Ted Penner
asked on
PHP standalone file(s).
Is it possible using client side only PHP code alone, to devise a secure login procedure?
If so, I would like to find a simplified example where a person would have to enter a password to bring up the page.
If so, I would like to find a simplified example where a person would have to enter a password to bring up the page.
ASKER
Thank you for your help!!
I should have left out the word security. I was trying to start with simplicity.
I just want to put up a php page up that asks for a password and then says "If you can see this, you have successfully logged in", and require only a password to access it.
That's it.
I should have left out the word security. I was trying to start with simplicity.
I just want to put up a php page up that asks for a password and then says "If you can see this, you have successfully logged in", and require only a password to access it.
That's it.
At it's simplest, you'd have something like this:
That's about as barebones as you can get, in my opinion, and it's not really very secure, but it should match what you're looking for.
<?php
session_start();
// Try to log in
if(!isset($_SESSION["logged_in"]) && isset($_POST["btnLogin"]))
{
$secret_password = "secret";
if($_POST["password"] == $secret_password)
{
echo "You have successfully logged in";
$_SESSION["logged_in"] = true;
}
}
// Second check to see if we're logged in now
if(isset($_SESSION["logged_in"]))
{
echo "If you can see this, you have successfully logged in.";
}
else
{
// Login form
echo "<html><body>\n";
echo "<form action='".basename(__FILE__)."' method='post'>\n";
echo "<p>Password:</p><input type='password' name='password'> <input type='submit' name='btnLogin' value='Login'>\n";
echo "</form>\n";
echo "</body></html>";
}
That's about as barebones as you can get, in my opinion, and it's not really very secure, but it should match what you're looking for.
gr8gonzo's example is good. To use this to control access to more than one page, you have to check the $_SESSION["logged_in"] variable on every page. I've used this method on some simple things.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That's very interesting.
Apparently PHP files require a web server in order to be processed through a browser, which makes sense. Unfortunately, that isn't an option for us.
Apparently PHP files require a web server in order to be processed through a browser, which makes sense. Unfortunately, that isn't an option for us.
Maybe if you tell us a little more about why that isn't an option, we can suggest a good workaround. You might be able to set up a web server on your own computer (I do this when I teach PHP). You might be able to set up a VM. The key to success is the client/server relationship.
You asked for an example, and I provided one....?
If you discovered you needed a web server, you could have left the question open and one of us would have responded and you could have split the points. As Ray later said, you can easily set up a web server on any computer.
If you discovered you needed a web server, you could have left the question open and one of us would have responded and you could have split the points. As Ray later said, you can easily set up a web server on any computer.
ASKER
Don't have the rights to do that
Don't have the rights to do thatHow can you get any work done? It's just a matter of installing a few programs on a PC or Mac. There is nothing exotic about it. Maybe consider posting a new question about this -- I think there are easy solutions within your grasp as soon as we can understand the bigger picture about what you're trying to do.
ASKER
I agree. I am trying to put together a page with information for a larger internal group. Unfortunately, without web server capabilities, I cannot do that.
There are also many layers of security, which begs the question - how secure do you want it to be? You mention a password, but is there a username that goes along with that password, or is it just a "if-you-know-it-you-can-ge
There's about a hundred different ways to have an authenticated web page, so it would probably be better if you described your goal, your concerns, your audience/users, etc...