Would there be a way to modify this so I could use it with multiple usernames and passwords so I could redirect a user to a specified directory that you could only see if you had logged in on a master page first.


<?php

// Define your username and password
$username = "someuser";
$password = "somepassword";

if ($_POST['txtUsername'] != $username || $_POST['txtPassword'] != $password) {

?>

<h1>Login</h1>

<form name="form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<p><label for="txtUsername">Username:</label>
<br /><input type="text" title="Enter your Username" name="txtUsername" /></p>

<p><label for="txtpassword">Password:</label>
<br /><input type="password" title="Enter your password" name="txtPassword" /></p>

<p><input type="submit" name="Submit" value="Login" /></p>

</form>

<?php

}
else {

?>

<p>This is the protected page. Your private content goes here.</p>

<?php

}

?>


If I change the bottom to


<?php

}
else {

header( 'Location: http://www.test.com/test' );

}

?>


I can redirect the user but how can I do this for multiple users and how can I make sure they have to be logged in so they can't just go to the URL in the first place?

if you are only going to have several this below, if you are going to have many, better get a database

<?php
// Define your username and password
$username = array("someuser", "otheruser", "onemore");
$password = array("someuser" => "somepassword", "otheruser" => "otherpass');

if ($ok = in_array($_POST['txtUsername'], $username)) {
if($password[$ok] == $_POST['password'] {
echo "welcome";
}
} else {
//redirect
}
//untest script ******
?>

Why doesn't the PHP auto format / indent anymore????

would the redirect page be accessed only by people with the password or by anyone who knows the url?

anyone.
Don't redirect, just put the html inside the if() statement like so:

<?php
if ($xeef == "Master of PHP") {
?>
<head>
</head>
<body>
this page is secure
</body>
<?php
} else {
?>
Quit hacking
<?php
}
?>

As a related question:

Lets say I have a directory full of MP3 files (which I do) and I set up AMFPHP with flash, and use PHP sessions through a flash login, and use php directory listing to get the mp3 urls (which I have done all of), how do I protect those files?

Right now, the are +r for all users so that flash can read it. So if someone went to my site, into my music subdirectory, and into the artist/album subdirectory, and typed in the correct path, they could download my music. I have at least removed public directory listing, but if someone got their hands on the file URLs they could download them.

Is this safe enough? I would like to only be able to access the files if there is a php session, but I can't use the above example because my content is binary.

@Parez check this thread out:
http://actionscript.org/forums/showthread.php3?t=87695

I don't have enought knowledge to personally do it, but it may help you. If you figure it out please do tell.

i need to be able to redirect so each user has their own private page.

that is what php does: gives user their own private page. You don't need to redirect. For example:

<?php
//if (isset($_COOKIE['userID']) && $_COOKIE['userID'] == "***" && $_COOKIE['userPass'] == "***") {
// uploadFile();
//}
if ($_POST['userID'] == "***" && $_POST['userPass'] == "***"){
setcookie("userID", "***");
setcookie("userPass", "***");
uploadFile();
} else {
signIn();
}
?>
<?php

function uploadFile() {

?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>
<link href="../modernmusicians2.css" rel="stylesheet" type="text/css">
<style type="text/css">
<!--
.blueTable {
height: 497px;
background-image: url(../images/blueBackground.gif);
}
.whiteTable {
background-image: url(../images/whiteBox645.gif);
height: 481px;
}
.table3 {
height: 400px;
}
-->
</style>
</head>

<body>
<table width="632" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td><img src="../images/foo.jpg" width="200" height="50"></td>
</tr>
</table><br>
<table width="662" border="0" align="center" cellpadding="0" cellspacing="0" class="blueTable">
<tr>
<td><table width="645" border="0" align="center" cellpadding="0" cellspacing="0" class="whiteTable">
<tr>
<td><table width="630" border="0" align="center" cellpadding="0" cellspacing="0" class="table3">
<tr>
<td valign="top"><p>Welcome to foos' file uploader. </p>

<!-- The data encoding type, enctype, MUST be specified as below -->
<form enctype="multipart/form-data" action="uploadFile.php" method="POST">
<!-- MAX_FILE_SIZE must precede the file input field -->
<input type="hidden" name="MAX_FILE_SIZE" value="30000000000000" />
<!-- Name of input element determines name in $_FILES array -->
Send this file:
<input name="userfile" type="file" />
<input type="submit" value="Upload" />
</form>
</p></td>
</tr>
</table></td>
</tr>
</table></td>
</tr>
</table>

</body>
</html>
<?php

}

?>

<?php

function signIn() {

?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>
<link href="../modernmusicians2.css" rel="stylesheet" type="text/css">
<style type="text/css">
<!--
.blueTable {
height: 497px;
background-image: url(../images/blueBackground.gif);
}
.whiteTable {
background-image: url(../images/whiteBox645.gif);
height: 481px;
}
.table3 {
height: 400px;
}
-->
</style>
</head>

<body>
<table width="632" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td><img src="../images/foo.jpg" width="200" height="50"></td>
</tr>
</table><br>
<table width="662" border="0" align="center" cellpadding="0" cellspacing="0" class="blueTable">
<tr>
<td><table width="645" border="0" align="center" cellpadding="0" cellspacing="0" class="whiteTable">
<tr>
<td><table width="630" border="0" align="center" cellpadding="0" cellspacing="0" class="table3">
<tr>
<td valign="top"><p>Please sign in to access foo's file uploader.</p>
<form name="form1" method="post" action="signIn_selectFile.php">
<p>Please enter your userID:</p>
<input name="userID" type="text">
<p>
Please enter the password: </p>
<input name="userPass" type="password"> <br>
<input name="submit" type="submit" value="submit">
</form>
</p></td>
</tr>
</table></td>
</tr>
</table></td>
</tr>
</table>

</body>
</html>

<?php

}

?>

i see, that's pretty cool but i want to be able to direct everyone to 1 url, and have people use their user and pass to point them to their private page.

This is more along the lines of what i'm looking for, except with the ability to redirect people to different 'main.php' pages based on their user and pass.

login.php

<?php
// start the session
session_start();

$errorMessage = '';
if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {
// check if the username and password combination is correct
if ($_POST['txtUserId'] === 'theuser' && $_POST['txtPassword'] === 'thepass') {
// the username and password match,
// set the session
$_SESSION['basic_is_logged_in'] = true;

// after login we move to the main page
header('Location: main.php');
exit;
} else {
$errorMessage = 'Sorry, wrong username / password';
}
}
?>
<html>
<head>
<title>Basic Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>

<?php
if ($errorMessage != '') {
?>
<p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p>
<?php
}
?>
<form action="" method="post" name="frmLogin" id="frmLogin">
<table width="400" border="1" align="center" cellpadding="2" cellspacing="2">
<tr>
<td width="150">User Id</td>
<td><input name="txtUserId" type="text" id="txtUserId"></td>
</tr>
<tr>
<td width="150">Password</td>
<td><input name="txtPassword" type="password" id="txtPassword"></td>
</tr>
<tr>
<td width="150">&nbsp;</td>
<td><input name="btnLogin" type="submit" id="btnLogin" value="Login"></td>
</tr>
</table>
</form>

</body>
</html>


main.php

<?php
// start the session
session_start();

// is the one accessing this page logged in or not?
if (!isset($_SESSION['basic_is_logged_in']) || $_SESSION['basic_is_logged_in'] !== true) {
// not logged in, move to login page
header('Location: login.php');
exit;
}

?>
<html>
<head>
<title>Main User Page</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>

<p>This is the main application page. You are free to play around here since you are an autenthicated user :-) </p>
<p>&nbsp;</p>
<p><a href="logout.php">Logout</a></p>

</body>
</html>


logout.php

<?php
// start the session
session_start();

// if the user is logged in, unset the session
if (isset($_SESSION['basic_is_logged_in'])) {
unset($_SESSION['basic_is_logged_in']);
}

// now that the user is logged out,
// go to login page
header('Location: login.php');
?>

I tried modifying the previous code to accompany multiple users but it doesn't seem to be working.

login.php

<?php
// start the session
session_start();

$errorMessage = '';

$data=array("username1"=>array("url"=>"main.php","password"=>"password1"),
"username2"=>array("url"=>"someotherfile.php","password"=>"password2"));
$data[$_POST['username']]['url']

if($data[$_POST['username']]['password'] == $_POST['password']) {
// the username and password match,
// set the session
// the username and password match,
// set the session
$_SESSION['username'] = $_POST['username'];

// after login we move to the main page
header('Location: '.$data[$_POST['username']]['url']);
exit;
} else {
$errorMessage = 'Sorry, wrong username / password';
}
}
?>

<html>
<head>
<title>Basic Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>

<?php
if ($errorMessage != '') {
?>
<p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p>
<?php
}
?>
<form action="" method="post" name="frmLogin" id="frmLogin">
<table width="400" border="1" align="center" cellpadding="2" cellspacing="2">
<tr>
<td width="150">User Id</td>
<td><input name="txtUserId" type="text" id="txtUserId"></td>
</tr>
<tr>
<td width="150">Password</td>
<td><input name="txtPassword" type="password" id="txtPassword"></td>
</tr>
<tr>
<td width="150">&nbsp;</td>
<td><input name="btnLogin" type="submit" id="btnLogin" value="Login"></td>
</tr>
</table>
</form>

</body>
</html>


main.php

<?php
// start the session
session_start();

// is the one accessing this page logged in or not?
if ($_SESSION['username'] != "whoever users page this is") {
// not logged in, move to login page
header('Location: login.php');
exit;
}

?>
<html>
<head>
<title>Main User Page</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>

<p>This is the main application page. You are free to play around here since you are an autenthicated user :-) </p>
<p>&nbsp;</p>
<p><a href="logout.php">Logout</a></p>

</body>
</html>


logout.php

<?php
// start the session
session_start();

// if the user is logged in, unset the session
if (isset($_SESSION['username'])) {
unset($_SESSION['username']);
}

// now that the user is logged out,
// go to login page
header('Location: login.php');
?>

syntax error????

$data = $data[$_POST['username']]['url'] ;

---^--^--------------------------------^

hmmm...i tried that and it got rid of the error but it wouldn't even render the form on the page.

more syntax errors.

}
} <-------------extra? perhaps
?>

heh..sorry, i actually picked that up myself with the last round. forgot to mention it...yea, still won't render form on page.

more syntax errors.
copy and paste current code for first page.

You not going to see anything on that page, it just redirects, anyway.

<?php
// start the session
session_start();

$errorMessage = '';

$data=array("username1"=>array("url"=>"somefile.php","password"=>"password1"),
"username2"=>array("url"=>"someotherfile.php","password"=>"password2"));
$data = $data[$_POST['username']]['url'];

if($data[$_POST['username']]['password'] == $_POST['password']) {
// the username and password match,
// set the session
// the username and password match,
// set the session
$_SESSION['username'] = $_POST['username'];

// after login we move to the main page
header('Location: '.$data[$_POST['username']]['url']);
exit;
} else {
$errorMessage = 'Sorry, wrong username / password';
}
?>

<html>
<head>
<title>Basic Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>

<?php
if ($errorMessage != '') {
?>
<p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p>
<?php
}
?>
<form action="" method="post" name="frmLogin" id="frmLogin">
<table width="400" border="1" align="center" cellpadding="2" cellspacing="2">
<tr>
<td width="150">User Id</td>
<td><input name="txtUserId" type="text" id="txtUserId"></td>
</tr>
<tr>
<td width="150">Password</td>
<td><input name="txtPassword" type="password" id="txtPassword"></td>
</tr>
<tr>
<td width="150">&nbsp;</td>
<td><input name="btnLogin" type="submit" id="btnLogin" value="Login"></td>
</tr>
</table>
</form>

</body>
</html>

when there is no input (i think) this statement evaluate to true

if($data[$_POST['username']]['password'] == $_POST['password'])
//if ("" == "" )

Also, delete this statement: $data = $data[$_POST['username']]['url'];

Error page displayed here:
<?php
// start the session
session_start();

$errorMessage = '';

$data=array("username1"=>array("url"=>"somefile.php","password"=>"password1"),
"username2"=>array("url"=>"someotherfile.php","password"=>"password2"));

//$data = $data[$_POST['username']]['url'];

if($data[$_POST['username']]['password'] == 16) {
// the username and password match,
// set the session
// the username and password match,
// set the session
$_SESSION['username'] = $_POST['username'];

// after login we move to the main page
//header('Location: '.$data[$_POST['username']]['url']);
echo $data[$_POST['username']]['password'];
exit;
} else {
$errorMessage = 'Sorry, wrong username / password';
}
?>

<html>
<head>
<title>Basic Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>

<?php
if ($errorMessage != '') {
?>
<p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p>
<?php
}
?>
<form action="" method="post" name="frmLogin" id="frmLogin">
<table width="400" border="1" align="center" cellpadding="2" cellspacing="2">
<tr>
<td width="150">User Id</td>
<td><input name="txtUserId" type="text" id="txtUserId"></td>
</tr>
<tr>
<td width="150">Password</td>
<td><input name="txtPassword" type="password" id="txtPassword"></td>
</tr>
<tr>
<td width="150">&nbsp;</td>
<td><input name="btnLogin" type="submit" id="btnLogin" value="Login"></td>
</tr>
</table>
</form>

</body>
</html>
Inconclusion, I just wouldn't do it the way you have it.

<?php
// start the session
session_start();

$errorMessage = '';

$data=array("username1"=>array("url"=>"somefile.php","password"=>"password1"),
"username2"=>array("url"=>"someotherfile.php","password"=>"password2"));

if(isset($_POST['username']) && isset($_POST['password'])) {
if($data[$_POST['username']]['password'] == $_POST['password']) {
$_SESSION['username'] = $_POST['username'];
// insert your header here..........
} else {
logIn();
}
} else {
logIn();
}
?>

<?php
function logIn() {
?>
<html>
<head>
<title>Basic Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>

<p align="center"><strong><font color="#990000"></font></strong></p>

<form action="" method="post" name="frmLogin" id="frmLogin">
<table width="400" border="1" align="center" cellpadding="2" cellspacing="2">
<tr>
<td width="150">User Id</td>
<td><input name="txtUserId" type="text" id="txtUserId"></td>
</tr>
<tr>
<td width="150">Password</td>
<td><input name="txtPassword" type="password" id="txtPassword"></td>
</tr>
<tr>
<td width="150">&nbsp;</td>
<td><input name="btnLogin" type="submit" id="btnLogin" value="Login"></td>
</tr>
</table>
</form>

</body>
</html>
<?php
}
?>

i can't seem to get this working. how can 3 php files be so difficult 4me? :confused:

The code I gave you works for me.

What seems to be the problem now?

If time willing, later tonite I will make you all 3 php files.

LOGIN PAGE:

<?php
session_start();

$data=array("username1"=>array("url"=>"somefile.php","password"=>"password1"),
"username2"=>array("url"=>"someotherfile.php","password"=>"password2"));

if(isset($_POST['username']) && isset($_POST['password'])) {
if($data[$_POST['username']]['password'] == $_POST['password']) {
$_SESSION['username'] = $_POST['username'] . " " . $_POST['password'];
header('Location: ' . $data[$_POST['username']]['url']);
} else {
echo "Wrong user name or password. <br>";
logIn();
}
} else {
logIn();
}
?>

<?php
function logIn() {
?>
<html>
<head>
<title>Basic Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>

<p align="center"><strong><font color="#990000"></font></strong></p>

<form action="" method="post" name="frmLogin" id="frmLogin">
<table width="400" border="1" align="center" cellpadding="2" cellspacing="2">
<tr>
<td width="150">User Id</td>
<td><input name="username" type="text"></td>
</tr>
<tr>
<td width="150">Password</td>
<td><input name="password" type="password"></td>
</tr>
<tr>
<td width="150">&nbsp;</td>
<td><input name="btnLogin" type="submit" id="btnLogin" value="Login"></td>
</tr>
</table>
</form>

</body>
</html>
<?php
}
?>

somefile.php

<?php

// is the one accessing this page logged in or not?
if ($_SESSION['username'] != "username1 password1") {
// not logged in, move to login page
header('Location: login.php');
exit;
}

?>
<html>
<head>
<title>Main User Page</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>

<p>This is the main application page. You are free to play around here since you are an autenthicated user :-) </p>
<p>&nbsp;</p>
<p><a href="logout.php">Logout</a></p>

</body>
</html>

Thanks...hey, can u post a working example of this? whenever i try to login it accepts the correct password but doesn't redirect me anywhere...

username1 password1

this is the only one what works. You can script the rest. Just change the one line in "somefile.php"

I figured it out. I was missing session_start(); on the someuser.php page. It seems to be working now. Thx for your help. :)

How would I change echo "Wrong user name or password. <br>"; to be something that actually renders within the HTML body in a specified place? Also, since i'm not using a Database, would it help security to encrypt the passwords? And if so, how do I do this?

You need to find a php tutorial, man. I think that would help you a lot. Also, learn to use the php manuel.

md5(password);
else {
function htmlPage;
}

so in this line...


$data=array("user1"=>array("url"=>"file.php","password"=>"pass1"));


i would change it to...


$data=array("user1"=>array("url"=>"file.php","password"=>md5("pass1")));


or would I just enter in the encrypted hash string?

and then on the redirected page...


if ($_SESSION['username'] != "user1 pass1") {


what would that become?

heh...i just ordered a PHP book from peachpit press off amazon. Should come after the holidays. How do I use the php manual?

heh...i just ordered a PHP book from peachpit press off amazon. Should come after the holidays. How do I use the php manual?
http://www.php.net/manual/en/

start with the basics. then look up specific functions that you need to use.