phpBB Styles

[DooBDee]

Greetings,

This tutorial will tell you how to username and password a page.

Here is the code. I shall walk you through it.

Code: Select all

<?php
/*   Title: password.php
*   Author: DooBDee
*   Website: http://www.doobdee.net
*   Description: Required a username and password to view certain elements
*/

if ($_POST['submit'])
{

   //   Your Username
   $username_value = '';

   //   Your Password :: Use md5 encryption
   $password_value = '';

   $username = isset($_POST['username']) ? stripslashes($_POST['username']) : '';
   $password = isset($_POST['password']) ? md5(stripslashes($_POST['password'])) : '';

   if ($username === $username_value)
   {
      if ($password === $password_value)
      {
         echo 'Username And Password Correct';   //   Show what you want when log-in is complete
      }
      else
      {
         echo 'Your Username or password is incorrect';   //   Show error message if incorrect
      }
   }
   else
   {
      echo 'Your Username or password is incorrect';   //   Show error message if incorrect
   }
   exit;
}
?>
<html>
<head>
<title>Username and password required for page view</title>
</head>
<body>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" enctype="multipart/form-data">
<p>Enter your username and password:</p>
<input name="username" value="" type="text"><br />
<input name="password" value="" type="password"><br />
<input name="submit" value="View Page" type="submit">
</body>
</html>

When the page loads,

Code: Select all

if ($_POST['submit'])

is ignored as the submit button has not been pressed. Therefore, it misses the whole if() statement and moves to the HTML section below.

Code: Select all

<html>
<head>
<title>Username and password required for page view</title>
</head>
<body>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" enctype="multipart/form-data">
<p>Enter your username and password:</p>
<input name="username" value="" type="text"><br />
<input name="password" value="" type="password"><br />
<input name="submit" value="View Page" type="submit">
</body>
</html>

The form action, namely this part:

Code: Select all

<form action="<?php echo $_SERVER['PHP_SELF']; ?>"

tells the form that when to submit it processes itsef. Which is where the if()statement at the top comes into play.

Firstly it looks at:

Code: Select all

   //   Your Username
   $username_value = '';

   //   Your Password :: Use md5 encryption
   $password_value = '';

And set it to those variables. To get md5 encryption for a password, go to this site: http://pajhome.org.uk/crypt/md5/

The script then goes on to set the data filled out by the form to a variable, using stripslashes and isset and md5 for the password as shown below:

Code: Select all

   $username = isset($_POST['username']) ? stripslashes($_POST['username']) : '';
   $password = isset($_POST['password']) ? md5(stripslashes($_POST['password'])) : '';

Once this has been done, it compares the username and the username value and compares them if the two values are equal in both value and data type. (notice the ===).

Code: Select all

   if ($username === $username_value)

If this is true, it then goes on to compare password and password value, once again using ===.

Code: Select all

      if ($password === $password_value)

If this turns out to be true, it displays the data you want to be hidden. In this case:

Code: Select all

         echo "Username And Password Correct";   //   Show what you want when log-in is complete

If the second if() statment is returned false it gives the error. If the first if() statment is false it returns an error, therefore the only way of getting the page to show contents is to get both correct (username and password). The exit; command tells the script to stop running after login has been pressed.

I hope this has been helpful.

Kind regards,

DoobDee

[Phantom]

Code: Select all

code not needed anymore ...

Very well written tutorial. Just one thing, on line 20, I would recommend making $username a post value, $_POST['username']. This isn't crucial, but I would recommend it nonetheless. Good job.

[DooBDee]

Greetings,

I made a typo in my first post. Thanks for pointing out.

I have ammended it, if yuo scroll up. (line 17)

I tried to make it as easy for people as possible.

[X_SD_X]

on line 17 you need a ' after the first username

also, is there a way to convert from md5 encryption back to text?

[DooBDee]

Thanks. Fixed typo. Also I updated code slightly.

md5() is one way hash encryption so therefore you can not unhash an md5()

[X_SD_X]

aaah ok thanks

[DooBDee]

[quote user="X_SD_X" post="72968"]aaah ok thanks[/quote]

This is the method used for storing passwords in phpBB, it therefore made sense to use same method. There are other encryption types which are reversable, but once somebody gets hold of hash it wont be secure.

[X_SD_X]

good point

[dede1963]

is this info for retrieving forgotten username and passwords ? and is this the procedure to use if this is the case? where do i access this procedure so that i can perform this action?

[wicho7]

I do all you mark but i hava a question, if I use this to direct a php page and when use the direct link for that page ( an example: mydomain/folder/archive.php ) it is redirected for the login page and cannot enter if i dont give the correct nick and password, sorry if I dont explain well but I speak spanish and some english but thanks for the person who reply this