(07-06-2010, 04:01 PM)PurpleHaze Wrote: This login does not use a database so the password is in the code which is "lol". Since it is server sided no one can right-click to view password.

I'll explain how the code works below.

In Section 1 the code uses sessions to determine whether a user is logged in. Our session variable is "$_SESSION['auth']" and we assign to a value of false or 0 which means that the user is not authorized to view the page.

Section 2 checks to see if the form was submited and then if the password is equal to "lol". If the password is equal to "lol" then our variable changes to true or 1.

Section 3 checks to see the variable is equal to 0. If it is equal to 0 then that means that the user has not logged in and so we need to login screen to be shown.

Section 4 checks to see if the variable is equal to 1. If it is then that means that the user is logged in and then is allowed to see the other content and so it is shown.

Remember that this script is basic and many more features could be added including security. This is just so you understand how it works.

Code:

<?php
//Section 1
session_start();

$_SESSION['auth'] = 0;

//Section 2
if (isset($_POST['submit']))
{
    if ($_POST['password'] == "lol")
    {
        $_SESSION['auth'] = 1;
    }
}

//Section 3
if ($_SESSION['auth'] == 0)
{
    echo
    ('
<form method="post">
<input type="password" name="password" />
<input type="submit" name="submit" value="Login" />
</form>
    ');    
}

//Section 4
if ($_SESSION['auth'] == 1)
{
    echo
    ('
<b>This is our secret content. You can use HTML codes here also.</b>
    ');
}
?>

(08-25-2010, 04:30 AM)`P R O D I G Y™ Wrote: By any chance, is this possible to trick/break?