Power By 专否社区

password protection to URL

Go To StackoverFlow.com

0

I've a website and its access should be restricted.
So, on entering the page, before page load we should restrict the access with three fields i.e., username and password of client and specific password for that page, these three were created by me and are stored in a database.

I've basic knowledge of Javascript and PHP.

My idea is before the page load, Javascript should get the three field values entered by user and by PHP we have to validate using a database, if the match occurs then page should load if not the access to that page should be denied.

in brief on hitting URL and before page load connection to the database has to be made and user/client entered 3 fields should be taken and be verified with MYSQL database by PHP and on successful authentication page should be displayed.

Please come up with code suggestions. Thanks in advance :)

2012-04-04 06:24
by krishna
is there a question here - NoName 2012-04-04 06:27

2

i have created a function which you may use:

<?php
function login($username,$password,$salt,$db,$table,$usercolumn,$passwordcolumn,$con)
{
    $user=mysql_real_escape_string($username);
    $password=mysql_real_escape_string($password);
    $db=mysql_select_db($db,$con);
    if(!$db)
    {
        return "connection error";  
    }
    else
    {
        $sql="SELECT * FROM `$table` WHERE `$usercolumn`='$user';";
        $enc=$password;

    foreach($salt as $value)
    {
        if($value=="md5")
        {
            $enc=md5($enc);
        }else
        {
            $enc=crypt($enc,$value);
        }
    }
        $resource=mysql_query($sql);
        $row=mysql_fetch_array($resource);
        $passdb=$row[$passwordcolumn];
        if($passdb==$enc)
        {
            $sucess=true;
        }else
        {
            $sucess=false;
        }


    }
    return $sucess;
}
?>

you may use this and if it returns true, that means username and passwords are correct now you have to validate your third option...
to use this function, you just need to call like this after copying that function to a file, if it is named to "logger.php",

<?php
require("logger.php");
$enc=array("salt","md5","differentsalt")//your encryption such as if you have encrypted using 'salt' at first then using md5 hash and again 'differentsalt',then you need to give like i have given

if(login($username,$password,$enc,$db,$table_name,$usercolumn,$passwordcolumn,$con))//$username is the username which user supplied,$password is password user supplied,$enc is the encryption and it must be an array... which is also given above,$db is database name,$table_name is the table where username and encrypted password are stored,$usercolumn is the column name where username are stored, $passwordcolumn is the column where encrypted password are stored, and last $con is the connection identifier, you may have given, $con=mysqli_connect("username","password");
//if all the parameters are supplied correctly, it will check for the username and password matching and you will have to check the third option
{
//now validate your third option here...
//if you are here, that means password and username has matched

}
else
{
//this means username and password didnt matched... so output the error
}
?>

for accepting username and password, you may create a form and ask password there and then submit...

2012-04-04 06:57
by acidburn
Ads