[PHP] Password Protecting a page and email notification

2008-06-17 Thread R.C. 
I'm going to ask you PHP gurus if someone can give me a hand in trying to
get this resolved.  I'm fairly new to PHP and learning as I go.

I've got two page login.php and video.php.  Video.php is supposed to be
protected i.e. if someone clicks on the direct link or brings up the page in
a browser, it comes back with an error message and a request to link to
login.php... they type in their username/pasword and it opens up the
video.php so they can download videos.

I actually managed to accomplish that with the following code which sits at
the top of video.php.  I also created a form on login.php for user input.
So far so good.  However, we also need an email to be sent to the site owner
when someone logs in plus their name.  For the hell of me, I can't figure
out how to combine the two elements.  I tried a lot of things sofar, but
nothing works.  It's either the page gets protected OR the email gets sent,
depending on what I leave in the script. I tried using part of Jenny's
script which is great for email forms but I can't combine this whole thing.
Hlp!!

/*this is the code that sits at the top of the protected page* which works
actually fine for the protection*/
?php
session_start();

 $_SESSION ['username'] = $_POST ['user'];
 $_SESSION ['userpass'] = $_POST ['pass'];
 $_Session ['authuser'] = 0;

 if (($_SESSION['username'] == 'logon')  and
($_SESSION['userpass'] == 'password')) {
  $_SESSION['authuser'] = 1;
 } else {
  echo I'm sorry, access is denied br /;
  echo Please log in at  a href='login.php' HERE/a to enter your
Username and Password;
 exit();
 }

Can this be done on one form i.e. login.php?  I have 4 textfields set up:
username, password, email, name (for the person sending the email...)..
some if clause somewhere?

Best
R.C.




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Password Protecting a page and email notification

2008-06-17 Thread Philip Thompson 

On Jun 17, 2008, at 5:33 PM, R.C. wrote:

I'm going to ask you PHP gurus if someone can give me a hand in  
trying to

get this resolved.  I'm fairly new to PHP and learning as I go.

I've got two page login.php and video.php.  Video.php is supposed  
to be
protected i.e. if someone clicks on the direct link or brings up the  
page in
a browser, it comes back with an error message and a request to link  
to

login.php... they type in their username/pasword and it opens up the
video.php so they can download videos.

I actually managed to accomplish that with the following code which  
sits at
the top of video.php.  I also created a form on login.php for user  
input.
So far so good.  However, we also need an email to be sent to the  
site owner
when someone logs in plus their name.  For the hell of me, I can't  
figure
out how to combine the two elements.  I tried a lot of things sofar,  
but
nothing works.  It's either the page gets protected OR the email  
gets sent,

depending on what I leave in the script. I tried using part of Jenny's
script which is great for email forms but I can't combine this whole  
thing.

Hlp!!

/*this is the code that sits at the top of the protected page* which  
works

actually fine for the protection*/
?php
session_start();

$_SESSION ['username'] = $_POST ['user'];
$_SESSION ['userpass'] = $_POST ['pass'];
$_Session ['authuser'] = 0;

if (($_SESSION['username'] == 'logon')  and
   ($_SESSION['userpass'] == 'password')) {
 $_SESSION['authuser'] = 1;
} else {
 echo I'm sorry, access is denied br /;
 echo Please log in at  a href='login.php' HERE/a to enter your
Username and Password;
exit();
}

Can this be done on one form i.e. login.php?  I have 4 textfields  
set up:
username, password, email, name (for the person sending the  
email...)..

some if clause somewhere?

Best
R.C.


I think you're heading the right direction. I'd do something like  
this...


?php
// login.php
session_start();
if (isset ($_POST['confirm'])) {
if ($_POST['user'] != 'logon' || $_POST['pass'] != 'password') {
header (location: login.php?code=i);
exit;
}

$_SESSION['username'] = $_POST['user'];
$_SESSION['userpass'] = $_POST['pass'];
$_SESSION['authuser'] = true;

header (location: video.php);
exit;
} else {
unset ($_SESSION['authuser']);
}
?
html
?php if ($_GET['code'] == 'i') { ?
pInvalid login. Please try again./p
?php } ?
form action=login.php method=post
!-- Other fields here --
input type=hidden name=confirm value=1 /
/form
/html


That's how you can start it. At the top of the login.php page, check  
to see if the form has been submitted/post'ed. If it has, check for  
the correct username and password. If fail, send back to the login  
page with an error code - don't make the user click to go back to the  
login. If success, THEN assign the session variables and redirect to  
the video page.


Just a side note. Maybe this is just an example that you sent us, but  
I would strongly recommend NOT using 'password' as the password. =D If  
each user is going to have his/her own username/password, then I'd use  
a database to store that info - that can be another thread or a search  
of the archives. ;)


Hope that helps.

~Philip

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Fwd: [PHP] Password Protecting a page and email notification

2008-06-17 Thread Philip Thompson 

I forgot about the mail thing...

Begin forwarded message:


From: Philip Thompson [EMAIL PROTECTED]
Date: June 17, 2008 6:52:15 PM CDT
To: PHP-General List php-general@lists.php.net
Subject: Re: [PHP] Password Protecting a page and email notification

On Jun 17, 2008, at 5:33 PM, R.C. wrote:

I'm going to ask you PHP gurus if someone can give me a hand in  
trying to

get this resolved.  I'm fairly new to PHP and learning as I go.

I've got two page login.php and video.php.  Video.php is supposed  
to be
protected i.e. if someone clicks on the direct link or brings up  
the page in
a browser, it comes back with an error message and a request to  
link to
login.php... they type in their username/pasword and it opens up  
the

video.php so they can download videos.

I actually managed to accomplish that with the following code which  
sits at
the top of video.php.  I also created a form on login.php for  
user input.
So far so good.  However, we also need an email to be sent to the  
site owner
when someone logs in plus their name.  For the hell of me, I can't  
figure
out how to combine the two elements.  I tried a lot of things  
sofar, but
nothing works.  It's either the page gets protected OR the email  
gets sent,
depending on what I leave in the script. I tried using part of  
Jenny's
script which is great for email forms but I can't combine this  
whole thing.

Hlp!!

/*this is the code that sits at the top of the protected page*  
which works

actually fine for the protection*/
?php
session_start();

$_SESSION ['username'] = $_POST ['user'];
$_SESSION ['userpass'] = $_POST ['pass'];
$_Session ['authuser'] = 0;

if (($_SESSION['username'] == 'logon')  and
  ($_SESSION['userpass'] == 'password')) {
$_SESSION['authuser'] = 1;
} else {
echo I'm sorry, access is denied br /;
echo Please log in at  a href='login.php' HERE/a to enter your
Username and Password;
exit();
}

Can this be done on one form i.e. login.php?  I have 4 textfields  
set up:
username, password, email, name (for the person sending the  
email...)..

some if clause somewhere?

Best
R.C.


I think you're heading the right direction. I'd do something like  
this...


?php
// login.php
session_start();
if (isset ($_POST['confirm'])) {
   if ($_POST['user'] != 'logon' || $_POST['pass'] != 'password') {
   header (location: login.php?code=i);
   exit;
   }

   $_SESSION['username'] = $_POST['user'];
   $_SESSION['userpass'] = $_POST['pass'];
   $_SESSION['authuser'] = true;


$to = $_POST['user'] .  .$_POST['email'].;
$subject = $_POST['user'] .  logged in;
$message = Whatever you want in here...;
$headers = From: MyCoolSite [EMAIL PROTECTED]\r\n;
$headers .= Cc: Bob the Boss [EMAIL PROTECTED]\r\n;
mail ($to, $subject, $message, $headers);


   header (location: video.php);
   exit;
} else {
   unset ($_SESSION['authuser']);
}
?
html
?php if ($_GET['code'] == 'i') { ?
   pInvalid login. Please try again./p
?php } ?
form action=login.php method=post
   !-- Other fields here --
   input type=hidden name=confirm value=1 /
/form
/html


That's how you can start it. At the top of the login.php page, check  
to see if the form has been submitted/post'ed. If it has, check for  
the correct username and password. If fail, send back to the login  
page with an error code - don't make the user click to go back to  
the login. If success, THEN assign the session variables and  
redirect to the video page.


Just a side note. Maybe this is just an example that you sent us,  
but I would strongly recommend NOT using 'password' as the password.  
=D If each user is going to have his/her own username/password, then  
I'd use a database to store that info - that can be another thread  
or a search of the archives. ;)


Hope that helps.

~Philip


Personally, most of my web applications do not have to factor 13.7  
billion years of space drift in to the calculations, so PHP's rand  
function has been great for me... ~S. Johnson



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php