Lets say I make a webpage where users have to log in to www.mypage.com, then if their password is correct the webpage redirects them to www.mypage.com/enter. But how can I prevent other users from directly going into www.mypage.com/enter. Here is method I came up with, but I don't know if it is correct: when they log in, the webpage can save their IP address on a database, and redirect them to www.mypage.com/enter, and www.mypage.com/enter checks their IP address, if it is in the database, it shows them the page, otherwise it does not. Is this a good idea?
Other ideas are to make a POST method (in php), www.mypage.com/enter will catch the POST variable from www.mypage.com, if it does not exist, then it doesn't let you in. But would this way work if I have about 10 different links under www.mypage.com? Would it work if the user needs to browse from one page to another? What is the user closes the webpage, and opens it again, he would have to log in again!!
Can someone tell me best way
2007-05-05 05:31:03 · 3 answers · asked by Anonymous in Computers & Internet ➔ Programming & Design
The IP address is useless, it changes dynamically on most machines. You need a database to store login names and hashed passwords. Assuming you have set up a user table as shown try something like this:
(Mysql) Table - users
id int(6) primary key auto_increment
logonname varchar(30)
secretword varchar(45)
trackvariable int (11)
On your index page set up a login link for known users, this should call a login page. This page should create a form asking for a name and password, then using the action $_SERVER[PHP_SELF] check them :
$userokres = mysql_query("select id from users where logonname = '$_POST[logonname]' and secretword = password('$_POST[secretword]')",$connectid)
if(mysql_num_rows($userokres) == 1){
while ($userokrec = mysql_fetch_array($userokres)){
$_SESSION[trackvariable] = time();
$_SESSION[userid] = $userokre[id];
$trackres = mysql_query("update users set trackvariable = '$_SESSION[trackvariable]' where id = '$userokrec[id]'");
header ("LOCATION: mainuserpage.html");}
}else{
echo "Your Username or Password did not authenticate
If you believe you should authority please try again";
exit;}
You can then include a security checking script, say securecheck.php, in the start of all the secureity controlled pages, this can run a query on the table to check that the user id and trackvariable match the session variables, then let the page continue loading. If they do not match or are not set due to an illegal attempt to access the page, you can set a header to re-direct to an unauthorized user page and exit.
Your database may not be Mysql so the query language will be different, or if you have no database you may need to keep a file list, this becomes far more difficult to set up, I would not like to try it.
2007-05-05 07:09:10 · answer #1 · answered by Anonymous · 0⤊ 0⤋
Page protection requires setting up the server. You designate a directory on the server as requiring "authentication".
As you did not specify what server you're using, your best approach is to contact the server administrator and ask for his/her assistance.
EDIT: ColinC assumes you have PHP. I assume that your server has "user authentication", which is far more common than PHP, but can only be setup by the administrator, but is also MUCH easier to setup. You decide which answer is more useful to you.
2007-05-05 06:24:16 · answer #2 · answered by Kasey C 7 · 0⤊ 1⤋
properly... a good place to commence could be studying approximately making use of sessions in very own abode page. until you elect nameless posters, you will would desire to create a login device, and the main uncomplicated thank you to do it fairly is with sessions and cookies. you besides would would desire to layout your database, and then it is in basic terms a remember of making the code that inserts and selects to/from it.
2017-01-09 13:09:24 · answer #3 · answered by Anonymous · 0⤊ 0⤋