ArticlesReader.com Menu
Newest Articles
Most Viewed Articles
ArticlesReader.com RSS
Submit Article
Login
Signup
Search the articles

Articles Main Categories
Advice
Animals
Automobiles
Business
Career
Communications
Computer Programming
Computers
Entertainment
Environment
Family
Fashion
Finance
Food
Health & Medical
Home & Garden
Humor
Internet Business
Internet Marketing
Legal
Leisure & Recreation
Marketing
Other
Politics
Reference & Education
Religion
Self Improvement
Sports
Technology & Science
Travel
Writing
Subscribe
Receive alert message from us when new articles submitted to our site for free.

Enter your name

Enter your email

Syndicate

















Related Products
Home::Robert Plank

Password Protection and File Inclusion With PHP

Author : Robert Plank

First off, if you read last week's article by me (the one about
site personalization in PHP), I have one addition to make to
make your life a little easier. If you didn't read last week's
article, read it. It'll help you. You can find it here:
http://jumpx.com utorials/1

Now, remember how we personalized a page for your visitor? This
works fine, but what do we do if they didn't use that special
link, and just went to the page?

What I'm saying is, if you special personalized page was at
http://www.your.host/sales.php/f=Oscar/l=Grouch but your visitor
only went to http://www.your.host/sales.php. Instead of the name
there would just be a blank spot! Last week I forgot to cover
this.

All we have to do to fix it is to tell PHP that if they didn't
leave a name, to substitute one in for them. So let's say that
if they left their first name blank to make their first name
"Friend". This way instead of saying "Dear Oscar:" it would say
"Dear Friend:".

Put the following line of code JUST ABOVE THE LINE that says
something similar to: echo "$f $l" :

if ($f == "") { $f = "Friend"; }

That way, you can use your special personalized page as a normal
page and no one will be the wiser.

Password protection is something you need every once in a while.
Whether it's a secret site you're running or just the control
panel of your favorite script.

Sometimes you don't need a fancy solution like .htaccess if
you're only worrying about a single user (you). But JavaScript
passwords can be worked around, and HTML-based passwords based
on cookies, written in PHP are complicated and take time to
write. Htaccess is nice but it's a pain if you just want to use
it for one person.

Here is a simple way to use HTTP authentication (the same you
see used by htaccess) with just a few lines of code. Below are
the sample contents of a file you can use.


$myusername = "myusername"; $mypassword = "mypassword";
$areaname = "My Protected Area";

if ($PHP_AUTH_USER == "" || $PHP_AUTH_PW == "" || $PHP_AUTH_USER
!= $myusername || $PHP_AUTH_PW != $mypassword) {
header("HTTP/1.0 401 Unauthorized"); header("WWW-Authenticate:
Basic realm="$areaname""); echo "

Authorization
Required.

"; die(); }

?>

my main text.

Last week we learned that PHP code can be integrated into your
HTML. All you have to do is make sure the file ends in .php (for
example, "firehydrant.php") and it will work. Everything that
comes in between this:


/* And this: */

?>

Is treated as PHP code. Everything outside of those tags is
treated as plain HTML.

When copying this code over be SURE to include that last line
where it says "my main text." Note that "my main text" is
located outside of the PHP code brackets. This means that where
you see "my main text" can be your normal HTML file!

Take all of this code and Upload the script onto your web server
and run it in the browser. You should be greeted by a password
popup box similar to those you see with htaccess. Enter
"myusername" as the username and "mypassword" as the password.
You should be given a page that says "my main text" and nothing
else.

Close your browser window (this is very important) and going
back to that page. Try entering the wrong info. The box will
come up again. You have three tries and then are given that
dreadful "Authorization Required" message.

If you want to take the next step, go back to your code and
change "myusername" and "mypassword" to a username and password
of your choice. Upload it back to your web server and try again.
Now go to that page again and you'll see that you can only be
let in using the username and password you chose for yourself.

Now change the part that says "My Protected Area" to something
else, say "John Calder's Bar and Grill." Upload and try it.
You'll see when that password box comes up under "Realm" it'll
say "John Calder's Bar and Grill." You can change this to
whatever you like.

But what if you want to password protect just a handful of
files? Do you have to copy and paste this code onto PHP script
after PHP script?

Hell no!

Take the code you just modified and take the last line out of
it. You know, the one that said "my main text." All you should
have in there now is everything in between the PHP brackets
().

Save this file as "auth.php". You can rename this later, on your
own time.

Make a new file called "test.php" or just rename one of your
normal HTML to this name. It doesn't matter. At the very top of
test.php (the VERY top, meaning the first line) copy and paste
this line of code:



Upload auth.php and test.php to your web server and run
test.php. Make sure both files are placed in the same folder.
Now, try to go to test.php in your web browser. You'll see that
you can't get to test.php without the right username and
password. You can do this to any file with a ".php" extension
just by adding that one line of code.

The catch to it is that this line of code has to be at the very
top of the file. On the very first line. The reason for this is
that when the script asks for a person's username and password,
these are sent using HTTP headers and *must* come before
anything else.

Of course, this doesn't take care of your secret sites or
private members' areas, where you have to deal with several
logins, but that's what htaccess is for.

While we're on the subject of includes, one last thing before we
finish up.

Includes are basically a way of absorbing other files into your
script. As you saw when we included auth.php, the script read
everything that was in auth.php and used it as if the contents
of that file were actually there. This works with not only PHP
scripts but also with other files as well.

Make a new file called "header.html". Put anything you want in
it, but I just put "This is my header " when I did it.

Make a second file called "footer.html". Again, go again and put
anything you want in it, but I just put "This is my footer " in.

Make a third file called "main.php." Copy the following into it.



This is my main page



Upload all three into the same folder and run main.php. You
should see the following:

This is my header This is my main page This is my footer

This is just a basic example of how includes can be used. But if
you have a web site with several pages and the same layout...
wouldn't it be easier just to put everything above your main
text in header.html and everything below that main text in
footer.html? That way if you change your design you only have to
edit 2 files instead of 100 or 200?

You'd think.

Spam emails More free articles

Related articles


  1. 5 CGI Scripts You Must Use to Turn Your Site Into a Powerhouse
  2. Clever Profit Growth Software
  3. Why Aren't You Using CGI
  4. Use CGI to Automate Your Web Site
  5. CGI: What the Heck Is That?
  6. CGI Security Issues
  7. How to Stop Digital Thieves with CGI
  8. Quick Intro to PHP Development
  9. Better Writing: What Works and What Doesn't
  10. Password Protection and File Inclusion With PHP
  11. Autoresponders With PHP
  12. Track your visitors, using PHP
  13. PHP On-The-Fly!
  14. PHP and Cookies; a good mix!
  15. Screen scraping your way into RSS
  16. Mastering Regular Expressions in PHP
  17. ASP, CGI and PHP Scripts and Record-Locking: What Every Webmaster Needs To Know
  18. Open Source Scripts
  19. this is a test
  20. An Extensive Examination of the PHP:DataGrid Component: Part 1
  21. PHP:Form Series, Part 1: Validators & Client-side Validation
  22. Design an Online Chat Room with PHP and MySQL
More related feeds
85 FREE PHP SCRIPTS - WebsiteTreats.com
any file you specify. It will log their IP Address, Remote Address, browser type and even operating system and you can easily modify and add new downloads through a powerful password protected admin panel. This script can keep track of ...

Password Protect your pages in PHP | Blazek Web Design
Now if you want to password protect a page simply add this line to the top of any page, but make sure you do not have the “include ‘config.php’” before or after because that file is already included in my previous examples and will ...

SMobile Systems Launches Security Shield for Blackberry with Anti ...
... enterprise management, protection for mobile professionals from harmful data on open networks and data security and password-protection for content and files. SMobile is headquartered in Columbus, OH with facilities in Fort Lee, ...

Single Sign-On for SugarCRM Through a SAML-Based Integration of ...
Simply retain the default values in the saml20-sp-hosted.php file. Configuring the SAML 2.0 IdP Remote Metadata To configure the SAML 2.0 IdP remote metadata:. Add the following metadata at the end of the configuration file, ...

XOOPS 2.3.2a - Security Release - Security - XOOPS News : XOOPS ...
Fixed security vulnerability in autologin (phppp/Dylian/alfred) - Improved protector module for potential local file inclusion (DSGGIJOE/phppp/) - Modified /model/sync.php for backward compatibility (phppp/boy0917) ...

Tutorial #2: Password Protection and File Inclusion With PHP
Article by Robert Plank Experienced PHP/JavaScript Tutor Solves 19 Of Your Most Frustrating Direct Response Sales Page Hang-Ups http://www.salespagetactics.com/magicalnet First off, if you read last week’s article by me (the one about ...

0DayCar: Word2PDF Converter 1.0
Make a signature on the PDF in the background at any position in first or last page. Signature file need to be of .pfx extension with password protection. This ensures that no one steal your signature without correct password. ...

Freelance Project | Copy Protection
I need a paypal IPN membership script that protect PHP files. Must have; - member groups, such as trial, gold, platinum - admin area. - members to change email address and password - use mysql I'd like to do include the script in my ...

US-CERT Cyber Security Bulletin SB08-329 -- Vulnerability Summary ...
PHP remote file inclusion vulnerability in layout/default/params.php in Boonex Orca 2.0 and 2.0.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the gConf[dir][layouts] parameter. ...

Little tips for security | smt-info.com
The commands in .htaccess have effect on that folder and any sub-folder, unless a particular sub-folder has its own .htaccess file within. To password protect a folder, Apache also uses a file called .htpasswd . This file contains the ...

 

 

2007 articlesreader.com - All Rights Reserved