2 Step login system question

Hi experts,

I have a question here.

These are the stages:

A cookie is created with a key field....If the key is typed in correctly then you can go to the login page, in which you put your login and password as normal.

How can I stop people going straight to the login page without first passing thru the key page correctly please?

Thanks

ST3VO

ST3VOAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Loganathan NatarajanLAMP DeveloperCommented:
you may create key variable and check it other pages
0
ST3VOAuthor Commented:
How do I do that?

Could you please explain?
0
Loganathan NatarajanLAMP DeveloperCommented:
A cookie is created with a key field...

>> just check this cookie whether it is set or not on those pages like

<?php

if(!isset($_COOKIE['AboutVisit']))
{
  >> go to login page

}

read this article,
http://www.freewebmasterhelp.com/tutorials/cookies/2
0
Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

ST3VOAuthor Commented:
So...what you are basically saying is that if the key is successfully then is creates a cookie....which the login page checks to see if it exists?

Or the page passes a variable to the login page???

Sorry....I know very little php :o/

0
nplibCommented:
I would use sessions instead,

if the person disables cookies, they won't be able to use the login page at all.
0
ST3VOAuthor Commented:
What about doing it via submitting a hidden variable on a submit form to the login page?

I wouldn't have to use cookies that way and would it be more secure?

0
Loganathan NatarajanLAMP DeveloperCommented:
then you can use well the "SESSION" ... also cookies  (even you can mixup) ...  the same process could be done in the login process.,
0
ST3VOAuthor Commented:
Can someone please give me a short simple example so I can understand it please?

I'm crap at php so I need an explanation for Dummies of what to insert on the login page so that people can only access that page if the right hidden bariable is passed.

Sorry about that :o/

Thanks
0
ST3VOAuthor Commented:
I don't think I explained myself properly sorry!

The login page alread exists and it's working!

So from the pre-login page I send a hidden variable.

If I send for example yes....then the user can proceed to enter his login and password otherwise...he cannot enter the login and password or gets access denied or something.

I need to ADD this to the top of the login page and not have to modify the existing code just add the new code at the top.

Hope this helps!

Thanks

ST3VO
0
Loganathan NatarajanLAMP DeveloperCommented:
If I send for example yes....then the user can proceed to enter his login and password otherwise...he cannot enter the login and password or gets access denied or something.

>> what do you mean "If I send for example yes...." ....

normally there will be login screen and will redirect to another page.. hope this you have it..  

what to be done to go to this page???

please i could not understand what are you trying?
0
ST3VOAuthor Commented:
OK....

I have a php page called 1.php

There I have a form. (Let's supposed I hardcode the variable to post with YES or NO)
So I submit the form on 1.php

I then have a normal db driven login page.

I need so code to put on the Login.php page (TOP)

So, by default a used CANNOT go directly to the login.php page UNLESS a hidden variable with a value of say...."YES" has been posted from 1.php.

Sorry about my explanations :o/ I'm trying my best :o(


0
Loganathan NatarajanLAMP DeveloperCommented:
oh ... it is very simple,

Let's supposed I hardcode the variable to post with YES or NO

>>> might be something like this,

<input type=""hidden" name="check_status" value="YES">


... ..

so on the Login.php top,..


#1 You can check whether the variable is set or not  like this,

if (!isset($check_status)) {

   << redirect to login page>>

}



#2 if ($_POST["check_status"] != "YES" ) {

    << redirect to login page >>
}


hope this helps.,

am looking forward to you.,


0
ST3VOAuthor Commented:
Hmmm...that's more like it...just got 1 question:

1.php will post ---- submit and go to the actual login page (login.php)

So, I don't want to redirect.....

What I need is for example:

1.php submits variable and goes to the login page....

If variable is there then show the login page otherwise say access Denied.

Thanks again :o)
0
Loganathan NatarajanLAMP DeveloperCommented:
Ok ...

login.php top of the page add these lines
====================== ===========

#2 if ($_POST["check_status"] != "YES" ) {

        echo "Access Denied ....  ";

        exit;

} else {

  >> the login screen  >>

}

same way, the #1 could be altered....

hope this helps to finish it....
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ST3VOAuthor Commented:
Perfect!!!! Thanks very much for all your help :o)
0
ST3VOAuthor Commented:
Thanks a million!!!!
0
nplibCommented:
using hidden fields for authentication is a very bad idea.

you can be and probably will be hacked.
0
ST3VOAuthor Commented:
I just want to get it to work first and worry about the security later :o)

0
nplibCommented:
yeah, but getting it to work, then having to completely rewrite it, because your security is non existent would have meant that you spent all this time getting it to work for nothing.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.