How to set access right to redirect webpage in IE7

Ask Question Forum:

Model Library:2025-02-08 Updated:A.I. model is online for auto reply question page

Show

ASK RECENT

How to set access right to redirect webpage in IE7

Asked by duncanb7

at 2024-12-08 09:04:42

Point:500 Replies:9 POST_ID:828438USER_ID:11059

Topic:

PHP Scripting Language;Hypertext Markup Language (HTML);JavaScript

http://www.experts-exchange.com/Programming/Languages/Visual_Basic/Q_26659754.html
In this thread above, I have solved to avoid the IE's warning message box cames out when
after visitor login my webpage and then click reload button for update data. In the solution for the thread
I am using to redirect method to redirect the page to mainpage.html as attached index.php code as follows
in order to IE not to re-check the visitor's login and passward again if they reload the webpage. But it create
other issue. Other visitors without given correct login and password could go into the mainpage.html,
just typing www.mywebsite.com/mainpage.html directly at URL address bar in IE if the qualified visitors
(already have correct login and password I gave them) tell them the exact webpage name or location to
non-qualified visitor. That is security issue.

I try to think to avoid this new issue, I should create other mainpage.php file to check login and password
and somebody told me using php session to transfer login and password variable in index.php into
other php file. But I am not family with php and try a lot test code of php but it is failed to do so.

Please help and advise if possible provide php code for this part as the following link
http://www.tizag.com/phpT/phpcookies.php in order to solve my new issue complete.

My target, Once visitor login my website successfully, I need to make sure every webpage
they go is already passed the login process. I try to replace mainpage.html by mainpage.php
and all data or infomation in mainpage.html like table data is put into mainpage.php instead

Duncan

new index.php file
====================
<?

if (($_POST['username']=="checkusername") && ($_POST['password']=="checkpassword")) {

echo '<html>
<meta http-equiv="Refresh" content="0; url=http://www.mywebiste.com/mainppage.php" />

</html> ';

mainpage.php
===========
if (($_POST['username']=="checkusername") && ($_POST['password']=="checkpassword")) {

echo '<html>
<table><td></td></table>

</html> ';

Duncan

**********New issue created by old Index.php file for visiotr login into my webpage site**************<?if (($_POST['username']=="checkusername") && ($_POST['password']=="checkpassword")) {	echo '<html><meta http-equiv="Refresh" content="0; url=http://www.mywebiste.com/mainpage.html" /></html> ';}  else {	echo '<form name="login_form" method="post">		<h2>Login into www.mywebiste.com </h2> 		 <table width="44%" border="0">    		<tr>     		 <td width="34%" valign="top" align="right">username</td>     		 <td width="66%" valign="top"><input type="text" name="username">     		 </td>   		 </tr>    		<tr>     		 <td width="34%" valign="top" align="right">password</td>     		 <td width="66%" valign="top">        		<input type="password" name="password">      		</td>    		</tr>   		 <tr>     		 <td width="34%">&nbsp; </td>      		<td width="66%">        		<input type="submit" name="Submit" value="Submit">      		</td>    		</tr>  		</table>		</form>';}?>

1:2:3:4:5:6:7:8:9:10:11:12:13:14:15:16:17:18:19:20:21:22:23:24:25:26:27:28:29:30:31:32:33:34:35:36:37:

Select All Code

Author: duncanb7 replied at 2024-03-07 08:14:49

Thanks for your message, I pratising your code and google .htaccess for tutorial . and waiting you setup for .htaccess and .htpasswd

Anyway, thanks

Author: duncanb7 replied at 2024-12-09 19:35:38

Thanks for your message, I pratising your code and google .htaccess for tutorial . and waiting you setup for .htaccess and .htpasswd

Anyway, thanks

Accepted Solution

Expert: mdougan replied at 2024-12-09 11:08:34

500 points GOOD

Here is an approach I took once. If the logon was successful, then I would set a session cookie. The cookie is deleted once they close their browser.

  if (strcasecmp($Password, $row[1]) == 0)
   {
   setcookie('f_mywebsite_auth', 'OK');

   header("Location: http://www.mywebsite.com/main.php");
   exit;
   }
   else
   {
   echo 'The Password you provided does not match what we have on file, please try again.';
   }

In Main.php you would then check for the existence of the cookie before showing the page:

if(isset($f_mywebsite_auth)) {
   //show the page
}
else {
  // show an error and/or exit
   exit;
}

This method does require that the user's browser be set to allow session cookies. If they don't allow session cookies, they'll never be able to get to the main page.

I'm waiting for a friend to send me copies of my old .htaccess and .htpasswd files. I'd deleted my backups, so, have to wait to hear from them.

Expert: mdougan replied at 2024-12-08 13:04:12

I'm sorry, but I don't have access to the .htaccess and .htpasswd files from the computer that I'm on today. But possibly tomorrow.

In the .htaccess file you would have a section that looks something like:

<files "*.php">
AuthUserFile /www.mywebsite.com/.htpasswd
AuthType Basic
AuthName "Administrator script"
require myuserid
</files>

To create the .htpasswd file, you can run a utility which is called htpasswd, and I can't remember the exact command, but you can google it. You tell it the user id and the password for that user and it creates the file .htpasswd at the path you specify in the command. I believe that the .htpasswd file simply looks like:

myuserid:mypassword
myotheruserid:myotherpassword

Hopefully, this will get you started. I'll look for my actual files tomorrow.

Author: duncanb7 replied at 2024-12-08 10:45:46

Could you make complete example for me ? Now I don't know what to do next !

Author: duncanb7 replied at 2024-12-08 10:13:54

So I don't know how to do next in sytnax writing in .htaccess and

Question-1
I open _vti_pvt/service.pwd file, and it is as follows

# -FrontPage
mylogin:$1$XJJdhsfhsdhf,,TLSaslkdlf

So you means I put
myuserid:1234abc
mypasswd:12lklkldss in servuce.pwd ? What is syntax like $1234abc, something like that

QUestion-2
you means myuserid and mypasswd is same as php variable in my index.php for 'username' and 'password', Right ?
if (($_POST['username']=="checkusername") && ($_POST['password']=="checkpassword"))

Expert: mdougan replied at 2024-12-08 09:50:52

Yes, that looks correct, except that you have a typo for the word DELETE. I don't have a copy of any of my old .htaccess files handy to check the syntax, but it looks exactly right to me.

Author: duncanb7 replied at 2024-12-08 09:42:50

Dear mdougan,

first of above, thanks for your quick reply, I thouhg .htaccess is system file for domain hosting company, and now
I know I can read and write it.

In the file of .htaccess, just display this as follows, so what I should do , you mean

============
<limit GET POST>
order deny, allow
deny from all
allow from al
</limit>
<limit PUT DELTELE>
order deny, allow
deny from all
</Limited>
AuthUserfile /home/mylogin/public_html/_vti_pvt/serice.pwd
AuthGroupfile /home/mylogin/public_html/_vti_pvt/service.grp
AuthName mylogin
IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*

Expert: mdougan replied at 2024-12-08 09:24:19

It would be easy to do this with Basic Authentication. First, you would create a user id in the htaccess file with a password in the htpassword file, and allow read access to your main page (html), or perhaps execute permission for PHP for that user and deny all others. Then, in your original PHP script, when you perform the redirect, you add the credentials to the URL.

Http://myuserid:mypassword@mywebsite.com/mainpage.html

新聞財經娛樂♬資訊 News Economy

About Us|Service|Pricing

Stock Index全球即時指數期貨:

&nbps;

News即時新聞:↓

News即時新聞:↑

On Balance Volume (OBV):

Youtube Video♬ Sharing by members:↓

Youtube Video♬ Sharing by members:↑

Ask Question Forum:

How to set access right to redirect webpage in IE7

Your Information

Members/Profolio