I was wondering if anyone can help with my question. I also hope I have come to the right forum group. If this question is better suited on another group, please point me in the right direction.
Here is my problem, I want to be able to put a login username and password on a webpage and have no idea how to do it. I am mostly just a designer who deals with layout than someone who deals with development and scripts. I want text fields for the username and password on the page that would take them to thier specific page.
I was wondering how to do this...is there any easy way for someone like me who doesn't deal with this sort of thing? Is there any easy copy and paste code or any online page that would explain how to do this.
I also keep seeing things like .htaccess and things like that but have no idea what it is or how it works. I have notice on my host a "edit .htaccess" link that takes me to a page with a large text box but don't know anything about it. My host has a way to password protect directories but I want a username and password field to log them in to thier pages.
Can anyone help?
Thank You
<?php
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="my secret pages"');
header('HTTP/1.0 401 Unauthorized');
echo 'Authorisation failed. Please try again!';
exit;
}
else if (isset($_SERVER['PHP_AUTH_USER'])) {
if (($_SERVER['PHP_AUTH_USER']!= "login_name") ¦¦ ($_SERVER['PHP_AUTH_PW']!= "some_password")) {
header('WWW-Authenticate: Basic realm="my secret pages"');
header('HTTP/1.0 401 Unauthorized');
echo 'Authorisation failed. Try again!';
exit;
}
}
?>
Call it 'myloginscript.php', and include it on the first line of every page you want to protect: require_once("myloginscript.php");
The script causes the browser to show the standard login-prompt.
.htaccess is used to control access to entire directories of your website:
ie: you wouldn't put it in your root - because no-one could access your website, so you would put it in a directory like /protect or something.
Using htaccess you have the box which pops up with a username & password box in the middle of the screen (sticky me for an example)
to use htaccess, you need something like the following, and you need a htpasswd file, with usernames and encrypted passwords stored in. the whitebox you refer to from your host you would put following in.
htaccess file example:
AuthUserFile /real/path/to/folder/.htpasswd
AuthName "Please Log-in"
AuthType Basic
require valid-user
htpasswd file:
admin:udCOaa4534eY
user:ek4isdaRnoxCo
to generate encrypted passwords, you need an encrypter. (sticky me for url)
OR..you can go the PHP/MySQL way, and for this your best bet is to search hotscripts.com - i spent *ages* looking for a decent one, but ended up writing one myself, as none of them did exactly what I wanted.
IMHO, if security is the main reason - go for htaccess. much more secure (i think, though someone will disaggree) but if pretty is what you're going for, then look at php/mysql route.
hope this helps.
KR, william.
Just noticed, RonK's example is good for stand alone php authorisation.without a database?
Just noticed, RonK's example is good for stand alone php authorisation.without a database?
To add some security to the script, one could encrypt the password with md5().
