Login with PHP on Apache web server
Question
I am a relative newcomer to PHP/Apache web server so please bear with.
I am attempting to implement a login system using PHP. At the moment, a form sends the login data to a script called auth.php . This script then validates the login details. If the login details are correct, then the script uses readfile to send the desired authenticated page to the end user. If the login details are not correct, then the script redirects the user back to the login page.
The problem is that readfile sends the raw PHP page without running the PHP code. I would like to run the PHP and then send the output of this. My initial question is how could this be accomplished?
However, I suspect the actual issue is how I'm handling authentication, and that I need to approach authenticating users in a different manner. If this is the case, could you please point me in the direction of a guide on how to do this?
Relevant code snippets:
Login form
<form class="form-signin" method="post" action="./auth.php?target=dashboard">
<h2 class="form-signin-heading">Admin Sign In</h2>
<label for="inputEmail" class="sr-only">Email address</label>
<input type="email" id="email" name="email" class="form-control" placeholder="Email address" required autofocus>
<label for="inputPassword" class="sr-only">Password</label>
<input type="password" id="password" name="password" class="form-control" placeholder="Password" required>
<div class="checkbox">
<label>
<input type="checkbox" name="rememberme" value="remember-me"> Remember me
</label>
</div>
<button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
</form>
auth.php (nb hashing the password is disabled for testing)
<?php
function authenticate_user(string $uname, string $pwd) {
// return true or false
$hashed = $pwd;//password_hash($pwd, null);
$admin_uname = "test@example.com";
$admin_pwd = "test";
return $hashed === $admin_pwd and $uname === $admin_uname;
}
namespace admin;
$dir = getcwd();
$is_auth = authenticate_user($_POST["email"], $_POST["password"]);
if($is_auth) {
$extension = $_GET["target"].".php";
$full = $dir."/".$extension;
readfile($full);
}
else {
$full = $_SERVER["PHP_SELF"]."/../?FAIL";
//echo $full;
header("Location: ".$full);
}
?>
Current dashboard.php
<!DOCTYPE HTML>
<html>
<head>
<title>Dashboard</title>
</head>
<body>
<p>Success</p>
<?php
echo "<p>Flag</p>";
?>
</body>
</html>
Current output
<html><head>
<title>Dashboard</title>
</head>
<body>
<p>Success</p>
<!--?php
echo "<p-->Flag<p></p>";
?>
</body></html>
Desired output
<html><head>
<title>Dashboard</title>
</head>
<body>
<p>Success</p>
<p>Flag</p>
</body></html>
Any pointers or advice would be greatly appreciated, cheers:)
1 answers
solution1
0 2022-07-28 00:44:48
Suggest, you check this tutorial, it has a simple structured approach for PHP login system using mysql: tutorial
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.