Forum FAQForum FAQSearchSearch MemberlistMemberlist Forum ignore listForum ignore list RegisterRegister ProfileProfile Log in to check your private messagesLog in to check your private messages Log inLog in
PHP - autentifikacija korisnika

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    mi3dot.org Forum Index -> Server-side
View previous topic :: View next topic  
Author Message
budha



Joined: 02 Mar 2004
Posts: 1377
Location: Osijek

PostPosted: 12.07.2004 11:31    Post subject: PHP - autentifikacija korisnika Add user to your forum ignore list Reply with quote

Naso sam neku jednostavnu skriptu za autentifikaciju korisnika u PHP-u...
Kod se samo kopi-pejsta u svaki *.php za koji je potrebna autentifikacija...

Code:
<?php
$login = "login";
$password = "pass";

function error ($error_message) {
   echo $error_message."<BR>";
   exit;
}

if ( (!isset($PHP_AUTH_USER)) || ! (($PHP_AUTH_USER == $login) && ( $PHP_AUTH_PW == "$password" )) ) {
   header("WWW-Authenticate: Basic enter=\"Secured Area\"");
   header("HTTP/1.0 401 Unauthorized");
   error("You are not authorized!");
}
?>


O userima, sekjuritiju i sl. nemam pojma Embarassed , pa koliko je ovo sigurno?

_________________
I hate to advocate drugs, alcohol, violence, or insanity to anyone, but they've always worked for me.
Back to top
View user's profile Send private message Visit poster's website
maxy



Joined: 07 Sep 2003
Posts: 894
Location: Zagreb

PostPosted: 12.07.2004 12:02    Post subject: Add user to your forum ignore list Reply with quote

ja tu http autentikaciju nisam koristio nikad i mislim da ona radi tako da ti postavi nekakav kuki or something..
na tvom mjestu bi napravio auth preko sessiona a ne na ovaj nacin.

osim toga, kad pitas "koliko je ovo sigurno" - na sto tocno mislis i sto zapravo trazis od sistema za logiranje/auth korisnika?
daj malkoc vise podataka pa ti mozda sklepamo neku skripticu Smile
Back to top
View user's profile Send private message
silence



Joined: 24 Apr 2004
Posts: 890
Location: .....ni na nebu, ni na zemlji.....

PostPosted: 12.07.2004 12:36    Post subject: Add user to your forum ignore list Reply with quote

kolko sam ja čitao, session je najprikladniji za ovo što tebi treba.
ujedno je i jako zgodan alat za mnoge druge stvari na webu.....tako da možeš ubit dvije muhe jednim udarcem ako se malo posvetiš sessionima.

_________________
This End-User License is an agreement between Microsoft Corporation (hereafter referred to as "Microsoft") and you, the end-user (hereafter referred to as "our bitch").
Back to top
View user's profile Send private message Visit poster's website
budha



Joined: 02 Mar 2004
Posts: 1377
Location: Osijek

PostPosted: 12.07.2004 14:25    Post subject: Add user to your forum ignore list Reply with quote

Ma, radim skriptu za prodaju rabljnih automobila, a klijent ima mogucnost dodavanja, brisanja i uredjivanja vozila. Za to mi sluze 3 file-a, svi *.php unutar foldera /admin. Bitno mi je da ne moze svako doci do ta 3 fajla...

_________________
I hate to advocate drugs, alcohol, violence, or insanity to anyone, but they've always worked for me.
Back to top
View user's profile Send private message Visit poster's website
silence



Joined: 24 Apr 2004
Posts: 890
Location: .....ni na nebu, ni na zemlji.....

PostPosted: 12.07.2004 14:32    Post subject: Add user to your forum ignore list Reply with quote

ček sekundu.
jel hoćeš zaštiti direktorij na serveru ili napravit autentikaciju korisnika koji rade sa admin sučeljem?

kolko znam zaštita direktorija se radi preko .htaccess i .htpasswd
http://wsabstract.com/howto/htaccess.shtml

_________________
This End-User License is an agreement between Microsoft Corporation (hereafter referred to as "Microsoft") and you, the end-user (hereafter referred to as "our bitch").
Back to top
View user's profile Send private message Visit poster's website
maxy



Joined: 07 Sep 2003
Posts: 894
Location: Zagreb

PostPosted: 12.07.2004 14:35    Post subject: Add user to your forum ignore list Reply with quote

eh, zato se radi ovako:

imas jedan file koji ti obradi unos usernamea i passworda i postavlja session - dal je korisnik regan ili ne i ako je u session onda pohranis podatke tipa username, email, dal je admin itd tak da ne moras svako malo cupat podatke iz baze/filea

nakon tog je potrebno file includat u ova 3 fajla ili jednostavnije:

napravit nekakav index.php unutar admina i u njemu vrsit provjeru logiran je/nije logiran te postaviti neku varijablu tipa $logged_on = 'logiran';

onda u ova 3 fajla dodas
if(!$logged_on != 'logiran') {
header('Location: /');
exit;
}

tako isto mozes gledati dal je logiran + dal je admin pa mu skladno s time davati pristup pojedinom fajlu.

meni se ovo cini prilicno jednostavnim za izvesti (ne bi trebao potrosit vise od 30ak minuta na to) a nije bas hakabilno (nadam se) Smile
Back to top
View user's profile Send private message
budha



Joined: 02 Mar 2004
Posts: 1377
Location: Osijek

PostPosted: 12.07.2004 14:37    Post subject: Add user to your forum ignore list Reply with quote

Prva ideja je bila .htaccess, ali sam si na kraju sve bitne varijable za rad skripte izvukao u config.php, izvan public_html ditektorija. Sada unutar same skripte radim njegov include, pa vadim vrijednosti varijabli...

_________________
I hate to advocate drugs, alcohol, violence, or insanity to anyone, but they've always worked for me.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    mi3dot.org Forum Index -> Server-side All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group