php login at current site

[rrmcguire]

Hello Im trying to create

a php login at the current page:

http://www.meadowlarkco.com/indexnewsite_test2.html

Where the user will enter in their user name and password, then once submitted will take them to another page.

The page which the user will be directed to is run off site from myself. The user name will be checked with a database that he has and if the users match will let the user in. I need to set up on my end a check internally on the password field which once submitted will check my listing of appropriate passwords.

I though doing something similar to the below would maybe work, but wanted to see if there was another way of doing this if anyone has any suggestions.

So basically the user name once the submit button is hit is transferred to another place where that is validated. I just need to validate the password myself and check that it matches an appropriate password.


thanks for any help provided

<?php
ob_start();
if (!isset($_SESSION))
{
session_start();
}

$user_name = strip_tags(trim($_REQUEST['user_name']));
$password = strip_tags(trim($_REQUEST['password']));
$password_one = strip_tags(trim($_REQUEST['password_one']));

$user_info = array('Ben'=>"argh", 'Wess'=>"fffff", 'Dave'=>"harry", 'Robin'=>"987654321", 'Sarah'=>"trueBlue");

// Check user_name input...
if (!empty($user_name) AND isset($user_info[$user_name]))
{
// ... and if no errors then check password...
if (!empty($password) AND !empty($password_one) AND $password==$password_one
AND $password == $user_info[$user_name])
{
print "You have logged in successfully";
}
else
{
// if errors with password, go back to login.php and display alert
$_SESSION['alert'] = "Your passwords do not match, or are incorrect";
$_SESSION['user_name'] = $user_name;
header('location: login.php');
}
}
else
{
// if errors with user_name, go back to login.php and display alert
$_SESSION['alert'] = "The user name you have entered does not exist";
$_SESSION['user_name'] = $user_name;
header('location: login.php');
}

?>

 

[jpadie]

Replace the 'you have logged in successfully' with a header () call

I don't have to tell you I'm sure what poor security that script employs.

 

[rrmcguire]

is there any way I can store the passwords in a text file or something else on my webserver. Also do I just create this a php file in dreamweaver then have my fields labeled appropriately in my dreameaver page.

Or if you or anyone has any better suggestions. The password check is basically just a validation as the User Name is being checked by when the user enters in their ID, ex. ABCD, and the form is submitted, it must match the user in a database offsite.(The page being logged into is maintained by a 3rd Party of ours)

Im just trying to require them to enter a password where once submitted the password must be one in a list I have

any help or guidance would be appreciated.

 

[spamjim]

The problem with storing your passwords in a text file or something else on your server is that another person can exploit your server and find out those passwords. At a bare minimum for security, passwords should be stored in an encrypted state. To check the identity of a user, encrypt the user's submitted password input and see if it matches the encrypted password on file somewhere on your server.

There's lots to learn about security... or you can use a free content management system like WordPress, Joomla, or Drupal. They already have this stuff ready to go.

 

[rrmcguire]

the password is just basically for requirement purposes though. What their logging into isn't anything with serious user data or personal information, i.e a bank, etc.

Basically all Im trying to do is @

http://www.meadowlarkco.com/indexnewsite_test2.html

when the user name is put(which is validated elsewhere) and the password is put in make sure that the password which is put in is one of the allowable passwords I have on hand for those set of users, if so then once the login is submitted they are allowed in.

thanks for any help provided