|
|
|
|
| Re: login script using file, not mysql [message #171593 is a reply to message #171592] |
Tue, 11 January 2011 19:06   |
 |
richard
Messages: 213
Registered: June 2013
Karma: 0
|
Senior Member |
|
|
On Tue, 11 Jan 2011 19:44:02 +0100, Luuk wrote:
> On 11-01-11 19:31, richard wrote:
>> Are there any sites out there that show a login script using a text file
>> rather than an mysql database?
>> The scripts I've seen so far require mysql. I want to be able to verify
>> registration through a regular text file.
>
> I dont think so, at least there are not many of those, because Apache
> has a built in functionallity for such cases where mysql is not available...
>
> see: http://httpd.apache.org/docs/current/howto/htaccess.html#auth
Thank you. However, that item clearly states that .htaccess should not be
used for password verificiation.
What exactly is mysql? Just another type of file.
So why can't say user.txt be the database file?
I did find one site that does this, but his explanations on how to use the
code are a bit confusing.
As my server is using windows, .htaccess is kind of useless for me anyway.
|
|
|
|
| Re: login script using file, not mysql [message #171594 is a reply to message #171593] |
Tue, 11 January 2011 19:31 |
Luuk
Messages: 329
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 11-01-11 20:06, richard wrote:
> On Tue, 11 Jan 2011 19:44:02 +0100, Luuk wrote:
>
>> On 11-01-11 19:31, richard wrote:
>>> Are there any sites out there that show a login script using a text file
>>> rather than an mysql database?
>>> The scripts I've seen so far require mysql. I want to be able to verify
>>> registration through a regular text file.
>>
>> I dont think so, at least there are not many of those, because Apache
>> has a built in functionallity for such cases where mysql is not available...
>>
>> see: http://httpd.apache.org/docs/current/howto/htaccess.html#auth
>
> Thank you. However, that item clearly states that .htaccess should not be
> used for password verificiation.
That is NOT in the item, at least with my knowledge of understanding the
Enlish language.
> What exactly is mysql? Just another type of file.
MySQL is a database, and you cannot 'simply' compare that to a file.
> So why can't say user.txt be the database file?
> I did find one site that does this, but his explanations on how to use the
> code are a bit confusing.
which site did you find? maybe we can help clear the part that is
'confusing' (only if its about PHP ;)
>
> As my server is using windows, .htaccess is kind of useless for me anyway.
Authentication can be done wit almost any webserver,
if you're using IIS, simply google for 'IIS PHP Authentication' and you
find all kinds of articles dealing with IIS, PHP and Authentication.
--
Luuk
|
|
|
|
| Re: login script using file, not mysql [message #171595 is a reply to message #171594] |
Tue, 11 January 2011 19:37 |
|
richard
Messages: 213
Registered: June 2013
Karma: 0
|
Senior Member |
|
|
On Tue, 11 Jan 2011 20:31:16 +0100, Luuk wrote:
> On 11-01-11 20:06, richard wrote:
>> On Tue, 11 Jan 2011 19:44:02 +0100, Luuk wrote:
>>
>>> On 11-01-11 19:31, richard wrote:
>>>> Are there any sites out there that show a login script using a text file
>>>> rather than an mysql database?
>>>> The scripts I've seen so far require mysql. I want to be able to verify
>>>> registration through a regular text file.
>>>
>>> I dont think so, at least there are not many of those, because Apache
>>> has a built in functionallity for such cases where mysql is not available...
>>>
>>> see: http://httpd.apache.org/docs/current/howto/htaccess.html#auth
>>
>> Thank you. However, that item clearly states that .htaccess should not be
>> used for password verificiation.
>
> That is NOT in the item, at least with my knowledge of understanding the
> Enlish language.
>
>> What exactly is mysql? Just another type of file.
>
> MySQL is a database, and you cannot 'simply' compare that to a file.
>
>> So why can't say user.txt be the database file?
>> I did find one site that does this, but his explanations on how to use the
>> code are a bit confusing.
>
> which site did you find? maybe we can help clear the part that is
> 'confusing' (only if its about PHP ;)
>
>>
>> As my server is using windows, .htaccess is kind of useless for me anyway.
>
> Authentication can be done wit almost any webserver,
> if you're using IIS, simply google for 'IIS PHP Authentication' and you
> find all kinds of articles dealing with IIS, PHP and Authentication.
http://www.weberdev.com/get_example-3927.html
|
|
|
|
| Re: login script using file, not mysql [message #171597 is a reply to message #171595] |
Tue, 11 January 2011 20:20 |
Luuk
Messages: 329
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 11-01-11 20:37, richard wrote:
>>> I did find one site that does this, but his explanations on how to use the
>>> code are a bit confusing.
>>
>> which site did you find? maybe we can help clear the part that is
>> 'confusing' (only if its about PHP ;)
>>
>
> http://www.weberdev.com/get_example-3927.html
I think the above url point to the site you find confusing?
Could you also try to explain what part of the info on that site is
confusing?
--
Luuk
|
|
|
|
| Re: login script using file, not mysql [message #171599 is a reply to message #171593] |
Tue, 11 January 2011 21:04 |
Denis McMahon
Messages: 634
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 11/01/11 19:06, richard wrote:
> Thank you. However, that item clearly states that .htaccess should not be
> used for password verificiation.
No, it says that for apache, configuring the access control in the
configuration file(s) is preferable to configuring it in .htaccess
> What exactly is mysql? Just another type of file.
> So why can't say user.txt be the database file?
Anything you like can be the database file, but the question is, what
has this to do with php?
You can write a password / access control system in php that uses a
plain text file to store passwords, but there are issues with doing so,
one of which is the need to allow concurrent write access to the file if
two users decide to update their passwords at once.
Using a suitable database avoids such issues.
There are other issues that need to be considered when developing access
control systems, which you should make an effort to identify and
address. Not least of these is cost / benefit, ie how much effort is it
worth to protect what?
Rgds
Denis McMahon
|
|
|
|
| Re: login script using file, not mysql [message #171601 is a reply to message #171599] |
Tue, 11 January 2011 21:15 |
|
richard
Messages: 213
Registered: June 2013
Karma: 0
|
Senior Member |
|
|
On Tue, 11 Jan 2011 21:04:21 +0000, Denis McMahon wrote:
> On 11/01/11 19:06, richard wrote:
>
>> Thank you. However, that item clearly states that .htaccess should not be
>> used for password verificiation.
>
> No, it says that for apache, configuring the access control in the
> configuration file(s) is preferable to configuring it in .htaccess
>
>> What exactly is mysql? Just another type of file.
>> So why can't say user.txt be the database file?
>
> Anything you like can be the database file, but the question is, what
> has this to do with php?
>
> You can write a password / access control system in php that uses a
> plain text file to store passwords, but there are issues with doing so,
> one of which is the need to allow concurrent write access to the file if
> two users decide to update their passwords at once.
>
> Using a suitable database avoids such issues.
>
> There are other issues that need to be considered when developing access
> control systems, which you should make an effort to identify and
> address. Not least of these is cost / benefit, ie how much effort is it
> worth to protect what?
>
> Rgds
>
> Denis McMahon
thanks for the info. much appreciated.
|
|
|
|
|
|
| Re: login script using file, not mysql [message #171603 is a reply to message #171599] |
Tue, 11 January 2011 21:17 |
Luuk
Messages: 329
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 11-01-11 22:04, Denis McMahon wrote:
> You can write a password / access control system in php that uses a
> plain text file to store passwords, but there are issues with doing so,
> one of which is the need to allow concurrent write access to the file if
> two users decide to update their passwords at once.
>
if 'write access' is needed to the file
> Using a suitable database avoids such issues.
>
than 'write access' is also needed for the database
so, using a database, and not a file, dose not avoid such issues....
--
Luuk
|
|
|
|
| Re: login script using file, not mysql [message #171607 is a reply to message #171603] |
Tue, 11 January 2011 23:08 |
Peter H. Coffin
Messages: 245
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On Tue, 11 Jan 2011 22:17:33 +0100, Luuk wrote:
> On 11-01-11 22:04, Denis McMahon wrote:
>> You can write a password / access control system in php that uses a
>> plain text file to store passwords, but there are issues with doing so,
>> one of which is the need to allow concurrent write access to the file if
>> two users decide to update their passwords at once.
>>
>
> if 'write access' is needed to the file
>
>> Using a suitable database avoids such issues.
>>
>
> than 'write access' is also needed for the database
>
> so, using a database, and not a file, dose not avoid such issues....
If write access is NOT needed, is a lot easier just to hardcode all the
passwords into the PHP script and not bother with the file in the first
place.
But the INSTANT you start talking about "but what if a script needs to
generate the password access" or something, then you're right back into
"Write access is needed."
--
Graham's First Rule of Internet Retailing:
If your 'shopping cart' site requires anything more complex than
HTML, SSL and a session cookie, at least one of your competitors
will run a site which does not. Your competitor will get the sale.
|
|
|
|
| Re: login script using file, not mysql [message #171609 is a reply to message #171603] |
Tue, 11 January 2011 23:50 |
Denis McMahon
Messages: 634
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 11/01/11 21:17, Luuk wrote:
> On 11-01-11 22:04, Denis McMahon wrote:
>> You can write a password / access control system in php that uses a
>> plain text file to store passwords, but there are issues with doing so,
>> one of which is the need to allow concurrent write access to the file if
>> two users decide to update their passwords at once.
> if 'write access' is needed to the file
>> Using a suitable database avoids such issues.
> than 'write access' is also needed for the database
> so, using a database, and not a file, dose not avoid such issues....
Yes it does, because a database is designed to handle record locking and
concurrent accesses.
Added to this, in a database, to update a single password field in a
table you don't need to read in, update, and write out a whole file, and
as long as two people don't try and update the same record in a database
at once, concurrency and locking should not be an issue.
If two people are trying to update the same password at once, something
weird is happening.
Rgds
Denis McMahon
|
|
|
|
| Re: login script using file, not mysql [message #171613 is a reply to message #171593] |
Wed, 12 January 2011 04:16 |
Evan Platt
Messages: 124
Registered: November 2010
Karma: 0
|
Senior Member |
|
|
On Tue, 11 Jan 2011 12:06:17 -0700, richard <member(at)newsguy(dot)com>
wrote:
> Thank you. However, that item clearly states that .htaccess should not be
> used for password verificiation.
> What exactly is mysql? Just another type of file.
No, mysql is a database.
> So why can't say user.txt be the database file?
You could probably name it user.txt, but it would still need to be a
database file.
> I did find one site that does this, but his explanations on how to use the
> code are a bit confusing.
>
> As my server is using windows, .htaccess is kind of useless for me anyway.
How does "My server is using windows" equate to .htaccess is kind of
useless?
A long time ago, I ran my web server on a Windows box and user
..htaccess.
Explain.
--
To reply via e-mail, remove The Obvious and .invalid from my e-mail address.
|
|
|
|
| Re: login script using file, not mysql [message #171614 is a reply to message #171609] |
Wed, 12 January 2011 03:59 |
Peter H. Coffin
Messages: 245
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On Tue, 11 Jan 2011 23:50:19 +0000, Denis McMahon wrote:
> If two people are trying to update the same password at once, something
> weird is happening.
And if it were to happen anyway, the DB woudl still handle it
gracefully..
--
60. My five-year-old child advisor will also be asked to decipher any
code I am thinking of using. If he breaks the code in under 30
seconds, it will not be used. Note: this also applies to passwords.
--Peter Anspach's list of things to do as an Evil Overlord
|
|
|
|
| Re: login script using file, not mysql [message #171615 is a reply to message #171602] |
Wed, 12 January 2011 09:16 |
Luuk
Messages: 329
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 11-01-11 22:14, richard wrote:
> On Tue, 11 Jan 2011 21:20:44 +0100, Luuk wrote:
>
>> On 11-01-11 20:37, richard wrote:
>>>> > I did find one site that does this, but his explanations on how to use the
>>>> > code are a bit confusing.
>>>>
>>>> which site did you find? maybe we can help clear the part that is
>>>> 'confusing' (only if its about PHP ;)
>>>>
>>>
>>> http://www.weberdev.com/get_example-3927.html
>>
>> I think the above url point to the site you find confusing?
>>
>> Could you also try to explain what part of the info on that site is
>> confusing?
>
> He does not fully explain how and where to implement the php file as he
> does the login.html file.
he does do that, it says: "5.copy the script and place it to your web
directory."
Both files (index.php and login.html) should be placed in the directory
that you want to be protected. (my conclusion form understanding this
code...)
> When I run the code, I get an error message saying it can't find the file,
> regardless of how I code the path.
> A second error shows something about not being able to locate
> "C:\php5\pear".
This has something to do with your installation of PHP. But you not not
give details about the first, and the second error you get.
> Then there appears to be other coding errors which results in text being
> displayed which should not be there.
Other errors tooo? wow this MUST be a bad script
>
> He also talks of editing the php.ini file. Ok. Where is this file? On the
> server? I just feel a lot more explanation on use is needed.
This has to do with installing PHP properly, so i suggest you ask your
administrator, he will now where PHP.INI is, or he knows how to find it.
If you want to learn about programming in PHP, it would be nice if you
have some BASIC KNOWLEDGE about systemadministration.
BTW, this script is old (june 28, 2004 is more than 5 years)
It uses some features of PHP that are deprecated and should not be used
anymore, or in another way. My suggestion will be DO NOT USE THIS script.
Another script which has the basics in it, but is not finished is at:
http://efreedom.com/Question/1-2017286/Creating-Login-Using-Text-File
You might want to start from there, an change it, to make it work.
( You will need some basic knowledge about creating HTML-forms.... )
--
Luuk
|
|
|
|
| Re: login script using file, not mysql [message #171616 is a reply to message #171614] |
Wed, 12 January 2011 09:18 |
Luuk
Messages: 329
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 12-01-11 04:59, Peter H. Coffin wrote:
> On Tue, 11 Jan 2011 23:50:19 +0000, Denis McMahon wrote:
>> If two people are trying to update the same password at once, something
>> weird is happening.
>
> And if it were to happen anyway, the DB woudl still handle it
> gracefully..
>
For now, it seems richard is still struggling with the basics of PHP,
and will take him more time before two people will start to logon to his
system at the same time....
But Peter and Dennis, you're both right!
--
Luuk
|
|
|
|
| Re: login script using file, not mysql [message #171619 is a reply to message #171593] |
Wed, 12 January 2011 13:16 |
spambait
Messages: 35
Registered: September 2010
Karma: 0
|
Member |
|
|
In article <1e7d5ttjqchh5$(dot)dlg(at)evanplatt(dot)sux>, richard <member(at)newsguy(dot)com> wrote:
> On Tue, 11 Jan 2011 19:44:02 +0100, Luuk wrote:
>
>> On 11-01-11 19:31, richard wrote:
>>> Are there any sites out there that show a login script using a text file
>>> rather than an mysql database?
>>> The scripts I've seen so far require mysql. I want to be able to verify
>>> registration through a regular text file.
>>
>> I dont think so, at least there are not many of those, because Apache
>> has a built in functionallity for such cases where mysql is not available...
>>
>> see: http://httpd.apache.org/docs/current/howto/htaccess.html#auth
>
> Thank you. However, that item clearly states that .htaccess should not be
> used for password verificiation.
It does nothing of the sort. Read it again.
|
|
|
|
| Re: login script using file, not mysql [message #171629 is a reply to message #171616] |
Wed, 12 January 2011 19:24 |
Denis McMahon
Messages: 634
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 12/01/11 09:18, Luuk wrote:
> For now, it seems richard is still struggling with the basics of PHP,
> and will take him more time before two people will start to logon to his
> system at the same time....
There's no correlation between the ability of the site developer and the
demand for the website.
I suspect that richard may be coding a hobby level website for a
hobbyist club that he's a member of, the peak demand for his website
will be following a meeting of that club when the url is announced and
the members arrive home after the meeting - which is when multiple
simultaneous accesses to his website by different club members arriving
home at about the same time are quite likely.
Rgds
Denis McMahon
|
|
|
|
|
|
| Re: login script using file, not mysql [message #171633 is a reply to message #171607] |
Wed, 12 January 2011 23:02 |
Jo Schulze
Messages: 15
Registered: January 2011
Karma: 0
|
Junior Member |
|
|
Peter H. Coffin wrote:
> If write access is NOT needed, is a lot easier just to hardcode all
> the passwords into the PHP script and not bother with the file in the
> first place.
Sry but I have a point here.
Talking about customer relationship:
It's perfectly ok to implement (on demand) that access is triggered by a
text file (which format whatsoever). If you grant the customer to
manipulate your application logic (as said, hardcode passwords to PHP
files") you'll soon run into problems.
> But the INSTANT you start talking about "but what if a script needs to
> generate the password access" or something, then you're right back
> into "Write access is needed."
BTW on the topic "write access/concurrency": file_put_contents() is
atomic. The last one wins ;)
|
|
|
|
| Re: login script using file, not mysql [message #171637 is a reply to message #171613] |
Thu, 13 January 2011 04:15 |
Evan Platt
Messages: 124
Registered: November 2010
Karma: 0
|
Senior Member |
|
|
On Tue, 11 Jan 2011 20:16:39 -0800, Evan Platt
<evan(at)theobvious(dot)espphotography(dot)com> wrote:
>> As my server is using windows, .htaccess is kind of useless for me anyway.
>
> How does "My server is using windows" equate to .htaccess is kind of
> useless?
>
> A long time ago, I ran my web server on a Windows box and user
> .htaccess.
>
> Explain.
<Crickets>
Yep, didn't think you could answer that one.
--
To reply via e-mail, remove The Obvious and .invalid from my e-mail address.
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]