Results 1 to 5 of 5
  1. #1

    * Password Control PHP

    Hi All.

    This is my first time and I'm very very new to PHP. I have just started to create a website where I want to password protect access to some Excel documents but don't want to use the MS Excel password facility in the spreadsheet. I've seen loads of scripts, which either need server side componants or look very complex when all I need is a simple confirm user and password facility.

    Can anyone help please?

  2. #2
    Join Date
    Mar 2004
    Location
    USA
    Posts
    4,342
    Testing 1.. Testing 1..2.. Testing 1..2..3...

  3. #3
    Join Date
    Feb 2006
    Location
    Pittsburgh PA
    Posts
    289
    If you want to use ONE username and password for EVERYONE.

    Maybe consider a .htaccess setup. If you want to individualize users, then you will need some sort of PHP/MySQL authentication setup.

    http://php.about.com/od/finishedphp1...login_code.htm

    That should give you a good idea, since the above mentioned link is posting a 500 code.

  4. #4
    Join Date
    May 2008
    Location
    Rutherford, NJ
    Posts
    68
    If you are going to write this yourself, there are two approaches:
    First, if you want each doc to have a password for it, rather than a user login/permissions setup, have a database with all of the doc info and password required...then write an index page that queries the db and lists the documents from there (do not query the file list), and then a form to enter a password once one is selected. This will submit to a page that checks the password entered vs. the one stored in the database based on which document was selected, and if it matches, allows the download.
    Second, if you pursue a user/password system, you'll need to set up a table for users, registration page, and then use sessions or cookies to handle logon/logoff and access priviledges. You will also need a separate table for permissions, with rows matching a user ID to a doc ID.

    It is good to note, one safe method of file download is to have the script copy the file from a locked-down directory to a temp directory using a random string (sometimes based on session_id) as the filename, then deleting it after the user has downloaded it.
    Another method is to store the file info as binary data in a database, rather than as a flat file. Then the script would write the file before the download, then delete it later as in the previous option.
    There are other methods around that will prevent a user who knows the filename from just typing the path to access it...these two are both common and well practiced.
    Database design and performance optimization, custom PHP scripts, and publicly available resources for developers!
    http://www.zeropride.com

  5. #5
    Quote Originally Posted by azizny View Post

    can any one re upload the script because its damaged on the site

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •