Usernames and Passwords that lead to different pages

Discussion in 'Web Design and Development' started by design-is, Oct 31, 2008.

  1. design-is macrumors 65816

    design-is

    Joined:
    Oct 17, 2007
    Location:
    London / U.K.
    #1
    Hi all

    I did a little search and have tried to find out myself via other means, but have thus far had no luck!

    Is there a way to have it so when a link is clicked, it brings up a username and password dialogue & the username and password entered dictates which folder or page the user is directed to?

    Thanks for any help :)

    Doug
     
  2. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #2
    There's a couple ways to go. If you need to do it client-side, then JavaScript will help out, though you'd likely want a back up way for those with JavaScript disabled. If you do things server-side PHP can help us.

    With JavaScript you can redirect to a page using:
    PHP:
    location.href "thispage.html";
    With PHP you redirect by:
    PHP:
    header('Location: thispage.html');
    These are the essential pieces anyways. I'm not sure how you have your data stored, like if you're accessing a database to match username/password pairs, or what. I'm also not sure if you need help with a pop-up for the dialogue (though make sure it doesn't depend on JavaScript since some have it disabled). Or are you trying to find a downloadable script that does everything for you?
     
  3. design-is thread starter macrumors 65816

    design-is

    Joined:
    Oct 17, 2007
    Location:
    London / U.K.
    #3
    Sorry I wasn't very clear...

    I currently have a page of links that lead to personal pages for clients protected using an .htpasswd. So from my homepage there is a client login link which leads to this page. They then select their link and the default password box from the browser pops up - leading them to their page for proofs etc.

    I am thinking about a re-design and would much prefer to have the client login button open the password dialogue from the browser and have the page it leads to dependant on the username and password entered. I don't know if this is possible. I just want to find a way that means I don't need to list all the clients on a publicly viewed page.

    I hope that makes more sense.
     
  4. SrWebDeveloper macrumors 68000

    SrWebDeveloper

    Joined:
    Dec 7, 2007
    Location:
    Alexandria, VA, USA
    #4
    There are lots of ways to do this. I'l discuss concept, not code, for now.

    Here is one method which is very secure, requires Apache, and 100% server side authenticated so no issues with Javascript or hacking or XSS (Cross Site Scripting) issues:

    1) Make the link go to a unique folder with a script in the language of your choice named, say, "/special_access/process-login.php" for example
    2) Set your Apache to password protect the "/special_access" folder, create as many names as you want via .htaccess with associated passwords:

    How to do that, including password encryption and great tutorial

    3) Once the user authenticates, the process-login.php script runs, it will pass the login username as a variable to a switch or if/then/else type of function that redirects to specific pages based on the username.

    BTW, in PHP you can detect the login username that the user typed in by doing something like this:[FONT=Verdana, Arial, Helvetica][/FONT]
    PHP:
    $auth_username $_SERVER["REMOTE_USER"];
    If that server variable does not exist, password protect a page that runs phpinfo() and search for the username and use that variable instead.

    If you do not run Apache, see if your web server can password protect in a similar manner and if you can access the username info via server side code.

    If there is NO way to do this via your web server, then you will need to install or write a login function in the language your server supprts which protects the page and allows access to the username in memory. But make sure any third party script doesn't use cookies or Javascript in any way to handle login - you only want to deal with sessions and server side processing to maximize security.

    An integrated login environment in PHP is pretty easy to do these days, using session control with minimal cookie use, such as this one.

    Hope these concepts gave you ideas. I'm sure others might have some cool suggestions also, just keep security in mind as you make your final decision.

    -jim
     
  5. design-is thread starter macrumors 65816

    design-is

    Joined:
    Oct 17, 2007
    Location:
    London / U.K.
    #5
    Thanks for your help!

    I think this could be a little over my head right now... but you never know until you try, so I'll see if I can figure it out over the weekend :)

    Server supports Apache as far as I'm aware, so that shouldn't be a problem.


    Thanks again :)

    Doug
     
  6. SrWebDeveloper macrumors 68000

    SrWebDeveloper

    Joined:
    Dec 7, 2007
    Location:
    Alexandria, VA, USA
    #6
    Here's my method in code, all examples:

    1) The Link

    HTML:
    <a href="/special-access/process-login.php">Login Here</a>
    2) In /special-access/.htpasswd (3 users with MD5 passwords each, created using the links in the help page I included earlier)
    Code:
    bob:ps29cmnwl4a0e
    sam:kjcmsaas4a0et
    joe:aawscmnwl2a1e
    In /special-access/.htaccess
    Code:
    AuthUserFile /full/path/to/special-access/.htpasswd
    AuthType Basic
    AuthName "Private Area - Login Required"
    Require valid-user
    3) In /special-access/process-login.php

    PHP:
    <?php

    $user
    =(isset($_SERVER["REMOTE_USER"])) ? $_SERVER["REMOTE_USER"] : "";  

    switch (
    lcase($user)) {

    case 
    "bob":
    header('Location: bob.html');
    break;
     
    case 
    "sam":
    header('Location: sam.html');
    break;

    case 
    "joe":
    header('Location: joe.html');
    break;

    default:

    // What to do when username is not recognized, put that code here

    }
    4) And of course put the 3 html files, bob.html, sam.html and joe.html inside the special-access folder as well in this simple example.

    Hope it doesn't seem so hard, now. You get the idea, right?

    -jim
     
  7. design-is thread starter macrumors 65816

    design-is

    Joined:
    Oct 17, 2007
    Location:
    London / U.K.
    #7
    Thanks Jim, your nothing less than a star!

    I'll report back when I have it up and running (or if I get stuck)

    ;)
     
  8. design-is thread starter macrumors 65816

    design-is

    Joined:
    Oct 17, 2007
    Location:
    London / U.K.
    #8
    I'm sorry to say, I'm having problems.

    I have little php knowledge, so can't say why - so thought it best to seek advice. Using the code above...

    My login.php:
    PHP:
    <?php

    $user
    =(isset($_SERVER["REMOTE_USER"])) ? $_SERVER["REMOTE_USER"] : "";  

    switch (
    lcase($user)) {

    case 
    "name":
    header('Location: page.html');
    break;
     
    default:
    header('Location: ../index.html');
    break;



    ?>
    I get this error:

    Any help greatly appreciated...

    Thanks

    Doug
     
  9. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
  10. ChrisA macrumors G4

    Joined:
    Jan 5, 2006
    Location:
    Redondo Beach, California
    #10
    Code:
    switch (lcase($user)) {
    
    case "bob":
    header('Location: bob.html');
    break;
    
    So how do you add a new user? You have a sign up page? Does the "switch" scale to more then a handfull of users? This might work if you have 6 or 8 users but not for 1,000. or even 100. I think you would need to keep the mapping from user name to URL in some kind of persistant storage. A database would be ideal but even a file could work. You really do not want tohave to change the server side code just to add a user
     
  11. SrWebDeveloper macrumors 68000

    SrWebDeveloper

    Joined:
    Dec 7, 2007
    Location:
    Alexandria, VA, USA
    #11
    Sorry, I mixed up my languages!

    @ChrisA:

    Obviously this method uses a manual editing of .htpasswd/.htaccess for a few users only which the OP would create using the link I provided for creating the .ht* files. I already mentioned in a previous reply information to the OP about a far more advanced integrated login implementation, I even included a link for that. The OP has not yet said this method is beyond their needs, so as I said in the beginning, this is one concept of many. If they need something more powerful and scalable, we'll talk about CMS's and other options at that time. I try not to deluge the OP with too much, let's let the conversation flow naturally and see what happens.

    -jim
     
  12. design-is thread starter macrumors 65816

    design-is

    Joined:
    Oct 17, 2007
    Location:
    London / U.K.
    #12
    Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 2_1 like Mac OS X; en-us) AppleWebKit/525.18.1 (KHTML, like Gecko) Version/3.1.1 Mobile/5F136 Safari/525.20)

    Thanks guys :)

    This method is perfect for the time being I don't intend on having many users and don't want people to be able to sign up. It's just for creating secure areas for clients to see proofs and bits like that.

    I'm trying to learn the basics too, so I don't skip things I should know.

    I'll let you know how it goes!

    Cheers

    Doug


    -EDIT- Works great thanks :)
     
  13. SrWebDeveloper macrumors 68000

    SrWebDeveloper

    Joined:
    Dec 7, 2007
    Location:
    Alexandria, VA, USA
    #13
    Awesome, please let me know if you need anything else. Cheers.

    -jim
     
  14. GoGoComputerz macrumors newbie

    Joined:
    Nov 13, 2008
    #14
    Please Help

    I've done all the above steps, but whenever a user goes to log in, it never takes them to the designated page. It just keeps showing the login box over and over. Any Ideas?
     
  15. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #15
    Show your code.
     
  16. GoGoComputerz macrumors newbie

    Joined:
    Nov 13, 2008
    #16
    My Link
    <a href="/special-access/process-login.php">View Your Design</a>

    process-login.php
    <?php

    $user=(isset($_SERVER["REMOTE_USER"])) ? $_SERVER["REMOTE_USER"] : "";

    switch (strtolower($user)) {

    case "dallmon":
    header('Location: dallmon.html');
    break;

    case "jteague":
    header('Location: jteague.html');
    break;

    default:
    header('Location: failure.html');

    }

    ?>



    .htpasswd

    dallmon:password
    jteague:password


    .htaccess

    AuthUserFile /special-access/.htpasswd
    AuthType Basic
    AuthName "View Your Designs!"
    Require valid-user
     
  17. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #17
    OK, the problem looks to be with your .htaccess file. The line that starts AuthUserFile has to have the full path address to the file, not just from the root directory of your web site. So, you'll have something like /home/username/yourdomain.com/special-access/.htpasswd.

    Also, in case that's not all that's a problem, make sure you created the .htpasswd file correctly using a command like below:
    Code:
    htpasswd -c /usr/local/apache/passwd/passwords username
    taken from, http://httpd.apache.org/docs/2.0/howto/auth.html. You cannot create the file by hand, you must use the htpasswd command.

    Edit: As an additional note, you should really store the htpasswd files somewhere where it's not visible to the public (say you can't put a URL to it) otherwise it's a security issue. It should be placed in a folder outside the main HTML folder (like the yourdomain.com folder I reference above).
     
  18. GoGoComputerz macrumors newbie

    Joined:
    Nov 13, 2008
    #18
    I'm sorry, I'm new at all of this. I've read the entire page that you linked to in the post, but I can't figure out how to use the command to create the new page. Where do i put that command code?
     
  19. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #19
    Open Terminal (/Applications/Utilities/Terminal) and do the commands there. The file you create with the command will need to be uploaded to the web server as well so be sure to save it somewhere you can get to. This page may be easier for you to follow.
     
  20. GoGoComputerz macrumors newbie

    Joined:
    Nov 13, 2008
    #20
    Also, a question I have, is if I password protect the directory from within my file manager on my server, how can I code a file to allow different users to go to different pages.


    For instance....


    the folder with my web server is

    /proofs/

    and it will be password protected...


    inside that folder will be

    dallmon.html
    jteague.html

    etc.


    I want to have the specific users go to there specific pages.



    Is that possible?
     
  21. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #21
    That's what the PHP part was for.
     
  22. GoGoComputerz macrumors newbie

    Joined:
    Nov 13, 2008
  23. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #23
    When using this password protection there is no logout, it's one of the downsides. The "login" last while the browser is open, or may expire after a couple hours, but it isn't a true login, it's a password protected folder. That's why you can't logout, because you never really logged in. You would need to use a PHP-based login system if you want a managed logout, but that's going to be a more involved setup. There are tutorials out there though if you search for them.
     

Share This Page