2 Step login system question
Hi experts,
I have a question here.
These are the stages:
A cookie is created with a key field....If the key is typed in correctly then you can go to the login page, in which you put your login and password as normal.
How can I stop people going straight to the login page without first passing thru the key page correctly please?
Thanks
ST3VO
I have a question here.
These are the stages:
A cookie is created with a key field....If the key is typed in correctly then you can go to the login page, in which you put your login and password as normal.
How can I stop people going straight to the login page without first passing thru the key page correctly please?
Thanks
ST3VO
Loganathan Natarajan
you may create key variable and check it other pages
ASKER
How do I do that?
Could you please explain?
Could you please explain?
A cookie is created with a key field...
>> just check this cookie whether it is set or not on those pages like
<?php
if(!isset($_COOKIE['AboutV
{
>> go to login page
}
read this article,
http://www.freewebmasterhelp.com/tutorials/cookies/2
>> just check this cookie whether it is set or not on those pages like
<?php
if(!isset($_COOKIE['AboutV
{
>> go to login page
}
read this article,
http://www.freewebmasterhelp.com/tutorials/cookies/2
ASKER
So...what you are basically saying is that if the key is successfully then is creates a cookie....which the login page checks to see if it exists?
Or the page passes a variable to the login page???
Sorry....I know very little php :o/
Or the page passes a variable to the login page???
Sorry....I know very little php :o/
I would use sessions instead,
if the person disables cookies, they won't be able to use the login page at all.
if the person disables cookies, they won't be able to use the login page at all.
ASKER
What about doing it via submitting a hidden variable on a submit form to the login page?
I wouldn't have to use cookies that way and would it be more secure?
I wouldn't have to use cookies that way and would it be more secure?
then you can use well the "SESSION" ... also cookies (even you can mixup) ... the same process could be done in the login process.,
ASKER
Can someone please give me a short simple example so I can understand it please?
I'm crap at php so I need an explanation for Dummies of what to insert on the login page so that people can only access that page if the right hidden bariable is passed.
Sorry about that :o/
Thanks
I'm crap at php so I need an explanation for Dummies of what to insert on the login page so that people can only access that page if the right hidden bariable is passed.
Sorry about that :o/
Thanks
ASKER
I don't think I explained myself properly sorry!
The login page alread exists and it's working!
So from the pre-login page I send a hidden variable.
If I send for example yes....then the user can proceed to enter his login and password otherwise...he cannot enter the login and password or gets access denied or something.
I need to ADD this to the top of the login page and not have to modify the existing code just add the new code at the top.
Hope this helps!
Thanks
ST3VO
The login page alread exists and it's working!
So from the pre-login page I send a hidden variable.
If I send for example yes....then the user can proceed to enter his login and password otherwise...he cannot enter the login and password or gets access denied or something.
I need to ADD this to the top of the login page and not have to modify the existing code just add the new code at the top.
Hope this helps!
Thanks
ST3VO
If I send for example yes....then the user can proceed to enter his login and password otherwise...he cannot enter the login and password or gets access denied or something.
>> what do you mean "If I send for example yes...." ....
normally there will be login screen and will redirect to another page.. hope this you have it..
what to be done to go to this page???
please i could not understand what are you trying?
>> what do you mean "If I send for example yes...." ....
normally there will be login screen and will redirect to another page.. hope this you have it..
what to be done to go to this page???
please i could not understand what are you trying?
ASKER
OK....
I have a php page called 1.php
There I have a form. (Let's supposed I hardcode the variable to post with YES or NO)
So I submit the form on 1.php
I then have a normal db driven login page.
I need so code to put on the Login.php page (TOP)
So, by default a used CANNOT go directly to the login.php page UNLESS a hidden variable with a value of say...."YES" has been posted from 1.php.
Sorry about my explanations :o/ I'm trying my best :o(
I have a php page called 1.php
There I have a form. (Let's supposed I hardcode the variable to post with YES or NO)
So I submit the form on 1.php
I then have a normal db driven login page.
I need so code to put on the Login.php page (TOP)
So, by default a used CANNOT go directly to the login.php page UNLESS a hidden variable with a value of say...."YES" has been posted from 1.php.
Sorry about my explanations :o/ I'm trying my best :o(
oh ... it is very simple,
Let's supposed I hardcode the variable to post with YES or NO
>>> might be something like this,
<input type=""hidden" name="check_status" value="YES">
... ..
so on the Login.php top,..
#1 You can check whether the variable is set or not like this,
if (!isset($check_status)) {
<< redirect to login page>>
}
#2 if ($_POST["check_status"] != "YES" ) {
<< redirect to login page >>
}
hope this helps.,
am looking forward to you.,
Let's supposed I hardcode the variable to post with YES or NO
>>> might be something like this,
<input type=""hidden" name="check_status" value="YES">
... ..
so on the Login.php top,..
#1 You can check whether the variable is set or not like this,
if (!isset($check_status)) {
<< redirect to login page>>
}
#2 if ($_POST["check_status"] != "YES" ) {
<< redirect to login page >>
}
hope this helps.,
am looking forward to you.,
ASKER
Hmmm...that's more like it...just got 1 question:
1.php will post ---- submit and go to the actual login page (login.php)
So, I don't want to redirect.....
What I need is for example:
1.php submits variable and goes to the login page....
If variable is there then show the login page otherwise say access Denied.
Thanks again :o)
1.php will post ---- submit and go to the actual login page (login.php)
So, I don't want to redirect.....
What I need is for example:
1.php submits variable and goes to the login page....
If variable is there then show the login page otherwise say access Denied.
Thanks again :o)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Perfect!!!! Thanks very much for all your help :o)
ASKER
Thanks a million!!!!
using hidden fields for authentication is a very bad idea.
you can be and probably will be hacked.
you can be and probably will be hacked.
ASKER
I just want to get it to work first and worry about the security later :o)
yeah, but getting it to work, then having to completely rewrite it, because your security is non existent would have meant that you spent all this time getting it to work for nothing.