password protection

Il-Belti

I am fairly a newbie to PHP and i am starting experimenting, how to implement a password protection to access a page. I have tried the following script, and it seems to work fine, however, i would like to ask, if this script is simple to break through to get the user/pass.

<?php

$username = "user";
$password = "pass";

if ($_POST["user"] != $username || $_POST["pass"] != $password) 
{

?>

<h1>Login</h1>

<form name="form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
    UserName:<br /><input type="text" name="user" /><br />
    Password:<br /><input type="password" name="pass" />
    <input type="submit" name="Submit" value="Login" />
</form>

<?php

}
else {

?>

<p>Access to Page</p>

<?php

}

?>

Thank you for any feedback

dcooper

Originally posted by Il-Belti
I am fairly a newbie to PHP and i am starting experimenting, how to implement a password protection to access a page. I have tried the following script, and it seems to work fine, however, i would like to ask, if this script is simple to break through to get the user/pass.
<?php

$username = "user";
$password = "pass";

if ($_POST["user"] != $username || $_POST["pass"] != $password) 
{

?>

<h1>Login</h1>

<form name="form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
    UserName:<br /><input type="text" name="user" /><br />
    Password:<br /><input type="password" name="pass" />
    <input type="submit" name="Submit" value="Login" />
</form>

<?php

}
else {

?>

<p>Access to Page</p>

<?php

}

?>
Thank you for any feedback [/B]

Thats about as simple as it gets, a better idea would be to store the usernames and passwords in a database, this means you can have more than one user.

$username = $_POST['username'];
$password = $_POST['password'];

$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$result = mysql_query($query);
if($result)
{
echo 'secret info';
}
elseif(!$result)
{
echo 'login';
}

This is just a basic version to give you an idea.

Few others things to add to this

Sessions
MD5 Password Encryption

Hope this helps

planetsim

If your using a database you have to think of other things besides Password Encryption, but also SQL Injections. So even if the data from the user isnt going anyway always check the data sent.

Il-Belti

thank you for the feedback.

Roger_Ramjet

Try this article http://www.sitepoint.com/print/users-php-sessions-mysql

and the attached code for a good login solution.

Il-Belti

thanks, i'll give them a look.