why not store your username and passwords in a php file, not super secure but better than a .txt file.

You could also shore up the security by converting your passwords using md5 www.php.net/md5 That way, even if your password file gets compromised, people wont be able to know the passwords.

Thank u very much hughie, can u rediret me to a script that does this?
Would really appreciate it..
(-:

password.php:

<?
$password = "pass";
?>

mainpage.php:

<?
include ("password.php");
if ($userpass == $password)
{
echo "password is correct";
}
else
{
echo "password is incorrect";
}
?>

10x wonderboy (-: but is this secure enough?

If you are storing your bank details, no.
If it is to gain access to a 'secret' area of a site, yes. The beauty is, you can just change the password in password.php once a week... Making it annoying for anyone desperate enough to try and get in.

If anyone has access to your files locally also, this is probably the biggest risk.

W.

Ok.
I need it to be a login form? how do i do that?

there are hundreds of tutorials for this very topic out there dood!

google search PHP form to read up on it.

If you are using dreamweaver it is a matter of inserting form, inserting form objects, setting the form action to post to the PHP file, and mess with the variables in there.

for a basic log in, keeping your usernames and passwords in a seperate file....

in file passwords.php
-------------
<?php
$users[]='hughie';
$passw[]='mypass';

$users[]='hughie2';
$passw[]='mypass2';
?>
-----------------

and in file login.php
-----------------------
<?php
require("passwords.php");
?>
<html>
<head>
<title> Password Loging</title>
</head>
<body>
<?php
$logok=0;
if (isset($_POST['submit']))
{
for ($i=0;$i<sizeof($users);$i++)
{
if ($users[$i]==$_POST['username'])
{
if ($passw[$i]==$_POST['password'])
{
$logok=1;
}
}
}
if ($logok==1)
{
echo 'YOU ARE NOW LOGGED IN';
}
else
{
echo 'WRONG DETAILS - <a href="'.$_SERVER[PHP_SELF].'">CLICK TO TRY AGAIN</a>';
}
}
else
{
?>
<form name="form1" method="post" action="<?php echo $_SERVER[PHP_SELF];?>">
Username:<input type="text" name="username"><br>
Password:<input type="text" name="password"><br>
submit:<input type="submit" name="submit" value="submit">
</form>
<?php
}
?>
</body>
</html>
-------------------
ta,
hughie

same using MD5.

passwords.php
----------
<?php
$users[]='hughie';
$passw[]='a029d0df84eb5549c641e04a9ef389e5';

$users[]='hughie2';
$passw[]='29e80f01374c71764422b94532a4b336';
?>
----------

and in login.php
----------
<?php
require("passwords.php");
?>
<html>
<head>
<title> Password Loging</title>
</head>
<body>
<?php
$logok=0;
if (isset($_POST['submit']))
{
for ($i=0;$i<sizeof($users);$i++)
{
if ($users[$i]==$_POST['username'])
{
// for reference
echo 'MD5 of pass='.md5($_POST['password']).'<br><br>';
if ($passw[$i]==md5($_POST['password']))
{
$logok=1;
}
}
}
if ($logok==1)
{
echo 'YOU ARE NOW LOGGED IN';
}
else
{
echo 'WRONG DETAILS - <a href="'.$_SERVER[PHP_SELF].'">CLICK TO TRY AGAIN</a>';
}
}
else
{
?>
<form name="form1" method="post" action="<?php echo $_SERVER[PHP_SELF];?>">
Username:<input type="text" name="username"><br>
Password:<input type="text" name="password"><br>
submit:<input type="submit" name="submit" value="submit">
</form>
<?php
}
?>
</body>
</html>

----------

ta,
Hughie

thank u very much indeed (-:

My goodness.. You guys sure are deep in your coding.

My page would look like this..

<?
$pass = "blahblahblah"
if(!$_POST)
{
 // show form
 if($form_pass!= $pass)
 { 
  die(Password not right.);
 }
}
else
{
 // show correct password page
}
?>

Seems simple enough to me. :-)
Doesn't seem to be editing my [code] tags

Beta chat,

- You are not checking against a password stored as an md5 hash of the password.
- You are not checking against a username and password, just a password.

On the original question, it will also be much better if the file in question is outside of the web root entirely, at which point it won't really matter if it's a php file or not.

Tom

Beta chat,
- You are not checking against a password stored as an md5 hash of the password.
- You are not checking against a username and password, just a password.

On the original question, it will also be much better if the file in question is outside of the web root entirely, at which point it won't really matter if it's a php file or not.

Tom

Tom,
For the example, I didn't think it was necessary, so I didn't include it.
Since I was giving basic details of a "structure", I didn't think checking anything else really was necessary either. I was just showing that all that coding can be done with less space taken up, and time as well.

I still have a question:
how do i use this code,

<?php
$users[]='hughie';
$passw[]='a029d0df84eb5549c641e04a9ef389e5';

$users[]='hughie2';
$passw[]='29e80f01374c71764422b94532a4b336';
?>

do i replace the passw with my own password, how does this md5 works?

let's say the user input is $_POST['pwd'] and $_POST['username']

$test_pwd = md5($_POST['pwd']);
for ($i=0, $max=sizeof($users); $i<$max; $i++)
{
if ($_POST['username'] == $users[$i] && $test_pwd == $_POST['pwd'])
{
let 'em in
}
}