|
Password Protection and File Inclusion With PHP
|
By Robert Plank
[Hits: 2879]
|
|
First off, if you read last week's article by me (the one aboutsite personalization in PHP), I have one addition to make tomake your life a little easier. If you didn't read last week'sarticle, read it. It'll help you. You can find it here:http://jumpx.com utorials/1
Now, remember how we personalized a page for your visitor? Thisworks fine, but what do we do if they didn't use that speciallink, and just went to the page?
What I'm saying is, if you special personalized page was athttp://www.your.host/sales.php/f=Oscar/l=Grouch but your visitoronly went to http://www.your.host/sales.php. Instead of the namethere would just be a blank spot! Last week I forgot to coverthis.
All we have to do to fix it is to tell PHP that if they didn'tleave a name, to substitute one in for them. So let's say thatif they left their first name blank to make their first name"Friend". This way instead of saying "Dear Oscar:" it would say"Dear Friend:".
Put the following line of code JUST ABOVE THE LINE that sayssomething similar to: echo "$f $l" :
if ($f == "") { $f = "Friend"; }
That way, you can use your special personalized page as a normalpage and no one will be the wiser.
Password protection is something you need every once in a while.Whether it's a secret site you're running or just the controlpanel of your favorite script.
Sometimes you don't need a fancy solution like .htaccess ifyou're only worrying about a single user (you). But JavaScriptpasswords can be worked around, and HTML-based passwords basedon cookies, written in PHP are complicated and take time towrite. Htaccess is nice but it's a pain if you just want to useit for one person.
Here is a simple way to use HTTP authentication (the same yousee used by htaccess) with just a few lines of code. Below arethe sample contents of a file you can use.
$myusername = "myusername"; $mypassword = "mypassword";$areaname = "My Protected Area";
if ($PHP_AUTH_USER == "" || $PHP_AUTH_PW == "" || $PHP_AUTH_USER!= $myusername || $PHP_AUTH_PW != $mypassword) {header("HTTP/1.0 401 Unauthorized"); header("WWW-Authenticate:Basic realm="$areaname""); echo "AuthorizationRequired."; die(); }
?>
my main text.
Last week we learned that PHP code can be integrated into yourHTML. All you have to do is make sure the file ends in .php (forexample, "firehydrant.php") and it will work. Everything thatcomes in between this:
/* And this: */
?>
Is treated as PHP code. Everything outside of those tags istreated as plain HTML.
When copying this code over be SURE to include that last linewhere it says "my main text." Note that "my main text" islocated outside of the PHP code brackets. This means that whereyou see "my main text" can be your normal HTML file!
Take all of this code and Upload the script onto your web serverand run it in the browser. You should be greeted by a passwordpopup box similar to those you see with htaccess. Enter"myusername" as the username and "mypassword" as the password.You should be given a page that says "my main text" and nothingelse.
Close your browser window (this is very important) and goingback to that page. Try entering the wrong info. The box willcome up again. You have three tries and then are given thatdreadful "Authorization Required" message.
If you want to take the next step, go back to your code andchange "myusername" and "mypassword" to a username and passwordof your choice. Upload it back to your web server and try again.Now go to that page again and you'll see that you can only belet in using the username and password you chose for yourself.
Now change the part that says "My Protected Area" to somethingelse, say "John Calder's Bar and Grill." Upload and try it.You'll see when that password box comes up under "Realm" it'llsay "John Calder's Bar and Grill." You can change this towhatever you like.
But what if you want to password protect just a handful offiles? Do you have to copy and paste this code onto PHP scriptafter PHP script?
Hell no!
Take the code you just modified and take the last line out ofit. You know, the one that said "my main text." All you shouldhave in there now is everything in between the PHP brackets().
Save this file as "auth.php". You can rename this later, on yourown time.
Make a new file called "test.php" or just rename one of yournormal HTML to this name. It doesn't matter. At the very top oftest.php (the VERY top, meaning the first line) copy and pastethis line of code:
Upload auth.php and test.php to your web server and runtest.php. Make sure both files are placed in the same folder.Now, try to go to test.php in your web browser. You'll see thatyou can't get to test.php without the right username andpassword. You can do this to any file with a ".php" extensionjust by adding that one line of code.
The catch to it is that this line of code has to be at the verytop of the file. On the very first line. The reason for this isthat when the script asks for a person's username and password,these are sent using HTTP headers and *must* come beforeanything else.
Of course, this doesn't take care of your secret sites orprivate members' areas, where you have to deal with severallogins, but that's what htaccess is for.
While we're on the subject of includes, one last thing before wefinish up.
Includes are basically a way of absorbing other files into yourscript. As you saw when we included auth.php, the script readeverything that was in auth.php and used it as if the contentsof that file were actually there. This works with not only PHPscripts but also with other files as well.
Make a new file called "header.html". Put anything you want init, but I just put "This is my header " when I did it.
Make a second file called "footer.html". Again, go again and putanything you want in it, but I just put "This is my footer " in.
Make a third file called "main.php." Copy the following into it.
This is my main page
Upload all three into the same folder and run main.php. Youshould see the following:
This is my header This is my main page This is my footer
This is just a basic example of how includes can be used. But ifyou have a web site with several pages and the same layout...wouldn't it be easier just to put everything above your maintext in header.html and everything below that main text infooter.html? That way if you change your design you only have toedit 2 files instead of 100 or 200?
You'd think.
|
|
|
|
|
|
