I am looking for help with session handling.
I have modified Joe Jarosciaks password script slightly, so that instead of logging in to d/l files, you login to one or two secure areas. (depending on the access level of password used)
How and where can i modify this more, so that a session will be created, and the logged-in users data will be passed over to the two secure area`s??
e.g. pass the login information to the two secure area pages, so they can evaluate if the user is allowed to view them or not!
I dont want to use javascript, or cookies, if i can help it, as javascript can be turned off, and many of todays users do not like cookies and are cookie-paranoid.
Heres the sript so far:
<------------------- index.php------------------->
<head>
</head>
<body bgcolor="#FFFFFF">
<table border="1" width="100%" bgcolor="#000000" bordercolor="#000000" cellspacing="0">
<tr>
<td width="100%">
<p align="center"><b><font size="4" color="#FFFFFF">Authorized Access Only</font></b></td>
<form method="POST" action="secure.php">
<center>
</tr>
</table>
<address align="center"> </address>
<address align="center"> </address>
<address align="center"><b>Name:</b></address>
<address align="center"> <input type="text" name="PHP_AUTH_USER" size="20" value=""></address>
<address align="center"> </address>
<address align="center"><b>Password:</b></address>
<address align="center"><input type="password" name="PHP_AUTH_PW" size="20" value=""></address>
<p align="center"><input type="submit" value="Login" name="B1"> <input type="reset" value="Reset"> </p>
</form>
</body>
<--------------------end index.php------------------->
<---------------------secure.php--------------------->
<?php
$auth = false;
if (isset( $PHP_AUTH_USER ) && isset($PHP_AUTH_PW)) {
$filename = ("D:\Inetpub\wwwroot\password\vault\passwords.txt");
$fp = fopen( $filename, 'r' );
$file_contents = fread( $fp, filesize( $filename ) );
fclose( $fp );
$lines = explode ( "\n", $file_contents );
foreach ( $lines as $line ) {
list($username,$password,$tc,$fc) = explode(':', $line );
// echo '<br>';
// echo $username;
// echo ' : ';
// echo $password;
// echo '<br>';
if (( $username == "$PHP_AUTH_USER" ) && ( $password == "$PHP_AUTH_PW" )) {
$auth = true;
break;
}
}
}
// ==================Header + IP Checking======================
$updated_from=getenv("REMOTE_ADDR");
print ('
<div align="center">
<center><table border="1" cellpadding="0" cellspacing="0" width="667" bgcolor="#000000" bordercolor="#000000"><tr>
<td width="100%">
<p align="center"><font color="#FFFFFF" size="0"> Connected from (IP): ');
print '<font color="#FFFF00">';
print $updated_from;
print '</font></font><font color="#FFFF00" size="0"> </font><font color="#FFFFFF"><font size="0"> |
<font size="1"> Your username - </font>';
print '<font color="#FFFF00">';
print $PHP_AUTH_USER;
print '</font></font></font><font color="#0000FF" size="0"> </font><font color="#FFFF00" size="0">
</font></p></td></tr></table></center><br></div>';
// ==================end - Header + IP Checking======================
// ==================on support or not=======================
if (! $auth)
{
echo '<br> You used username: ';
echo $PHP_AUTH_USER;
echo '<br> You used password: ';
echo $PHP_AUTH_PW;
echo '<br>';
echo '<br><center>';
echo '<br>';
echo '<p><font color="#000000"><b>Sorry, but this is wrong. Authorization with right username and password is Required!</b></font></p>';
exit;
}
if (($auth) and ($tc == '1'))
{
print '<b><font color="#000000" size="1">- You are authorized for access area 1.</font></b><br>' ;
}
if (($auth) and ($fc == '1'))
{
print '<b><font color="#000000" size="1">- You are authorized for access area 2.</font></b><br>' ;
}
if (($auth) and ($tc == '0'))
{
print '<b><font color="#FF0000" size="1">- You are not authorized for access area 1.</font></b><br>' ;
}
if (($auth) and ($fc == '0'))
{
print '<b><font color="#FF0000" size="1">- You are not authorized for access area 2.</font></b><br>' ;
}
// ==================end -- on support or not=======================
// ==================buttons=======================
if (($auth) and ($tc == '1'))
{
print '<a href="access_area1.htm"><font face="Arial, Helvetica, sans-serif"><b><font size="4" color="#FFFFFF">Area 1</font></b></font> </a><br>';
}
if (($auth) and ($fc == '1'))
{
print '<a href="access_area2.htm"><font face="Arial, Helvetica, sans-serif"><b><font size="4" color="#FFFFFF">Area 2</font></b></font> </a>';
}
// ==================end buttons=======================
if ($auth)
{
echo '<b><center><font size="1">Thank you. You were authorized with right username and password!</font></b>';
}
?>
<-------------------end secure.php--------------------->
<-----------------access_area1.htm--------------------->
<head>
<title>Access Area 1</title>
</head>
<body bgcolor="#FF6600" text="#000000">
<div align="center">
<table width="40%" border="1" cellspacing="0" cellpadding="0" bgcolor="#FF0000" bordercolor="#000000">
<tr>
<td>
<div align="center"><b><font face="Arial, Helvetica, sans-serif" size="6">Secure
Area 1</font></b></div>
</td>
</tr>
</table>
</div>
</body>
<----------------end access_area1.htm------------------>
<head>
<title>Access Area 2</title>
</head>
<body bgcolor="#FF0000" text="#000000">
<div align="center">
<table width="40%" border="1" cellspacing="0" cellpadding="0" bgcolor="#FF6600" bordercolor="#000000">
<tr>
<td>
<div align="center"><b><font face="Arial, Helvetica, sans-serif" size="6">Secure
Area 2</font></b></div>
</td>
</tr>
</table>
</div>
</body>
<----------------end access_area2.htm------------------>
<----------------passwords.txt------------------------->
joe:19741:1:0:
tony:928gt:1:1:
murray:fsSS92:1:1:
greg:2NNg8ed:1:1:
mitch:dopro:0:0:
nick:cmuk:1:0:
guest:RxegXHNEV9GpM:1:1:
tom:JJft54Dcv:0:1:
<----------------end of passwords.txt------------------>
Thankyou very much for any help!
webmaster@insightdesign.co.uk
