ansaurus

Question

Answer 1

+1 A:

The problem is that your form is posting directly to log.txt and not processing any of your PHP after the form submission. You'll need to change the action to post to the PHP file itself and then use http_redirect to redirect the user to log.txt after checking the password.

Having said that it's still not going to be very secure though as anyone could get to log.txt by using a direct URL, so you'll need to do some kind of authorisation there. The best thing to do is probably to store log.txt somewhere that's not accessible by through HTTP and then load and display the file using readfile in place of your echo:

<form action="" method="post">
 Username:<input type="text" name="user"/> <br />
 Password:<input type="password" name="pass"/><br />
 <input type="submit" value="View Logs!"/><br />
</form>
 <?php
 $user = $_POST['user'];
 $pass = $_POST['pass'];
 if (($user == "php")  && ($pass == "student")) {
  echo '<pre>';
  readfile('log.txt');
  echo '</pre>';
 }
 else {
  echo  "<b>Access Denied!</b>";
 } 
?>

Rich 2009-12-15 10:40:49

Answer 2

A:

<?
  if ( 
    isset( $_POST['user'] )
    && isset( $_POST['pass'] ) 
  ) {
    $user = $_POST['user'];
    $pass = $_POST['pass'];

    if (
        ($user == 'php')
        && ($pass == 'student')
    ) {
      echo "Enjoy the Logs!";

      readfile('log.txt');
    }
    else {
      echo '<b>Access Denied!</b>';
    }
  } else {
    ?>
      <form method="post">
      Username:<input type="text" name="user"> <br />
      Password:<input type="password" name="pass"><br />
      <input type="submit" value="View Logs!"><br />
    <?
  }

silent 2009-12-15 10:46:01

ansaurus

tags:

views:

answers:

php stop user from viewing logs

related questions