Technology, Support, and News Forum

[Infinityeye Profile ICQYIM]

How do I make a popup like the one you will get when you want to login here

[Gav... Profile Website]

I would say thats done by using the .htaccess file and checking against
a .htpasswd file. The .htaccess file has restricted this area of the site to members only and automatically opens this pop-up. It then checks the username/password entered in the pop-up against entries in the .htpasswd file.

Either of the above filenames may have been changed at some ISPs to help with security but is the defaults upon an Apache install for instance.

I can explain further if you wish what to put in these files, but you will need to check further with your ISP if you can have access to these files or not - unless you are running your own web server in which case you can.

Take a look at This Apache docs page for more info.

HTH

[Weaver Profile Website]

Yep, HTTP's "Basic" authentication mechanism is reponsible for that. If you are using the Apache webserver and are able to use '.htaccess' files then you can configure the '.htaccess' to protect directories/content in a similar fashion.

I wrote up an introduction to .htaccess/.htpasswd files a while ago, you can access it on my personal site here (Note: sometimes the forum filter mangles the domain name. Replace the '**' with 'ss' if it is mangled). I think you'll find it useful.

If you have questions, be sure to ask.

-Weaver

[Eric` Profile ICQ]

It is written on PHP and demands web server (for example Apache)
This input(entrance) is used in system (for example, an input for a forum, a chat, e-mails)
For this purpose you should construct all system
But, it is possible to put the password for one member, that only at his authorization your page was displayed
This script written on PHP and doesn`t demand MySql
It looks so :
This is your index.php


<?
session_start();
error_reporting(0);
extract($_POST);
$log = "YourLogin";
$pass = "YourPassword";
print "<div align=\"center\">\n";
print "<form method=\"post\" action=\"index.php\">\n";
print "<table width=\"50%\" border=\"0\"><tr><td bgcolor=\"#CCCCCC\">\n";
print "<table width=\"100%\" border=\"0\" bgcolor=\"#F7F7F7\"><tr><td colspan=\"3\" height=\"30\">\n";
print "<div align=\"center\"><b>Admin Authorization</b></div></td></tr><tr><td width=\"16%\">&nbsp;</td>\n";
print "<td width=\"17%\">Login:</td><td width=\"67%\">\n";
print "<input type=\"text\" name=\"login\">\n";
print "</td></tr><tr><td width=\"16%\">&nbsp;</td>\n";
print "<td width=\"17%\Password:</td>\n";
print "<td width=\"67%\"><input type=\"password\" name=\"password\">\n";
print "</td></tr><tr><td width=\"16%\">&nbsp;</td><td width=\"17%\">&nbsp;</td><tr><td width=\"16%\">&nbsp;</td><td width=\"17%\">&nbsp;</td><td width=\"67%\">\n";
print "<input type=\"submit\" name=\"submit\" value=\"EnteR\">\n";
print "</td></tr></table></td></tr></table></form></div>\n";
if(isset($submit))
{
if($login!="" and $password!="")
{
if($log==$login and $password==$pass)
{
$login=$adminlog;
$password=$adminpass;
$adm=1;
session_register("adm");
print "<div align=\"center\"><a href=admin.php>You were Authorized (Admin)</a>!</div>";
}
else
print "<div align=\"center\">Password or Login is incorrect!</div>";
}
}
?>

In this Script your page after authorization is admin.php (It`s noticed), you can replace it
In Your all pages you must write this lines:

<?
session_start();
extract($_GET);
if(!session_is_registered("adm"))
{
print"You were not Authorized!";
print "<meta http-equiv=refresh content='1; url=index.php'>";
}

if(session_is_registered("adm"))
{
print"<title>Your title</title>";
print "<table width=\"99%\" bgcolor=\"#F7F7F7\" border=\"1\" bordercolor=\"CCCCCC\"><tr><td >\n";
print"<a href=\"admin.php?do=logout\">LogOut</a>";
print"</td></tr></table>";
print"<br>\n";
print"Your Page";
print"";
}

if($do=="logout")
{
session_destroy();
print "<meta http-equiv=refresh content='1; url=index.php'>";
}
?>

[Weaver Profile Website]

There are bbcode 'code' tags for a reason. Use them please.

I am not going to dive into an audit of the code you have posted, but know that I do have a few issues with it.

The one I am going to comment on is your use of extract(). The way in which you have used 'extract()' is very poor. All other things equal, it is nearly the same as leaving the php.ini directive register_globals set to On. Something that has been widely understood to be bad practice for a while now.

The default extract_type for extract() is EXTR_OVERWRITE. Like I mentioned before, nearly as bad as leaving register_globals turned on.

In your case, a better way of doing it (personally I don't use extract() at all for the purpose you are using it for) would be to say something like:

Code: Select all

extract( $_POST, EXTR_SKIP );

http://php.net/extract

-Weaver

[Infinityeye Profile ICQYIM]

I will try this... Thanks!

[Eric` Profile ICQ]

Thanks for comments

[alphagamma212]

If your server is Apache, .htaccess/.htpasswd files
for other servers (*gasp!*IIS*/ungasp*) check the docs