Script PHP - Sicurezza: Password - Morpheusweb.it - Risorse per webmaster: php script, php, php scripts, php post, php programming, php website, upload php, how to php, php cms, pagine php, php application, php script, php script news, php forum script, php mail script, php script login, script php form, script upload php, php calendar script, php script mysql, php upload file script, email php script, php script newsletter, download script php, script in php, chat script php, php counter script, php password script, php script guestbook, mailing list php script, link script php, download php script, for php script, forum script php, mail php script, news script php, php authentication script, php chat script, php guestbook script, php login script, php menu script

Password

Script per la protezione di intere aree di un sito. Utilizza le sessioni per passare da una pagina all'altra una volta loggati senza dover ridigitare la password. Tiene traccia degli accessi in un file di log. Utilizza MySQL.



					

					File htmldoc.inc 

					

					<?

					class htmldoc

					{

					//Class constructor.

					function htmldoc()

					{

					    return;

					}

					function printheader ( $bg_color, $text_color, $link_color, $vlink_color, $alink_color,
					$title )

					{

					    ?>

					    <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">

					    <HTML><HEAD><TITLE><?php echo $title; ?></TITLE>

					    </HEAD>

					    <BODY bgcolor="<?php echo $bg_color; ?>"

					    text="<?php echo $text_color; ?>"

					    link="<?php echo $link_color; ?>"

					    vlink="<?php echo $vlink_color; ?>"

					    alink="<?php echo $alink_color; ?>">

					    <?

					}

					function starttimer ( $root_url )

					{

					    ?>

					    <META http-equiv="Refresh" content="1800;URL=<?php echo
					$root_url; ?>/logout.php3;TARGET=_top">

					    <?

					}

					function printfooter ()

					{

					    ?>

					    </BODY></HTML>

					    <?

					}

					}

					?>
					

					

					File auth.inc

					

					<?

					$db_hostname = 'localhost'; //Server where MySQL is running.

					$db_user = 'john'; //Username to connect with.

					$db_pass = 'yourpass'; //Password to connect with.

					define( "DATABASE", "your_database" ); //Database name where
					table 'acl' is located.

					//Logging defines. Comment out the following two lines for no logging.

					define( "BASE_DIR", "/usr/local/myappdir" ); //Your site's
					base directory (outside of docroot)

					define( "AUTH_LOG", BASE_DIR . "/logs/auth_log" ); //Filename/subdirectory
					of logfile. Make sure the file 

					// exists and is writeable by the owner of your webserver

					// process. Usually 'nobody'.

					//define( "IMAGE", "images/ourimage.jpg" ); //Image for the
					title page. Comment out the line for none.

					define( "TITLE", "Please Login" ); //Title for the login
					page.

					define( "EXPIRE", 14400 ); //Seconds until the cookie expires.

					$bg_color = '#FFFFFF';

					$text_color = '#000000';

					$link_color = '#BC80C3';

					$vlink_color = '#BC80C3';

					$alink_color = '#9d9d9d';

					function DisplayLoginForm ($err_string) {

					require('htmldoc.inc');

					global $THIS_URL;

					global $bg_color;

					global $text_color;

					global $link_color;

					global $vlink_color;

					global $alink_color;

					$html = new htmldoc();

					$html->printheader( $bg_color, $text_color, $link_color, $vlink_color, $alink_color,
					TITLE );

					?>

					<CENTER>

					<? if (defined("IMAGE")) { ?>

					<IMG SRC="<? echo $root_url . IMAGE?>" BORDER="0">

					<? } ?>

					<BR><BR>

					<FONT SIZE=+1 COLOR="#FF0000"><? echo $err_string ?></FONT>

					<FORM NAME=login ACTION=<? echo $THIS_URL ?> METHOD=post>

					<TABLE BORDER=0>

					<TR>

					<TD><B>Username:</B></TD>

					<TD><INPUT NAME="username" TYPE="text" SIZE="10"></TD>

					</TR>

					<TR>

					<TD><B>Password:</B></TD>

					<TD><INPUT NAME="password" TYPE="password" SIZE="10"></TD>

					</TR>

					</TABLE>

					<BR>

					<INPUT TYPE="submit" VALUE="Log in">

					</FORM>

					<?

					$html->printfooter();

					exit;

					}

					function GenerateSecret ( $username, $encrypted_password ) {

					$md5str = MD5( TIME() );

					$cookie_val = "$username-$encrypted_password-$md5str";

					setcookie( "php_mini_auth", $cookie_val, time()+EXPIRE);

					$arg = "update acl set string='$md5str' where username='$username'";

					$row = mysql_db_query( DATABASE, $arg );

					}

					function AuthenticateUser ( $username, $password ) {

					global $ip;

					global $host;

					global $referer;

					$arg = "select password, 1 as auth from acl where username='$username' and
					password=encrypt('$password','$username')";

					$row = mysql_fetch_array(mysql_db_query( DATABASE, $arg ));

					if ($row[auth]) {

					if (defined( "AUTH_LOG" ))

					error_log( date("Ymd H:i:s") . " -- $ip -- Username: '$username'
					authenticated\n", 3, AUTH_LOG);

					GenerateSecret( $username, $row[password] );

					}

					else {

					if (defined( "AUTH_LOG" ))

					error_log( date("Ymd H:i:s") . " -- $ip -- Username: '$username'
					authentication failure\n", 3, AUTH_LOG);

					DisplayLoginForm( "Please log in .." );

					}

					}

					function AuthenticateCookie ( $cookie, $username, $password ) {

					$cookie_var = split("-", $cookie);

					$ck_username = $cookie_var[0];

					$ck_password = $cookie_var[1];

					$secret = $cookie_var[2];

					$arg = "select 1 as auth from acl where username='$ck_username' and password='$ck_password'
					and string='$secret'";

					$row = mysql_fetch_array(mysql_db_query( DATABASE, $arg ));

					if (!($row[auth]))

					AuthenticateUser ( $username, $password );

					else return $ck_username;

					}

					mysql_connect($db_hostname,$db_user,$db_pass) or 

					die("Unable to connect to the SQL server...");

					$THIS_URL=getenv("SCRIPT_NAME");

					$ip = getenv("REMOTE_ADDR");

					$host = getenv("REMOTE_HOST");

					$referer = getenv("REMOTE_REFERER");

					if ($php_mini_auth)

					$username = AuthenticateCookie( $php_mini_auth, $username, $password );

					else

					if ($username)

					AuthenticateUser( $username, $password );

					else

					DisplayLoginForm( "Please log in ..." );

					$result = mysql_db_query( DATABASE,"SELECT * from acl WHERE username='$username'");

					$row=mysql_fetch_row($result);

					?>

					

					Script SQL

					

					CREATE TABLE acl (

					id int(16) DEFAULT '0' NOT NULL auto_increment,

					username varchar(16) DEFAULT '' NOT NULL,

					password varchar(16) DEFAULT '' NOT NULL,

					staffname varchar(32) DEFAULT '' NOT NULL,

					string varchar(100),

					PRIMARY KEY (id)

					);

					

					INSERT INTO acl ( username, password ) VALUES ( 'the_username', encrypt('the_password','the_username')
					);

					

					

					Istruzioni nel file INSTALL

A colpo d'occhio

Script C#

Manuale C#

Script VB.Net

Manuale SQL

Seo

Manuale CSS

Be Responsive

HTML 5

CSS 3

jQuery

php