simple login with 3 pages?

[kaits]

I have here four files:
config.php
login.php
page1.php
page2.php

config.php

<?php
$user = "username";
$pass = "password";
?>

login.php, page1.php and page2.php are including the config.php to use $user and $pass
and in these three files is also this script:

<form action="login.php" method="post">
Username<br>
<input type="text" name="logi"><br>
Password<br>
<input type="password" name="logi1"><br>
<input type="submit" name="ok" value="Login">
</form>

when you type wrong username or password then this form is shown, when you type user and pass right then not
the $user and $pass should both be encoded with md5() and links should be than like this:
page1.php?logi=14c4b06b824ec593239362517f538b29&logi1=5f4dcc3b5aa765d61d8327deb882cf99
and then are all links like that

how it works, that this username and password stay there?
no sql, no cookies, no sessions
only a simple login script like this between pages

hope you can help me

 

[gecko]

this wouldn't work!
to authentificate the user, you have to check the md5 encoded username/password string against the "real / correct" password.
but where do you get the password from in the following pages ?

the fact is, you can't check if the user is logged in correctly. i can generate a random md5 string and add it to your url and them i'm logged in ?

you have to store the users password somewhere on the webserver to check it against the typed in pass on every page.

why don't you use sessions ? it's really simple and SAVE!

 

[kaits]

ok, I try to describe it from another angle:

I can't use sessions and cookies because I run this script in php safe mode server
But it should be possible to do that?
A registration system saves name, e-mal, homepage, username and password for every registered user for example into pass.txt fail so (user|pass):
name|mail|www|ee11cbb19052e40b07aac0ca060c23ee|1a1dc91c907325c69271ddf0c944bc72

this is possible but I don't know how to do that

there should be also a folder DATA where the script saves for every user a file
for example when username is user1 then it saves a file named user1 and saves into it your username and md5 encoded password, and when at the time an another user is logged in with username user44, the script creates a file named user44 and saves data into it)
script checks on every click the file and when you click on logout.php then user file for THIS iser will be deleted
then when you type into username and password textbox you username and password then the script finds the right md5 encoded username and password from pass.txt and lets tge user go to the secret page
and the links should be:
secret.php?user=ee11cbb19052e40b07aac0ca060c23ee&pass=1a1dc91c907325c69271ddf0c944bc72

script shoult work so, that when you surf between many pages, the link is secret.php?user=ee11cbb19052e40b07aac0ca060c23ee&pass=1a1dc91c907325c69271ddf0c944bc72 or user.php?user=ee11cbb19052e40b07aac0ca060c23ee&pass=1a1dc91c907325c69271ddf0c944bc72 or something else and the script must let you say in as long as you click on logout.php and then the file for your username will be deleted and you aren't logged in

the script should chech always data from pass.txt and when the link isn't secret.php?user=ee11cbb19052e40b07aac0ca060c23ee&pass=1a1dc91c907325c69271ddf0c944bc72 then it shows TOU ARE NOT LOGGED IN and in the bottom is login form

sorry about my bad english
I know that it is possible, but I don't know how to do that, because I am a PHP beginner
Could some professional php programmer from tutorials.de forum help me and write a small login script like that?

 

[gecko]

hmmm then you have to perform the check on every secured page...

if !($pass==$PASSFROMTEXTFILE && $user==$USERFROMTEXTFILE)
die("Wrong Login!");

but, you can use sessions with php safe mode enabled, should be no problem! and sessions without cookies also.

 

[kaits]

I see that you are goon in PHP and you understand what I want to do
Could you please make a small example with all script

Sessions and cookies I can't use on my homepage, there is php fafe mode, but this functions are disabled