Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
P
P
Pavel Belousov2014-09-10 20:18:13
PHP
Pavel Belousov, 2014-09-10 20:18:13

Is there a ready-made solution for authorization on the page only with a password?

There is a small script (a self-written assembly of several ready-made classes) that displays pages from the database.
The output is based on GET requests of type index.php?do=layout&name=project, where project is the value of the name field in the database.
Database structure:
4d1e84a734f74e0f97602f47f670fcf9.png
There is a need to close some pages from prying eyes; for this, the pass field was created, where the password is entered.
I suppose to check it when accessing the page, if it does not match, redirect to the password entry form, but I still have little idea how to implement all this in the code.
Is there any out-of-the-box solution for a similar purpose?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

4 answer(s)
Report
P
Pavel Belousov, 2014-09-11
@PafNutY

I solved the problem on sessions and cookies by writing this class:

class PassAuth extends core {
  private $project_id;
  private $password;
  private $is_authorized = false;

  function __construct() {
    $this->db_config = $this->getConfig('db_config');
    $this->db = $this->getDb();
  }

  public static function validProjectPass()
  {
    if (!empty($_SESSION["project_id"])) {
      return (bool) $_SESSION["project_id"];
    }
    return false;
  }

  public function checkPass($password, $remember=false)
  {
    $pass = $this->passwordHash($password);

    $select = "SELECT name, pass FROM ?n WHERE pass = ?s";

    $ret = $this->db->getOne($select, 'projects', $pass);

    if (!$ret) {
      $this->is_authorized = false;
    } else {
      $this->is_authorized = true;
      $this->project_id = $ret['name'];
      $this->saveSession($remember);
    }

    return $this->is_authorized;
  }

  public function saveSession($remember = false, $http_only = true, $days = 7)
  {
    $_SESSION["project_id"] = $this->project_id;

    if ($remember) {
      // Save session id in cookies
      $sid = session_id();

      $expire = time() + $days * 24 * 3600;
      $domain = ""; // default domain
      $secure = false;
      $path = "/";

      $cookie = setcookie('project_id', $sid, $expire, $path, $domain, $secure, $http_only);
    }
  }

  public static function passwordHash($password, $iterations = 2)
  {
    $hash = md5(md5($password));

    for ($i = 0; $i < $iterations; ++$i) {
      $hash = md5(md5(sha1($hash)));
    }

    return $hash;
  }
}

now it remains to debug)), but this is already a matter of technology.

Report
K
Kir, 2014-09-10
@angry_bender

Well ... A very strange "Wishlist". Concatenate username and password into one "password".

Report
N
naneri, 2014-09-11
@naneri

Do the usual authorization, but instead of checking for a match between the login and password, just check for the presence of a password in the database.

Similar questions
R
Rooly2021-03-23 11:40:40
How to properly organize apiResource Laravel? 2Reply
A
Anton2021-03-27 12:39:53
Getting the selected radio item and passing it to the email body, how to display the selected item? 2Reply
B
Belavor2019-09-24 17:46:58
How to change time zone from server to user? 3Reply
P
Pashchuk Ilya2017-05-09 21:42:00
How to resize a block when dragging in css3 and html5? 2Reply
A
AnatoliyKarpov2021-04-16 14:24:16
How to make ul have different classes? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question