the following code a try:
[php]
<form method="POST" action="">
User: <input type="text" name="user" /><br/>
Password: <input type="text" name="password" /><br/>
<input type="submit" name="submit">
<?php
}
else
{
echo ‘Success!’;
// This is where you would put the body for the authorized page.
// You could also include a prepared php or html file, but make sure it isn’t directly accessible from a url
}
?>
The authorized user for the test code is “test” and the password is “test”.
Note that both are case sensitive, so “Test” will not work. In an effort to provide a little more security, the password has already been hashed using php’s hash() command (as sha256). This should provide a small degree of additional security in the event an individual is able to directly view the file. Make sure to change this to the pre-hashed value for whatever password you wish to use.
This is obviously a framework and you will probably want to style the form and page appropriately.
There are other and possibly better ways of accomplishing your goal. One example would be to modify your .htaccess file to password protect a directory. Another would be to store the hashed password in a separate file (make sure it isn’t directly accessible by url!). I believe the above solution will be adequate for your stated purpose however.
Do I put this code on the page that I want to Log in to?
The best use would depend on your actual page. This was really meant as more of an example, but the following modification might make things easier:
[php]
<?php $allowedUser = 'test'; $hashedPass = '9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08'; if(!isset($_POST) || hash('sha256',$_POST['password']) != $hashedPass) { ?> <form method="POST" action="">
User: <input type="text" name="user" /><br/>
Password: <input type="text" name="password" /><br/>
<input type="submit" name="submit">
<?php
exit;
}
?>
[/php]
Try just inserting this at the very top of your php page (make sure the page is saved as a .php file not .html).
If that doesn’t work, I would be happy to help you work it into your page - but I would need to know a little more about the actual page.
I just re-read your original post and see that the page you are securing is “DocumentLinks.html.” This is going to need to be changed in order to use any php code directly on the page. While you can simply change the filename to “DocumentLinks.php”, this will mess up any links that you may have already made to the DocumentLinks.html page.
There are a few different options available in this situation: If you don’t have many existing links and you have the ability to edit them, you could simply point them to the php document instead. If users have been using the page, they may have already bookmarked the html file, so this option may not be ideal. Another option would be to redirect the DocumentLinks.html page to DocumentLinks.php. A redirect can be accomplished several different ways, the easiest is probably to change the html page to something like:
<!DOCTYPE html>
<html>
<head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.yourdomain.com/DocumentLinks.php" />
</head>
</html>You will obviously need to replace the url in the redirect to the proper url for the php file.