G
Glaw
Hi,
I'm trying to construct a website which will be mainly public, but
with a few administrator functions on it as well. I thought it would be
a cool idea to have a button at the top right of each page to allow you
to log in if you weren't already, or to log out if you were. When you
try to log in, you will get sent to enterPassword.php as below:
<html>
<head>
<title>
Log in to system
</title>
<link rel="stylesheet" type="text/css" href="default.css"/>
<script type="text/javascript" src="enterPassword.js"/>
</head>
<body>
<center>
<p>
Please enter your username and password to log into the
system
</p>
<form method="GET" action="index.php" id="enterPassword"
onsubmit="login ()"/>
<table>
<tr>
<td>
Username
</td>
<td>
<input type="text" name="username"
id="username" size="30"/>
</td>
</tr>
<tr>
<td>
Password
</td>
<td>
<input type="password" name="password"
id="password" size="30"/>
</td>
</tr>
<tr>
<td colspan="2" align="center"/>
<input type="submit" name="loginBtn"
value="Log in"/>
</td>
</tr>
</table>
</form>
</center>
</body>
</html>
Where enterPassword.js contains
function login ()
{
var form = document.getElementById ("enterPassword");
var uname = document.getElementById ("username");
var pwd = document.getElementById ("password");
var httpRequest = getHTTPObject ();
if (httpRequest) {
httpRequest.open (form.method, form.action, false, uname.value,
pwd.value);
httpRequest.send ("");
if (httpRequest.status == 200) {
document.location = form.action;
}
}
}
function getHTTPObject () {
var xmlhttp = false;
if (typeof XMLHttpRequest != 'undefined') {
try {
xmlhttp = new XMLHttpRequest ();
} catch (e) {
xmlhttp = false;
}
} else {
/*cc_on
@if (@_jscript_version >= 5)
try {
xmlhttp = new ActiveXObject ("Msxml2.XMLHTTP");
} catch (e) {
try {
xmlhttp = new ActvieXObject ("Microsoft.XMLHTTP");
} catch (E) {
xmlhttp = false;
}
}
@end @*/
}
return xmlhttp;
}
Unfortunately it doesn't work as I expect, and when I return to
index.php, I still get the login button displayed, and the
_SERVER["PHP_AUTH_USER"] and _SERVER["PHP_AUTH_PW"] variables I'm
expecting aren't set up.
I must admit that a lot of this stuff is just voodoo that I've
picked up from looking for articles on how to do authentication, so I
have the following questions:
i) How do I make this work, i.e. how can I detect in my server-side
PHP scripts whether or not the user is logged in. I'm intending to
impliment log out by calling open without a username or password
parameter, so if there's a significant change, how do I do logout too?
ii) What's the point of setting document.location as well as calling
the open method?
iii) How could I return a user straight to the login screen, or
otherwise warn them, if they put in a bad username/password? At present
I can only see the user knowing that hey've done that because the
button at top left says "log in" rather than "log out", and that seems
kind of clunky.
Sorry about the rather rambling post, and thanks in advance,
Alan
I'm trying to construct a website which will be mainly public, but
with a few administrator functions on it as well. I thought it would be
a cool idea to have a button at the top right of each page to allow you
to log in if you weren't already, or to log out if you were. When you
try to log in, you will get sent to enterPassword.php as below:
<html>
<head>
<title>
Log in to system
</title>
<link rel="stylesheet" type="text/css" href="default.css"/>
<script type="text/javascript" src="enterPassword.js"/>
</head>
<body>
<center>
<p>
Please enter your username and password to log into the
system
</p>
<form method="GET" action="index.php" id="enterPassword"
onsubmit="login ()"/>
<table>
<tr>
<td>
Username
</td>
<td>
<input type="text" name="username"
id="username" size="30"/>
</td>
</tr>
<tr>
<td>
Password
</td>
<td>
<input type="password" name="password"
id="password" size="30"/>
</td>
</tr>
<tr>
<td colspan="2" align="center"/>
<input type="submit" name="loginBtn"
value="Log in"/>
</td>
</tr>
</table>
</form>
</center>
</body>
</html>
Where enterPassword.js contains
function login ()
{
var form = document.getElementById ("enterPassword");
var uname = document.getElementById ("username");
var pwd = document.getElementById ("password");
var httpRequest = getHTTPObject ();
if (httpRequest) {
httpRequest.open (form.method, form.action, false, uname.value,
pwd.value);
httpRequest.send ("");
if (httpRequest.status == 200) {
document.location = form.action;
}
}
}
function getHTTPObject () {
var xmlhttp = false;
if (typeof XMLHttpRequest != 'undefined') {
try {
xmlhttp = new XMLHttpRequest ();
} catch (e) {
xmlhttp = false;
}
} else {
/*cc_on
@if (@_jscript_version >= 5)
try {
xmlhttp = new ActiveXObject ("Msxml2.XMLHTTP");
} catch (e) {
try {
xmlhttp = new ActvieXObject ("Microsoft.XMLHTTP");
} catch (E) {
xmlhttp = false;
}
}
@end @*/
}
return xmlhttp;
}
Unfortunately it doesn't work as I expect, and when I return to
index.php, I still get the login button displayed, and the
_SERVER["PHP_AUTH_USER"] and _SERVER["PHP_AUTH_PW"] variables I'm
expecting aren't set up.
I must admit that a lot of this stuff is just voodoo that I've
picked up from looking for articles on how to do authentication, so I
have the following questions:
i) How do I make this work, i.e. how can I detect in my server-side
PHP scripts whether or not the user is logged in. I'm intending to
impliment log out by calling open without a username or password
parameter, so if there's a significant change, how do I do logout too?
ii) What's the point of setting document.location as well as calling
the open method?
iii) How could I return a user straight to the login screen, or
otherwise warn them, if they put in a bad username/password? At present
I can only see the user knowing that hey've done that because the
button at top left says "log in" rather than "log out", and that seems
kind of clunky.
Sorry about the rather rambling post, and thanks in advance,
Alan