P
P
Pavel Belousov2014-09-10 20:18:13
PHP
Pavel Belousov, 2014-09-10 20:18:13

Is there a ready-made solution for authorization on the page only with a password?

There is a small script (a self-written assembly of several ready-made classes) that displays pages from the database.
The output is based on GET requests of type index.php?do=layout&name=project, where project is the value of the name field in the database.
Database structure:
4d1e84a734f74e0f97602f47f670fcf9.png
There is a need to close some pages from prying eyes; for this, the pass field was created, where the password is entered.
I suppose to check it when accessing the page, if it does not match, redirect to the password entry form, but I still have little idea how to implement all this in the code.
Is there any out-of-the-box solution for a similar purpose?

Answer the question

In order to leave comments, you need to log in

4 answer(s)
P
Pavel Belousov, 2014-09-11
@PafNutY

I solved the problem on sessions and cookies by writing this class:

class PassAuth extends core {
  private $project_id;
  private $password;
  private $is_authorized = false;

  function __construct() {
    $this->db_config = $this->getConfig('db_config');
    $this->db = $this->getDb();
  }

  public static function validProjectPass()
  {
    if (!empty($_SESSION["project_id"])) {
      return (bool) $_SESSION["project_id"];
    }
    return false;
  }

  public function checkPass($password, $remember=false)
  {
    $pass = $this->passwordHash($password);

    $select = "SELECT name, pass FROM ?n WHERE pass = ?s";

    $ret = $this->db->getOne($select, 'projects', $pass);

    if (!$ret) {
      $this->is_authorized = false;
    } else {
      $this->is_authorized = true;
      $this->project_id = $ret['name'];
      $this->saveSession($remember);
    }

    return $this->is_authorized;
  }

  public function saveSession($remember = false, $http_only = true, $days = 7)
  {
    $_SESSION["project_id"] = $this->project_id;

    if ($remember) {
      // Save session id in cookies
      $sid = session_id();

      $expire = time() + $days * 24 * 3600;
      $domain = ""; // default domain
      $secure = false;
      $path = "/";

      $cookie = setcookie('project_id', $sid, $expire, $path, $domain, $secure, $http_only);
    }
  }

  public static function passwordHash($password, $iterations = 2)
  {
    $hash = md5(md5($password));

    for ($i = 0; $i < $iterations; ++$i) {
      $hash = md5(md5(sha1($hash)));
    }

    return $hash;
  }
}

now it remains to debug)), but this is already a matter of technology.

K
Kir, 2014-09-10
@angry_bender

Well ... A very strange "Wishlist". Concatenate username and password into one "password".

N
naneri, 2014-09-11
@naneri

Do the usual authorization, but instead of checking for a match between the login and password, just check for the presence of a password in the database.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question