[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 194
  • Last Modified:

2 Step login system question

Hi experts,

I have a question here.

These are the stages:

A cookie is created with a key field....If the key is typed in correctly then you can go to the login page, in which you put your login and password as normal.

How can I stop people going straight to the login page without first passing thru the key page correctly please?

Thanks

ST3VO

0
ST3VO
Asked:
ST3VO
  • 10
  • 7
  • 3
1 Solution
 
Loganathan NatarajanLAMP DeveloperCommented:
you may create key variable and check it other pages
0
 
ST3VOAuthor Commented:
How do I do that?

Could you please explain?
0
 
Loganathan NatarajanLAMP DeveloperCommented:
A cookie is created with a key field...

>> just check this cookie whether it is set or not on those pages like

<?php

if(!isset($_COOKIE['AboutVisit']))
{
  >> go to login page

}

read this article,
http://www.freewebmasterhelp.com/tutorials/cookies/2
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
ST3VOAuthor Commented:
So...what you are basically saying is that if the key is successfully then is creates a cookie....which the login page checks to see if it exists?

Or the page passes a variable to the login page???

Sorry....I know very little php :o/

0
 
nplibCommented:
I would use sessions instead,

if the person disables cookies, they won't be able to use the login page at all.
0
 
ST3VOAuthor Commented:
What about doing it via submitting a hidden variable on a submit form to the login page?

I wouldn't have to use cookies that way and would it be more secure?

0
 
Loganathan NatarajanLAMP DeveloperCommented:
then you can use well the "SESSION" ... also cookies  (even you can mixup) ...  the same process could be done in the login process.,
0
 
ST3VOAuthor Commented:
Can someone please give me a short simple example so I can understand it please?

I'm crap at php so I need an explanation for Dummies of what to insert on the login page so that people can only access that page if the right hidden bariable is passed.

Sorry about that :o/

Thanks
0
 
ST3VOAuthor Commented:
I don't think I explained myself properly sorry!

The login page alread exists and it's working!

So from the pre-login page I send a hidden variable.

If I send for example yes....then the user can proceed to enter his login and password otherwise...he cannot enter the login and password or gets access denied or something.

I need to ADD this to the top of the login page and not have to modify the existing code just add the new code at the top.

Hope this helps!

Thanks

ST3VO
0
 
Loganathan NatarajanLAMP DeveloperCommented:
If I send for example yes....then the user can proceed to enter his login and password otherwise...he cannot enter the login and password or gets access denied or something.

>> what do you mean "If I send for example yes...." ....

normally there will be login screen and will redirect to another page.. hope this you have it..  

what to be done to go to this page???

please i could not understand what are you trying?
0
 
ST3VOAuthor Commented:
OK....

I have a php page called 1.php

There I have a form. (Let's supposed I hardcode the variable to post with YES or NO)
So I submit the form on 1.php

I then have a normal db driven login page.

I need so code to put on the Login.php page (TOP)

So, by default a used CANNOT go directly to the login.php page UNLESS a hidden variable with a value of say...."YES" has been posted from 1.php.

Sorry about my explanations :o/ I'm trying my best :o(


0
 
Loganathan NatarajanLAMP DeveloperCommented:
oh ... it is very simple,

Let's supposed I hardcode the variable to post with YES or NO

>>> might be something like this,

<input type=""hidden" name="check_status" value="YES">


... ..

so on the Login.php top,..


#1 You can check whether the variable is set or not  like this,

if (!isset($check_status)) {

   << redirect to login page>>

}



#2 if ($_POST["check_status"] != "YES" ) {

    << redirect to login page >>
}


hope this helps.,

am looking forward to you.,


0
 
ST3VOAuthor Commented:
Hmmm...that's more like it...just got 1 question:

1.php will post ---- submit and go to the actual login page (login.php)

So, I don't want to redirect.....

What I need is for example:

1.php submits variable and goes to the login page....

If variable is there then show the login page otherwise say access Denied.

Thanks again :o)
0
 
Loganathan NatarajanLAMP DeveloperCommented:
Ok ...

login.php top of the page add these lines
====================== ===========

#2 if ($_POST["check_status"] != "YES" ) {

        echo "Access Denied ....  ";

        exit;

} else {

  >> the login screen  >>

}

same way, the #1 could be altered....

hope this helps to finish it....
0
 
ST3VOAuthor Commented:
Perfect!!!! Thanks very much for all your help :o)
0
 
ST3VOAuthor Commented:
Thanks a million!!!!
0
 
nplibCommented:
using hidden fields for authentication is a very bad idea.

you can be and probably will be hacked.
0
 
ST3VOAuthor Commented:
I just want to get it to work first and worry about the security later :o)

0
 
nplibCommented:
yeah, but getting it to work, then having to completely rewrite it, because your security is non existent would have meant that you spent all this time getting it to work for nothing.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 10
  • 7
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now