[PHP] Re: Password Protection
Kevin Javia wrote:
I am experimenting on my site and I want to make it password protected like
www.realsolution.com.
If any one enters correct user name and password, only then they will be
able to enter into my site.
How can I do that in PHP?
Any ideas? Thanks a ton in advance.
Try this:
function authenticate() {
header('WWW-authenticate: basic realm=My protected area');
header('HTTP/1.0 401 Unauthorized');
print 'Please use a correct login!';
exit;
}
function authorize() {
if( (!isset($_SERVER['PHP_AUTH_USER']))
or ($_SERVER['PHP_AUTH_USER'] == '') ) {
authenticate();
}
else {
$login = strtolower($_SERVER['PHP_AUTH_USER']);
$passwd = $_SERVER['PHP_AUTH_PW'];
if (.) { // check $login and $passwd against the list of
authorized users
return true;
}
else {
authenticate();
}
}
return false;
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Password Protection
Thank you people. Kevin Javia [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I am experimenting on my site and I want to make it password protected like www.realsolution.com. If any one enters correct user name and password, only then they will be able to enter into my site. How can I do that in PHP? Any ideas? Thanks a ton in advance. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: password protection/encryption
Chris Mach wrote: Greetings, I'm working on a project that involves a password protected area of a website. Some one also involved brought up the point that this area should be secure (Whit the lock icon indicating it is encrypted). In this particular project the password protected area will be a quote generating system for a company. Users would log in and choose the products they are interested in purchasing and the site would generate a quote depending on what they selected from the list of products. So my question is.. At what point is encryption necessary? I've always thought encryption was only needed when dealing with stuff like credit card information, am I wrong? if you are sending passwords over the internet, then they can be sniffed in transit, it depends on how paranoid / how important the information is. Unless you encrypt them before sending (client side), but this is quite complicated You probably should just use https to do the encryption, it works the same as normal, the HTTP layer deals with all the encryption for you How secure is a password protected page done with just PHP? over http, with no encryption - not very secure over https - as secure as anything is on the internet Thanks Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: password protection/encryption
Some questions to ask yourself... 1. Am I storing personally identifiable information (eg. Names, addresses, phone numbers, email addresses, credit card data)? 2. Will this data be stored in a text file or database? 3. Is this text file or database directly connected to the internet? 4. What type of data am I trying to protect? Answer these questions and you will know if you need to use public/private key encryption technology in your application. You are currently interested (from your post) in encrypting the data link layer of your website using SSL (Secure Socket Layer). The SSL or lock icon as you pointed out only encrypts data in a streaming manner (eg. when I click the submit button my username / password combination gets passed to the SSL protocol and wrapped in a layer of encryption to be decoded on the server). If you are storing data in a text file / database that would be a yes answer to the 4 quesitons listed above I would recommend using some sort of public / private key encrytion. PHP has several encryption functions for your use and links are listed below. When in doubt consult the manual at php.net. http://us4.php.net/manual/en/function.base64-encode.php http://us4.php.net/manual/en/function.base64-decode.php http://us4.php.net/manual/en/function.crypt.php http://us4.php.net/manual/en/ref.mcrypt.php Also a great recommendation... google.com is your friend you can find all sorts of good tips locating information on various encryption techniques and definitions. A great primer on public / private encrytion vs. one-way encryption can be found here... http://www.webopedia.com/TERM/e/encryption.html This site gives you basics of encryption and how it works. http://computer.howstuffworks.com/encryption.htm SSL information can be found here. http://www.webopedia.com/TERM/S/SSL.html Hope this helps Jas Chris Mach wrote: Greetings, I'm working on a project that involves a password protected area of a website. Some one also involved brought up the point that this area should be secure (Whit the lock icon indicating it is encrypted). In this particular project the password protected area will be a quote generating system for a company. Users would log in and choose the products they are interested in purchasing and the site would generate a quote depending on what they selected from the list of products. So my question is.. At what point is encryption necessary? I've always thought encryption was only needed when dealing with stuff like credit card information, am I wrong? How secure is a password protected page done with just PHP? Thanks Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
