- Impact
- 0
Ok, i haev basically copied and pasted an email to someone, cause lots of people seem to want this. here it is:
I dont recomend using this for extremely important info, but it works fine for most things.
Ok, im gonna go through this piece by piece, so bear with me.
Here is your html file:
<HTML>
<HEAD>
<TITLE>index</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
</HEAD>
<BODY LEFTMARGIN=0 TOPMARGIN=0 MARGINWIDTH=0 MARGINHEIGHT=0>
<form method="POST" action="login.php">
<div align="left"><p> </p>
<p> <input type="text" name="user" size="14">Username
</p>
<p> <input type="password" name="pw" size="14">Password
</p>
<p> <input name="submit" type="submit" value="Submit">
</p>
</div></form>
</BODY>
</HTML>
This simply has two input boxes, one for the username, one for the password, and a submit button. The instance names for the boxes are "user" and "pw". These are important. Now, for the PHP script. We will call it login.php, because in the html form, we told the page to go there. We start of by listing the Users and passwords;
<?
$adminuser = "admin";
$testuser = "test";
$adminpass = "admin";
$testpass= "fubar";
This sets the variable adminuser equal to admin, and the same for test. The second lines set the variables adminpass and testpass equal to there values. For each user you get, you will have to go in here and type in a variable for there username and password. This seems tedious, but it really is not. Now for the next part, the real meat of the code, where it checks to see if your username/password combo works.
if ($user == $adminuser&&$pw == $adminpass || $user == $testuser&&$pw == $testpass)
{
print("Welcome to the administration area!");
}
else
{
print("Wrong password");
}
?>
The first line is an IF statement. It mean, if this is true, do this. So, it checks to see of the text entered in the user and password boxes match.
$user == $adminuser&&$pw == $adminpass
this checks if the text is equal to the admin user and pass that you set. the && means and in PHP, so both of those have to be true. the next part:
|| $user == $mehuluser&&$pw == $mehul)
says OR this. the || means OR in php. So it says, if the text entered is equal to this or this, then they are a user. This method is not susceptable to SQL injection, which is a very nice way to hack a login system. ok, this part:
{
print("Welcome to the administration area!");
}
tells the script that if they are a user and there password is OK, then print this line.
this:
else
{
print("Wrong password");
}
?>
says that if the user/pass combo doesnt work, print that line, and then it ends. This is your very basic login script. Now say you want to redirect to another page. That is easy, you simply replace
print("Welcome to the administration area!");
with
header( "Location: http://www.yoursite.com/yourpage.htm" );
This redirects them to that page. Make two pages, one with the content they are allowed to get to if they are a use, and another, that says like sorry, your either screwed up and are an idiot, :P, or you dont have permission to get here.
Here a complete login script with redirection. I havent been able to hack it yet, and I am in the top like 2% at hackthissite.org so, i think its pretty safe.
<?
$adminuser = "admin";
$mehuluser = "mehul";
$adminpass = "admin";
$mehulpass = "fubar";
if ($user == $adminuser&&$pw == $adminpass || $user == $mehuluser&&$pw == $mehulpass)
{
header( "Location: http://www.yoursite.com/secure.html" );
}
else
{
header( "Location: http://www.yoursite.com/incoorect.html" );
}
?>
They both have to be in the same directory, because of the links.
Ok, hope you understand it, contact me if you dont \/ \/ \/ \/
A NP donation would be realy nice, but you dont have to, just something to say thanks i guess.
Josh
I dont recomend using this for extremely important info, but it works fine for most things.
Ok, im gonna go through this piece by piece, so bear with me.
Here is your html file:
<HTML>
<HEAD>
<TITLE>index</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
</HEAD>
<BODY LEFTMARGIN=0 TOPMARGIN=0 MARGINWIDTH=0 MARGINHEIGHT=0>
<form method="POST" action="login.php">
<div align="left"><p> </p>
<p> <input type="text" name="user" size="14">Username
</p>
<p> <input type="password" name="pw" size="14">Password
</p>
<p> <input name="submit" type="submit" value="Submit">
</p>
</div></form>
</BODY>
</HTML>
This simply has two input boxes, one for the username, one for the password, and a submit button. The instance names for the boxes are "user" and "pw". These are important. Now, for the PHP script. We will call it login.php, because in the html form, we told the page to go there. We start of by listing the Users and passwords;
<?
$adminuser = "admin";
$testuser = "test";
$adminpass = "admin";
$testpass= "fubar";
This sets the variable adminuser equal to admin, and the same for test. The second lines set the variables adminpass and testpass equal to there values. For each user you get, you will have to go in here and type in a variable for there username and password. This seems tedious, but it really is not. Now for the next part, the real meat of the code, where it checks to see if your username/password combo works.
if ($user == $adminuser&&$pw == $adminpass || $user == $testuser&&$pw == $testpass)
{
print("Welcome to the administration area!");
}
else
{
print("Wrong password");
}
?>
The first line is an IF statement. It mean, if this is true, do this. So, it checks to see of the text entered in the user and password boxes match.
$user == $adminuser&&$pw == $adminpass
this checks if the text is equal to the admin user and pass that you set. the && means and in PHP, so both of those have to be true. the next part:
|| $user == $mehuluser&&$pw == $mehul)
says OR this. the || means OR in php. So it says, if the text entered is equal to this or this, then they are a user. This method is not susceptable to SQL injection, which is a very nice way to hack a login system. ok, this part:
{
print("Welcome to the administration area!");
}
tells the script that if they are a user and there password is OK, then print this line.
this:
else
{
print("Wrong password");
}
?>
says that if the user/pass combo doesnt work, print that line, and then it ends. This is your very basic login script. Now say you want to redirect to another page. That is easy, you simply replace
print("Welcome to the administration area!");
with
header( "Location: http://www.yoursite.com/yourpage.htm" );
This redirects them to that page. Make two pages, one with the content they are allowed to get to if they are a use, and another, that says like sorry, your either screwed up and are an idiot, :P, or you dont have permission to get here.
Here a complete login script with redirection. I havent been able to hack it yet, and I am in the top like 2% at hackthissite.org so, i think its pretty safe.
<?
$adminuser = "admin";
$mehuluser = "mehul";
$adminpass = "admin";
$mehulpass = "fubar";
if ($user == $adminuser&&$pw == $adminpass || $user == $mehuluser&&$pw == $mehulpass)
{
header( "Location: http://www.yoursite.com/secure.html" );
}
else
{
header( "Location: http://www.yoursite.com/incoorect.html" );
}
?>
They both have to be in the same directory, because of the links.
Ok, hope you understand it, contact me if you dont \/ \/ \/ \/
A NP donation would be realy nice, but you dont have to, just something to say thanks i guess.
Josh
Last edited:
i told you, i tried to hack this, lol.
