12/31/99 "Building a
secure admin area & .htaccess" 
[next]
Making a hardcoded Admin Password gateway using PHP
First you will use a form to pass the $pw variable to the php script. When entering passwords into forms it is a good idea to use the "password" input box instead of the "text" one, so that as you type there are asterisks in place of the input. Something like this will work fine:
The HTML for the above form looks like: <form method="POST" action="example18.php3">Now the php code to check the submitted password versus the hardcoded one is:
<?
$adminpass = "test123";
if ($pw == $adminpass)
{
print("Welcome to the administration area!");
}
else
{
print("Wrong password");
}
?>
If you try example 18 with password test123 it will let you in, otherwise you'll get the wrong password message. As you can see it only takes a few lines of code and this will work on NT or Unix. Additionally, you would enclose the contents of the admin area inside the success portion of the if statement. For those using Unix servers, you also have .htacess available which we'll look at next.
Using .htaccess (UNIX only)
For those who aren't already familiar with .htaccess it is a server side password protection scheme. By uploading a file named .htaccess into a directory you can protect every file in that directory and beneath that directory from unauthorized use. Here's a good way to look at the way .htaccess fundamentally works:
yourdomain.com/root
<-------------- same as typing --->
www.yourdomain.com/
yourdomain.com/root/members <---------- upload .htaccess here
---> www.yourdomain.com/members
yourdomain.com/root/otherdirectory/dir/ <---- UNprotected
--> www.yourdomain.com/otherdirectory/dir/
yourdomain.com/root/members/otherdirectory/ <---- protected
--> www.yourdomain.com/members/otherdirectory
The code inside the .htaccess file you would upload would look like this:
AuthName "Name to display"
AuthType Basic
AuthUserFile /home/usr/www/.htpasswd
AuthGroupFile /dev/null
require valid-user
The AuthUserFile should contain the absolute path to this file above. The .htpasswd file will contain the user id and pw combinations to allow into the admin area. The code inside the .htpasswd file (you can name this file anything you want, though) will contain the username and encrypted password combination in the format
username:encrypted_password
While I know this is a very brief introductory to password protection using .htaccess, there are other resources on the web that can assist you with using .htaccess. Also I can get into .htaccess in more depth if enough people request it.
Public Service Annoucement
This has nothing to do with PHP, but I hope if you are going out tonight and intend on doing any drinking, please choose a designated driver if you going to be on the roads. Too many people get killed on New Year's Eve and because this is the turn of the millenium, there will probably be more. I hope you all have a Happy New Year's Day and I am not sure if I will do a diary entry tomorrow or not, but please check back if you are online :)
Please vote on what you think of this diary lesson :)
[back]
12/31/99 "Building a secure admin area & .htaccess"
[next]
PHP Diary | PHP Housekeeping | PHP Scripts | TD Scripts.com
Copyright 2000 php-scripts.com Last Modified 01/6/00 05:31