beginner needs help! - PHP-Editors

muma · #1 (**permalink**) 2004-11-19, 09:30 AM

Hi!
I am just approaching php, and I can't find a basic information

Suppose I have a true/false condition in my php program: I'd like to evaluate it and make local browser display different pages (i.e. 'true.html' or 'false.html'). How can I do?
Next, I'd like to keep these pages in a non-exposed area of my server...
I know that Apache (i'm using ver. 2.0.52) can manage authentication, but I would prefer solving the problem directly with php.
Thanks a lot,
Muma

CYBER_Aeon · #2 (**permalink**) 2004-11-19, 01:09 PM

Well, On a properly configured server, the PHP code is never accessable to the visitor - So keeping the 'bounce' pages in an accessable directory is not only pretty secure, its also the easiest way for you to work it.

PHP Syntax is very much like C, so it's pretty simple to pick up. For an example, let's just say you wanted to do it randomly. I know you don't, but it seems like the simplest example I can whip up.

Code:

<?php
if ( rand(1, 2) == 2 )
{
  header("location: false.html");
}
else
{
  header("location: true.html");
}
?>

That will cause a 50/50 chance to get redirected to one of those pages. The HEADER Command modifies the headers Apache (or whatever webserver you use) sends back to the client. When you set the location argument, you turn the whole page into a redirect. None of this code can be seen by the user access the page - In fact, all they should get back is a set of headers.

You might want to Google for some 'Introduction to PHP' tutorials or something similar. Or check out a 'PHP for Dummies' book from your local library - It gives you a real good start, and you should be able to jump right from there into php.net for more information.

CYBER_Aeon · #3 (**permalink**) 2004-11-19, 01:14 PM

My apologies, you mentioned you wanted to check it for local browsers. The best way I can think of doing that is by IP address. I'll show you a slightly more complicated script for this, but i'll put comments in it:
(The // are comments)

Code:

<?php
//
// Secure Access Script
//

// Build an array of the legal IP addresses for access
// Change these to whatever you need, or add more. Your choice.
$Allow = array( "127.0.0.1", "127.0.0.1" );

// Fetch the clients IP and store it in MyIP
$MyIP = $_SERVER['REMOTE_ADDR'];

// Is the IP in the Allowed list? If so, kick them to TRUE.HTML
if ( in_array( $MyIP, $Allow ) )
{
  header( "location: true.html" );
}
else
{
  // Otherwise, take them to false.html
  header( "location: false.html" );
}
?>

There. That's a pretty simple solution to the problem. It's not solve all, no would I probably implement this for anything, but that isn't to say that it's not reliable or functional. This might serve your purpose just fine.

strasm · #4 (**permalink**) 2004-12-06, 12:05 AM

I am sure that you have already found a tutorial to show you have to 'log people in' with php. But just in case you haven't or someone else needs some help here is the basics of it.

First you need to create a table to hold all of your users, you need at least these fields:
CREATE TABLE `users` (
`username` varchar(50) NOT NULL default '',
`password` varchar(32) NOT NULL default '',
PRIMARY KEY (`username`)
) ;

When you insert users into your table make sure to md5() the password. This will put the user's password into a string 32 characters long. We wont be able to decrypt it, but we will md5 the password they use later and see if the two hashes match.

Now write a script to test their username and password. It may be something like this (though there are many ways to write it):

$password = md5($_POST[password]);
$username = $_POST[username];

// connect to database
include "../connectionstring.php";

$query = "SELECT username, password FROM users WHERE username = '$username'";
$data = mysql_query($query);
$row = mysql_fetch_array($data);

if($data && $row[password] == $password){
$_SESSION[username] = $username;
header( "location: true.php" );
}else{
// send them back, log in failed
header( "location: false.php" );
}

Now, what you are going to want to do is check to see if the session varible is set in each secure page. You MUST check before you echo or print anything on that page.

so in true.php do something like this:

<?
session_start();

if (!$_SESSION[username]){
header( "location: login.php" );
}
?>
<html>
hello world
</html>

So, this is really just a rough overview of the things you will have to do. It is not very difficult, but there are some steps involved in it.



Sponsored by NuSphere - PHP Software for PHP Application Developers - On Sale This Week for $100