how to add access restriction to a page

scorpioy

Can someone tell me how to implement this in PHP:

When a link is clicked, I want it pop out a window for entering user name and password, and only if they are correct, then the page will be loaded.

Trs2988

Well... normally I'd say Javascript. But if you really want to do it in PHP, I guess there is a way.

You could link to a blank page that popped up (with Javascript) the username/password form. That username and password form (not sure if this is possible?) would be submitted back to the main page when you hit "Log In," and then you could use PHP to decide whether or not to display the page depending on whether or not they entered the right username/password.

Davy

AAAAAAAARRRRRGGGHHH!!!!!!!!

READ

scorpioy

Originally posted by Trs2988
You could link to a blank page that popped up (with Javascript) the username/password form. That username and password form (not sure if this is possible?) would be submitted back to the main page when you hit "Log In," and then ...

Sorry, I don't mean to have to use PHP and without JavaScript.

Could you tell me exactly how to do ' popped up (with Javascript) the username/password form' and check the validation and does this mean using JavaScript to connect database?

Thanks.

Davy

Ugh..

You don't need JavaScript!!

Ok the way in which you want to go about accessing to a restricted section.. there are several ways and I will list some of the more popular ones with brief explanations but first you need to tell us how secure you want this to be?

Like will you be coding an Internet banking system or just a 'members' page of a local club you got going, for example?

If it's an Internet banking system then I'd look at using sessions. There is information on these in the link i supplied in my aove post.

You can also use cookies (also explained in above link).

But by far the easiest and somewhat no so secure is the 'gdj27hdfuj0099fjhhf880kdjn999' named directory way of doing things.

You'd have a basic 'username' and 'password' form and if they are both the ones you want then the page would forward to this directory. If incorrect then the user is forwarded to the login page again. BUT, if a user knows what this directory name is then they could just type it in the URL.

I spose then you could disallow this by having the login page write a cookie upon successful login and everytime a page is opened in the 'gdj27hdfuj0099fjhhf880kdjn999' directory, the existence of the cookie is detected. If it exists then page opens. If not then user is redirected to before said login page.

Heh...so many ways of doing this 😃

scorpioy

Sorry I misleaded you guys. I know how to use PHP to check user's validation. What I tried to describe the circumstance is:

When a link is clicked, a new webpage is opened, but it pops out a small window first for entering user name and password and the new webpage is loading in the background.

I guess this has to involve JavaScript, but how do I code it and connect database with JavaScript?

Thanks for any help.

Davy

Create a simple JavaScript popup window...?

Use PHP like you normally would with a form. The popup is another page in a new window. An annoying habit of a window but a new window and a new page none the less.

Roger_Ramjet

Are you on about 'normal' password protection you get on lots of sites? Sounds like it with the "it pops out a small window first for entering user name and password".

Securing areas of your website like this i done with 2 files .htaccess and .htpasswd . Read this for full explanation :
http://wsabstract.com/howto/htaccess.shtml
http://wsabstract.com/howto/htaccess3.shtml

"htaccess is about as secure as you can or need to get in everyday life"

htaccess will password protect a directory and everything below it. Only when you need the login to be more dynamic, to convey more information, do you need to go beyond normal htaccess authentication. If you want per-page authentication, or general purpose pages with dynamic content on a per-user basis, then you will need php sessions and your own authentication scripts. Start first with htaccess though.