Jump to content

Authentication problem? help

newbe123

By newbe123
in PHP Coding Help

 Share

Recommended Posts

newbe123 Member

newbe123

Posted
Posted

Here I have three different pages. The first can be logged on as admin and you can choose to add entry and visit visitor log. (Do not use MySQL or other databases). All items and visitor log saved to file.

I am using sessions and what I have problem with is a password-protected administration section. (Authentication)

What I'm trying to make is that visitors will be able to see the items, but only admin can log in and only the admin should be able to add entries and visit visitor log.

 

what should I do?

 

 

 

index.php (where I log in with username: admin and pw:123)

<?php
session_start();

if(isset($_POST['LoutBtn']))
{
session_destroy();
}

if(isset($_POST['LoginBtn']))
{


//convert a string to all lower case letters.
//if user gives username with big letters still can login.
$user = strtolower($_POST['username']);
$pass = $_POST['password'];

if($user == 'admin' && $pass == '123')
{

$_SESSION['LogedIn'] = true;
print('Welcome admin');

?>

<table width="50"  align="right"  cellpadding="2" cellspacing="2">

<form method="POST" action="panel.php">
<tr>

<td><input type="submit" value="add post" name="PnlBtn" /></td>
</tr>
</form>

<form method="POST" action="stat.php">
<tr>

<td><input type="submit" name="showstat" value="visitorlog" /></td>
</tr>
</form>

</table>



<?php
     
}
elseif (empty($user) || empty($pass))
         
      
      {
	  print('<font color="#FF0000">Please fill in username and password!<br/></font>');
    
      
      }
	  
elseif ($_POST['username'] != 'admin'){
      
     
      print('<font color="#FF0000">wrong username<br/></font>');
    
      
      }
      
      elseif ($_POST['password'] != '123'){
      
   
      print('<font color="#FF0000">wrong password<br/></font>');

//elseif {

//	print('<font color="#FF0000">The User Name And/Or Password is incorrect!
	//  Please try again...<br/></font>');

//print('<a href="index.php">Back</a>');
}

  }

?>


<?PHP
/* define the blog content file name */
$filename = "myBlogContent.txt";
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>

<form method="post" action="index.php">

<table width="300" border="1" align="right" cellpadding="2" cellspacing="2">
<tr>
<td width="150">UserName:</td>
<td> <input type="text" name="username" size="20" />
</td>
</tr>
<tr>
<td width="150">Password</td>
<td><input type="password" name="password" size="20" /></td>
</tr>
<tr>
<td><input type="submit" value="Login" name="LoginBtn" />
</td>
</tr>
<tr>
<td><input type="submit" value="Logout" name="LoutBtn" /></td>
</tr>
</table>
</form>

<!-- CONTENT DIV -->
<div style="position:absolute; left: 100px; top: 100px; width: 400px;">

<?PHP

/* check to see if the file exists */
if (!file_exists($filename)) {

echo "The Blog Is Empty";

}else{	

/* get the file lines into an array */

$BlogArray = file($filename);

/* count the number of blog entries */	

$count = count($BlogArray);

$i=0;

while($i<$count) {	

$new_array = explode("|", $BlogArray[$i]);

echo "Posted by: " . $new_array[1] . "<br>";

echo "Posted on: " .  date("m/d/y h:iA", time($new_array[0])) . "<br>";

echo 	

"Title: " . $new_array[2] . "<br>";


echo $new_array[3] . "<hr>";


$i ++;


}
}
?>
</div>
</body>
</html>

 

 

 

panel.php (where I can add new items)

 

<?php
session_start();
   


//if(isset($_POST['LoutBtn'])){

	//header ('Location: index.php');
//}

//print('<h1>Welcome admin</h1>');





?>





<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>



<form  action="content.php" method="post">
<table>


<tr><td>Blog entry posted by (Your name): </td><td><input type="text" name="who" size="20" maxlength="20" value=""></td></tr>

<tr><td>Title of this blog entry: </td><td><input type="text" name="title" size="40" maxlength="80" value=""></td></tr>


<tr><td>Content: </td><td><textarea name="content" rows="5" cols="40"></textarea></td></tr>


<tr><td clospan="2"><input type="submit" value="Submit"></td></tr>

<tr><td clospan="2"><input type="submit" name="showstat" value="visitorlog" /></td></tr>

<tr><td clospan="2"><input type="submit" value="Logout" name="LoutBtn" /></td></tr>
</table>







</form>
<a href="index.php">View</a><br>


</body>
</html>

 

 

content.php (Location: panel.php)

 

 

<?PHP
/* obtain the form data */
$who = $_POST['who'];
$title = $_POST['title'];
$content = $_POST['content'];
$content = str_replace(array("\r\n", "\r", "\n"), "<br>", $content); 

/* create timestamp variable for current date and time */
$when_ts = time(); 

/* define the blog content file name */
$filename = "myBlogContent.txt";

/* prepare the variables for adding to the file */

$new_line_content = $when_ts . "|" . $who . "|" . $title . "|" . $content . "\n";

/* open the file in the APPEND MODE */
$fh = fopen($filename, 'a+') or die("can't open file");

/* add the new content */
fwrite($fh, $new_line_content); 

/* close the file */
fclose($fh); 

header("Location: panel.php");
//exit; // Closes further script execution . 
?>

 

 

stat.php (visitorlog)

 

 

<?php
session_start();


if(isset($_POST['home'])){

?>
<p>	<input type="submit" name="home" value="Hem" /></p>
<?php
}
?>
        

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
   
  <form action="index.php" method="post">
<p>	<input type="submit" name="home" value="Hem" /></p>
</form>


<?php

$ipaddress = $_SERVER['REMOTE_ADDR'];
$page = "http://{$_SERVER['HTTP_HOST']}{$_SERVER['PHP_SELF']}"; 
$referrer = $_SERVER['HTTP_REFERER'];
$datetime = mktime();
$useragent = $_SERVER['HTTP_USER_AGENT'];
$remotehost = @getHostByAddr($ipaddress);



?>	

<?php
// Create log line
// Create log line
$logline = $ipaddress . '|' . $referrer . '|' . $datetime . '|' . $useragent . '|' . $remotehost . '|' . $page . "\n"; 
// Write to log file:
$logfile = 'logfile.txt';

// Open the log file in "Append" mode
if (!$handle = fopen($logfile, 'a+')) {
    die("Failed to open log file");
}

// Write $logline to our logfile.
if (fwrite($handle, $logline) === FALSE) {
    die("Failed to write to log file");
}
  
fclose($handle);  

?>
    <?php
// Open log file
$logfile = "logfile.txt";

if (file_exists($logfile)) {
    
    $handle = fopen($logfile, "r");
    $log = fread($handle, filesize($logfile));
    fclose($handle);
} else {
    die ("The log file doesn't exist!");
} 
// Seperate each logline
$log = explode("\n", trim($log)); 
// Seperate each part in each logline
for ($i = 0; $i < count($log); $i++) {
    $log[$i] = trim($log[$i]);
    $log[$i] = explode('|', $log[$i]);
} 

echo count($log) . " people have visited this website.". "<br>" . "<br>";  


?>
    
    <?php
// Show a table of the logfile

//echo 'IP Address'. "<br>" . "<br>";
//echo 'Referrer'. "<br>" . "<br>";
//echo 'Date'. "<br>" . "<br>";
//echo 'Useragent'. "<br>" . "<br>";
//echo 'Remote Host'. "<br>" . "<br>";

foreach ($log as $logline) {

    echo '' . $logline['0'] . "<br>" . "<br>";
    echo '' . urldecode($logline['1']) . "<br>" . "<br>";
    echo '' . date('d/m/Y H:i:s', $logline['2']) . "<br>" . "<br>";
    echo '' . $logline['3'] . "<br>" . "<br>";
    echo '' . $logline['4'] . "<br>" . "<br>";



}


?>

</body>
</html>

 

Link to comment
Share on other sites
requinix Prolific Member

requinix

Posted
Posted

what should I do?

In the session, keep track of whether the person is a logged-in admin. You're doing that already.

Use it to determine whether the user should be given an option to click a link to a page (or whatever), and then on that page use it again to determine if the user should be there.

Link to comment
Share on other sites
newbe123 Member

newbe123

Posted
  • Author
Posted

I have already created the buttons so the admin logs in can see these buttons and get to the pages that only admin should be able to reach. However, the problem is that the admin pages are not protected. So I want no one but the but just admin  should be able to enter visitor log and add entry pages and  if you are not signed in you should be forwarded to the log in page.( index.php)

 

 

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.