The "Freeola Customer Forum" forum, which includes Retro Game Reviews, has been archived and is now read-only. You cannot post here or create a new thread or review on this forum.
hiya, i have a members only section in my website which you can (well should) only access by logging in, but i dont understand how i can stop people just typing in the address to the members only page and access the page, I'm new to web design and this may be a silly question with a simple answer, but would one of you be kind enough to educate me please. Many thx in advance.
Page:
Hi Tappet,
The code should replace all of the code you used - you can scrub the whole of the Java script. All you need to do is rename the pages like:
testpage1.php becomes your index.php
testpage2.php becomes auth.php
and testpage3.php becomes your first members page.
If you click the link I provided to my test site and then view the source, you notice you cannot see the User/password details.
Also, if you want to go down the line of MySQL then my advice is bite the bullet and I'll help out where I can.
JTD
The code should replace all of the code you used - you can scrub the whole of the Java script. All you need to do is rename the pages like:
testpage1.php becomes your index.php
testpage2.php becomes auth.php
and testpage3.php becomes your first members page.
If you click the link I provided to my test site and then view the source, you notice you cannot see the User/password details.
Also, if you want to go down the line of MySQL then my advice is bite the bullet and I'll help out where I can.
JTD
hiya jimthedog,
no probs on the delay, only looked tonite to see if i had a reply, many thx for the code, i'll have a crack at it over the weekend and let you know how it goes. i guess the script im using to encript the user details can be inserted in the the php code?
to be honest im new to all this and i'm only using this java script do to a website tell me it was one of the best they had seen and it was very easy to get up and running, i have an editional piece of code, where i type in the users name and password and it encripts it for me and give me a piece of code the i add to the page, ie
i would prefer a SQL powered way of doing this but like i say, i'm still new to all this and that seemed abit to advanced for now, do you know of any good site where i could grab this code and tables for a sql vision?
many thx for your time your've been a big help.
no probs on the delay, only looked tonite to see if i had a reply, many thx for the code, i'll have a crack at it over the weekend and let you know how it goes. i guess the script im using to encript the user details can be inserted in the the php code?
to be honest im new to all this and i'm only using this java script do to a website tell me it was one of the best they had seen and it was very easy to get up and running, i have an editional piece of code, where i type in the users name and password and it encripts it for me and give me a piece of code the i add to the page, ie
i would prefer a SQL powered way of doing this but like i say, i'm still new to all this and that seemed abit to advanced for now, do you know of any good site where i could grab this code and tables for a sql vision?
many thx for your time your've been a big help.
Hi Tappet,
Very sorry for the delay with this - I've been busy with other problems.
By using Java in your original script you're causing problems creating session variables and passing parameters between pages. Seeing as I'm no Java expert (nor any other expert come to that) I've re-written your auth page in php. Pre-quoting passwords and usernames isn't exactly efficent but at least they can't be seen within the php script.
Anyway - try doing this to get you on track:
Create three pages: testpage1.php, testpage2.php and testpage3.php. Copy the following lines in to the relevent page.
testpage1.php
testpage2.php
testpage3.php
I hope this a) works, and b) helps and c) doesn’t appear too clumsy to people who actually know what they are doing.
Click here to see this in action.
JTD
Very sorry for the delay with this - I've been busy with other problems.
By using Java in your original script you're causing problems creating session variables and passing parameters between pages. Seeing as I'm no Java expert (nor any other expert come to that) I've re-written your auth page in php. Pre-quoting passwords and usernames isn't exactly efficent but at least they can't be seen within the php script.
Anyway - try doing this to get you on track:
Create three pages: testpage1.php, testpage2.php and testpage3.php. Copy the following lines in to the relevent page.
testpage1.php
<?php
session_start();
$namesArray = array();
$namesArray["fjhgfhg"] = ""; // if you want a blank line.
$namesArray["AAA"] = "Andrew";
$namesArray["BBB"] = "Barry";
$namesArray["CCC"] = "Charlie";
$_SESSION['namesArray'] = $namesArray;
$result = $_REQUEST['res'];
if ($result == "fail"){$message = "Your login details were not recognised. Please try again.";}
echo $authIt;
?>
<form action="testpage2.php" method="post">
<p>
UserName: <SELECT name="UserName">
<?php foreach ($namesArray as $value) { ?>
<option value='<?php echo"$value";?>'><?php echo "$value";?> </option>
<?php } ?> </SELECT>
</p>
<p>
Password:
<input name="password" type="text" id="password">
<input type="submit" name="Submit" value="Submit">
<input type="hidden" name="names" value="$namesArray[]">
</p>
</form>
<?php echo $message;?>
testpage2.php
<?php
//start a session
session_start();
$namesArray = $_SESSION['namesArray'];
$pwd = $_POST['password'];
$UID = $_POST['UserName'];
if (isset($namesArray[$pwd]) && ($namesArray[$pwd]== $UID))
{$_SESSION['loggedin'] = $UID; $_SESSION['authcode']="OK"; header("location: testpage3.php");} else {
header("location: testpage1.php?res=fail");}
?>
testpage3.php
<!-- add this snippet to the top of every page you want to protect -->
<!-- or alternativly save it as auth.php and use < ?php session_start(); include("auth.php"); ?> at the top of each page -->
<?php
session_start();
if ($_SESSION['authcode']!="OK")
{header("location: testpage1.php");} ?>
<?php
//this should not be included in every page but you can see how you can pass the session variable to all pages once it has been set in the authorisation script.
$loggedin = $_SESSION['loggedin'];
echo "$loggedin is logged in";
?>
I hope this a) works, and b) helps and c) doesn’t appear too clumsy to people who actually know what they are doing.
Click here to see this in action.
JTD
this is my form and script code where i'm having the prob, your code uses username and password, where im using memlist and password
It appears you are using an old browser, as such, some parts of the Freeola and Getdotted site will not work as intended. Using the latest version of your browser, or another browser such as Google Chrome, Mozilla Firefox, or Opera will provide a better, safer browsing experience for you.