SitePoint Sponsor

User Tag List

Results 1 to 21 of 21
  1. #1
    SitePoint Evangelist kooshin.com's Avatar
    Join Date
    Dec 2003
    Location
    http://kooshin.com
    Posts
    505
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Password Protection

    hello guys.

    I have a question. I was wondering if it is possible to create a form where the person can enter a username/password then be directed to the right folder. I mean the same cPanel folder protection but in a form way.


    you enter a password and username into a form , if they are valid then you are redirected to the protected folder. With the ability to use many different users and passwords as well as folders.


    thanks in advance.

  2. #2
    SitePoint Evangelist BJ Duncan's Avatar
    Join Date
    Jun 2007
    Location
    North Richmond
    Posts
    495
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Not sure if I understand the question entirely correctly but hope I am on the right track with this response:

    PHP Code:
    if (isset($_POST['submit'])) {
    $user $_POST['user'];
    $password $_POST['password'];

    # connect to database and see if user and password exists
    $query "SELECT userID FROM table WHERE userName = $user AND userPassword = $password";

    # run the query
    $result mysql_query($query);

    # this will create a numeric value of either 0 or 1. 
    # 0 if user not found
    # 1 if user found
    $userFound mysql_num_rows($result)

    # the redirection
       
    if ($userFound == 1) {
          
    # if all credentials are met, then access given
          
    header ("Location: ../cPanel/index.php");
          exit();
       } else {
          
    # otherwise, place a message that an error has occured within the script
          
    $message "Incorrect details entered, please try again";
       }

    Regards,
    BJ Duncan

  3. #3
    hi galen's Avatar
    Join Date
    Jan 2006
    Location
    New Haven, CT
    Posts
    1,228
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    When they are redirected what do they see? A directory listing?

    You don't have to physically redirect them to a folder you can just use their credentials to access their respective folder.

  4. #4
    Theoretical Physics Student bronze trophy Jake Arkinstall's Avatar
    Join Date
    May 2006
    Location
    Lancaster University, UK
    Posts
    7,062
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    So, you want people to be able to login, and it redirects them to their assigned folder?

    Well, first create a database table called folder_auth. In this, have these columns:
    Code:
    ID | Username | Password | Folder
    Assign the user with a username and password, with their folder, all in the folder_auth table.

    Then, allow the user to login and set a session for their folder. Redirect them to this folder, and in the auth check if this is their right folder. If not, redirect them to a false page, else allow them to access it.

    Similar to BJ Duncan's approach, however this will allow each user to have a specified folder.
    Jake Arkinstall
    "Sometimes you don't need to reinvent the wheel;
    Sometimes its enough to make that wheel more rounded"-Molona

  5. #5
    hi galen's Avatar
    Join Date
    Jan 2006
    Location
    New Haven, CT
    Posts
    1,228
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    There's really no point in actually redirecting them to a folder. Only reason i can see is to maybe get a directory listing, but then anyone could access that unless you put htacccess auth on it and that's not what he wants. You can do directory listings with php but then why even redirect them, that would be pointless. Unless you want users to "feel" like they are in their own directory. Even then i would use 1 script for all users and htaccess everything to that script.

    If im confused let me know, it happens often.

  6. #6
    SitePoint Evangelist kooshin.com's Avatar
    Join Date
    Dec 2003
    Location
    http://kooshin.com
    Posts
    505
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    hi guys thanks for all the answers. To make it a little bit clear is that in cpanel you can password protect a certain folder like

    sitename.com/foldername

    so if you go to sitename.com/foldername , it displays a box which asks you to enter a valid username and password. So instead of having to dispaly that box I would like to have just a normal form with a username and password field.

    So I go to the cpanel section and do the protection from there. Then the user can use the form on the site to enter a username and password so if they are right he is then redirected to the folder which I protected through the cpanel.

    Hope that is clear, ,

    thanks again for your great answer. I will see what is the best method and choose.

  7. #7
    hi galen's Avatar
    Join Date
    Jan 2006
    Location
    New Haven, CT
    Posts
    1,228
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I don't know if it's possible to send data from php to an htaccess based login. I'll look around.

  8. #8
    SitePoint Addict dbr's Avatar
    Join Date
    Aug 2006
    Location
    Tucked away in the mountains...
    Posts
    228
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Good Question

    Quote Originally Posted by kooshin.com View Post
    hi guys thanks for all the answers. To make it a little bit clear is that in cpanel you can password protect a certain folder like

    sitename.com/foldername
    That is a good question. I wish I knew the answer. I have some folders like that which I usually use when something is in the process of being developed. Once it is complete I remove the password protection. But, if there was a way user's could login and be redirected with the right username and password passed so they wouldn't have to encounter that second gauntlet would be pretty cool.

    However, it seems like if you simply had a script that checked for proper login credentials on the index page and other pages linked you would accomplish the same thing without needing to have the folder password protected. Unless I'm missing something.

    I hope you find a satisfactory solution.
    "Three components make an entrepreneur:
    the person, the idea, and the resources to make it happen."
    Anita Roddick ~British entrepreneur
    dbr founder of: ProximityCast.com

  9. #9
    SitePoint Evangelist kooshin.com's Avatar
    Join Date
    Dec 2003
    Location
    http://kooshin.com
    Posts
    505
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks I'm still looking around but incase i find a good solution then I will let you know.

  10. #10
    SitePoint Guru rageh's Avatar
    Join Date
    Apr 2006
    Location
    London, Formerly Somalia
    Posts
    612
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by kooshin.com View Post
    if you go to sitename.com/foldername , it displays a box which asks you to enter a valid username and password. So instead of having to dispaly that box I would like to have just a normal form with a username and password field.

    So I go to the cpanel section and do the protection from there. Then the user can use the form on the site to enter a username and password so if they are right he is then redirected to the folder which I protected through the cpanel.
    I don't think that is possible. Do a bit if googling and see what it comes up with. But it is impossible task to achieve. I think.
    Last edited by rageh; Nov 11, 2007 at 11:06. Reason: stupid spelling
    ------------------

  11. #11
    Theoretical Physics Student bronze trophy Jake Arkinstall's Avatar
    Join Date
    May 2006
    Location
    Lancaster University, UK
    Posts
    7,062
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    I think it would be better to construct the system in PHP, without using .htaccess logins etc.

    Off Topic:

    But it is impossible task to achieve. I think
    Kinda goes against ur sig there, rageh.
    Jake Arkinstall
    "Sometimes you don't need to reinvent the wheel;
    Sometimes its enough to make that wheel more rounded"-Molona

  12. #12
    SitePoint Evangelist catweasel's Avatar
    Join Date
    Apr 2007
    Location
    Goldfields, VIC, Australia
    Posts
    518
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    sure it's possible.. make your secure folder in cpanel.. create a basic login form somewhere with user and pass fields, point that form to a login script that has this in it -
    PHP Code:
    $user $_POST['user'];
    $pass $_POST['pass'];
    header ("Location: http://$user:$pass@myserver.com/mysecurefolder/"); 

  13. #13
    SitePoint Guru rageh's Avatar
    Join Date
    Apr 2006
    Location
    London, Formerly Somalia
    Posts
    612
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by arkinstall View Post
    I think it would be better to construct the system in PHP, without using .htaccess logins etc.

    Off Topic:

    Kinda goes against ur sig there, rageh.
    Well, nobody can do the impossible. Can they? The guy is not talking about traditional login system either with .htaccess or without. He wants the users to be prompted to login based on few clicks he makes in the cpanel. In other words, the system is to let some users to get access to a particular folder while others will have to login to view the very same folder based on the way he sets up his cpanel.

    This is not database-based login system as you can gather. So the question is how can the system recognize one user from another before it lets or denies them access to that folder? I do not know how such system would be developed and would love to know it is possible.

    By employing .htaccess, one might achieve something similar but not when the site admin wants to control things from cpanel. That is the complicating factor.
    Last edited by rageh; Nov 11, 2007 at 15:46. Reason: spell
    ------------------

  14. #14
    SitePoint Guru rageh's Avatar
    Join Date
    Apr 2006
    Location
    London, Formerly Somalia
    Posts
    612
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by catweasel View Post
    sure it's possible.. make your secure folder in cpanel.. create a basic login form somewhere with user and pass fields, point that form to a login script that has this in it -
    PHP Code:
    $user $_POST['user'];
    $pass $_POST['pass'];
    header ("Location: http://$user:$pass@myserver.com/mysecurefolder/"); 
    That means the form is presented each time someone tries to access the folder. Right or wrong? I think the poster wants that some users are not prompted to login at all. While others will have to. So whether the user will see the form or not depends on if he is the chosen one or not, if that makes sense.
    ------------------

  15. #15
    SitePoint Evangelist catweasel's Avatar
    Join Date
    Apr 2007
    Location
    Goldfields, VIC, Australia
    Posts
    518
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by rageh View Post
    I think the poster wants that some users are not prompted to login at all. While others will have to.
    I can't see where the OP has requested any such thing. He simply states he wants a form based login rather than the typical htaccess prompt based login, but still be able to configure which directories are protected from cpanel.

  16. #16
    hi galen's Avatar
    Join Date
    Jan 2006
    Location
    New Haven, CT
    Posts
    1,228
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    correct me if i'm wrong but the cpanel protects directories using .htaccess right?

  17. #17
    SitePoint Evangelist catweasel's Avatar
    Join Date
    Apr 2007
    Location
    Goldfields, VIC, Australia
    Posts
    518
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by galen View Post
    correct me if i'm wrong but the cpanel protects directories using .htaccess right?
    correct.. I think (never used it myself)

  18. #18
    hi galen's Avatar
    Join Date
    Jan 2006
    Location
    New Haven, CT
    Posts
    1,228
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Code:
    http://user:password@domain.com
    worked for me in firefox (with a confirmation dialogue) but not in internet explorer.

  19. #19
    SitePoint Wizard wonshikee's Avatar
    Join Date
    Jan 2007
    Posts
    1,223
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    This is not a likely solution, because when you use cPanel directory protection, it's creating what's called a .htaccess file that uses browser login. PHP won't be reachable until you enter the right credentials.

    If you want a custom "login" page, you will have to ditch the cPanel option and create your own.

    It is quite easy to do, and less work than cPanel actually.

  20. #20
    SitePoint Evangelist catweasel's Avatar
    Join Date
    Apr 2007
    Location
    Goldfields, VIC, Australia
    Posts
    518
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    No it works like this -

    directory / file structure..
    Code:
    /loginForm.php              <-- html login form + form processing script
    /securedirectory/.htaccess  <-- can't get into this dir without user/pass
    /securedirectory/file1
    /securedirectory/file2
    /securedirectory/file3
    ...
    Loginform.php
    PHP Code:
    <?php
    if (!empty($_POST)) {
        
    $user $_POST['user']; 
        
    $pass $_POST['pass']; 
        
    header ("Location: http://$user:$pass@myserver.com/securedirectory/");
    }
    ?>
    <html>
    <body>
    <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
    <input type='text' name='user'><br>
    <input type='password' name='pass'><br>
    <input type='submit' value='go'>
    </form>
    </body>
    </html>
    Thus you can use php to log you into a .htaccess protected directory.

    This is a very rough example.. you could do as Arkinstall suggested and keep a database table of which folders users have access to.. or just dynamically create folders from people's usernames etc

  21. #21
    SitePoint Evangelist kooshin.com's Avatar
    Join Date
    Dec 2003
    Location
    http://kooshin.com
    Posts
    505
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    hi , thanks for all the answers. I am yet to try them as I had no time for them but for sure will try them.

    The whole point is getting rid of the dialog box that is displayed when you for example go to sitename/folder. Normally when I'm making a website for someone I send them a url and username and password to track the project like
    www.mysitename.com/clients/client-web-site-name/

    so Instead of sending that url to the client I just want to go to cpanel , Password protect the
    www.mysitename.com/clients/client-web-site-name/ directory then the client can go to www.mysitename.com and on the front page he/she will see a form with two fields. A username field and a password field so if the username and password match the username and password which I gave access to
    www.mysitename.com/clients/client-web-site-name/ then it redirects him/her to
    www.mysitename.com/clients/client-web-site-name/ .

    Easier said than done I guess

    I know it is a complicated one to do but since there are a lot of smart people around I wanted to see the answers

    Thanks again.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •