Password Protection and File Inclusion With PHP by Robert Plank
First off, if you read last week's article by me (the one about site
personalization in PHP), I have one addition to make to make your life a little
easier. If you didn't read last week's article, read it. It'll help you. You
can find it here: http://jumpx.com utorials/1
Now, remember how we personalized a page for your visitor? This works fine, but
what do we do if they didn't use that special link, and just went to the page?
What I'm saying is, if you special personalized page was at
http://www.your.host/sales.php/f=Oscar/l=Grouch but your visitor only
went to http://www.your.host/sales.php.
Instead of the name there would just be a blank spot! Last week I forgot to
cover this.
All we have to do to fix it is to tell PHP that if they didn't leave a name, to
substitute one in for them. So let's say that if they left their first name
blank to make their first name "Friend". This way instead of saying "Dear
Oscar:" it would say "Dear Friend:".
Put the following line of code JUST ABOVE THE LINE that says something similar
to: echo "$f $l" :
if ($f == "") { $f = "Friend"; }
That way, you can use your special personalized page as a normal page and no
one will be the wiser.
Password protection is something you need every once in a while. Whether it's a
secret site you're running or just the control panel of your favorite script.
Sometimes you don't need a fancy solution like .htaccess if you're only
worrying about a single user (you). But JavaScript passwords can be worked
around, and HTML-based passwords based on cookies, written in PHP are
complicated and take time to write. Htaccess is nice but it's a pain if you
just want to use it for one person.
Here is a simple way to use HTTP authentication (the same you see used by
htaccess) with just a few lines of code. Below are the sample contents of a
file you can use.
<?php
$myusername = "myusername"; $mypassword = "mypassword"; $areaname = "My
Protected Area";
if ($PHP_AUTH_USER == "" || $PHP_AUTH_PW == "" || $PHP_AUTH_USER != $myusername
|| $PHP_AUTH_PW != $mypassword) { header("HTTP/1.0 401 Unauthorized");
header("WWW-Authenticate: Basic realm="$areaname""); echo
"<h1>Authorization Required.</h1>"; die(); }
?>
my main text.
Last week we learned that PHP code can be integrated into your HTML. All you
have to do is make sure the file ends in .php (for example, "firehydrant.php")
and it will work. Everything that comes in between this:
<?php
/* And this: */
?>
Is treated as PHP code. Everything outside of those tags is treated as plain
HTML.
When copying this code over be SURE to include that last line where it says "my
main text." Note that "my main text" is located outside of the PHP code
brackets. This means that where you see "my main text" can be your normal HTML
file!
Take all of this code and Upload the script onto your web server and run it in
the browser. You should be greeted by a password popup box similar to those you
see with htaccess. Enter "myusername" as the username and "mypassword" as the
password. You should be given a page that says "my main text" and nothing else.
Close your browser window (this is very important) and going back to that page.
Try entering the wrong info. The box will come up again. You have three tries
and then are given that dreadful "Authorization Required" message.
If you want to take the next step, go back to your code and change "myusername"
and "mypassword" to a username and password of your choice. Upload it back to
your web server and try again. Now go to that page again and you'll see that
you can only be let in using the username and password you chose for yourself.
Now change the part that says "My Protected Area" to something else, say "John
Calder's Bar and Grill." Upload and try it. You'll see when that password box
comes up under "Realm" it'll say "John Calder's Bar and Grill." You can change
this to whatever you like.
But what if you want to password protect just a handful of files? Do you have
to copy and paste this code onto PHP script after PHP script?
Hell no!
Take the code you just modified and take the last line out of it. You know, the
one that said "my main text." All you should have in there now is everything in
between the PHP brackets (<?php and ?>).
Save this file as "auth.php". You can rename this later, on your own time.
Make a new file called "test.php" or just rename one of your normal HTML to
this name. It doesn't matter. At the very top of test.php (the VERY top,
meaning the first line) copy and paste this line of code:
<?php include("auth.php"); ?>
Upload auth.php and test.php to your web server and run test.php. Make sure
both files are placed in the same folder. Now, try to go to test.php in your
web browser. You'll see that you can't get to test.php without the right
username and password. You can do this to any file with a ".php" extension just
by adding that one line of code.
The catch to it is that this line of code has to be at the very top of the
file. On the very first line. The reason for this is that when the script asks
for a person's username and password, these are sent using HTTP headers and
*must* come before anything else.
Of course, this doesn't take care of your secret sites or private members'
areas, where you have to deal with several logins, but that's what htaccess is
for.
While we're on the subject of includes, one last thing before we finish up.
Includes are basically a way of absorbing other files into your script. As you
saw when we included auth.php, the script read everything that was in auth.php
and used it as if the contents of that file were actually there. This works
with not only PHP scripts but also with other files as well.
Make a new file called "header.html". Put anything you want in it, but I just
put "This is my header
" when I did it.
Make a second file called "footer.html". Again, go again and put anything you
want in it, but I just put "This is my footer
" in.
Make a third file called "main.php." Copy the following into it.
<?php include("header.html"); ?>
This is my main page
<?php include("footer.html"); ?>
Upload all three into the same folder and run main.php. You should see the
following:
This is my header This is my main page This is my footer
This is just a basic example of how includes can be used. But if you have a web
site with several pages and the same layout... wouldn't it be easier just to
put everything above your main text in header.html and everything below that
main text in footer.html? That way if you change your design you only have to
edit 2 files instead of 100 or 200?
You'd think.
About the Author
Article by Robert Plank
Free PHP articles and advice. http://www.jumpx.com/newsletter
|
