• 0

Need to create a way for users to login


Question

I'm a bit way over my head with this, haven't designed or coded webpages since 2002. I need a way for users to login using the website so they can download personal information such as W2 forms or timesheets. I am not sure if I would need to do this in .php or what. If anybody can give me some advice, I would appreciate it.

6 answers to this question

Recommended Posts

  • 0

You can use multiple types of code, php, asp, jsp etc.

 

Here's a simple php tutorial: http://www.phpeasystep.com/phptu/6.html

 

Make sure to secure your passwords with a hash, I recommend PBKDF2, bcrypt or scrypt if you want to be absolutely sure the password cannot be cracked even when your user database is stolen.

  • 0
  On 18/07/2014 at 02:41, HardSide said:

I should have been more clearer, I understand how to create a login, but I am not sure how to tie the login so the login can access certain files.

See step 4 that php code should be added to the pages which should only be available to users who are logged in.
  • 0

You might try something like this:

 

  1. Store the files you want to be only available to specific users in a web-inaccessible location (but one that PHP can read)
  2. Use something like this in a download script:
if ($loggedIn) {
        header("Content-type: application/msword");
        header("Content-disposition: attachment; filename=\"W2.doc\"");
        echo file_get_contents("/home/username/yoursite/JohnDoeW2.doc");
} else {
        echo "You are not authorized";
}

First, a conditional checks one of two possibilities: whether you're logged in or not. Then, it sets two headers. The first tells the browser it's going to receive a MS Word document, and the second tells it that it should download the file rather than show it in the browser. Here, you get to specify a name for the file that is different than the actual file itself (W2.doc). Then, you echo the contents of John Doe's W2 file (JohnDoeW2.doc). So if you go to the site and you're logged in, your browser will prompt you to download JohnDoeW2.doc - but it will be called W2.doc in the client. Hope that helps!

  • Like 2
  • 0
  On 24/07/2014 at 18:33, Moogey said:

You might try something like this:

 

  1. Store the files you want to be only available to specific users in a web-inaccessible location (but one that PHP can read)
  2. Use something like this in a download script:
if ($loggedIn) {
        header("Content-type: application/msword");
        header("Content-disposition: attachment; filename=\"W2.doc\"");
        echo file_get_contents("/home/username/yoursite/JohnDoeW2.doc");
} else {
        echo "You are not authorized";
}

First, a conditional checks one of two possibilities: whether you're logged in or not. Then, it sets two headers. The first tells the browser it's going to receive a MS Word document, and the second tells it that it should download the file rather than show it in the browser. Here, you get to specify a name for the file that is different than the actual file itself (W2.doc). Then, you echo the contents of John Doe's W2 file (JohnDoeW2.doc). So if you go to the site and you're logged in, your browser will prompt you to download JohnDoeW2.doc - but it will be called W2.doc in the client. Hope that helps!

Nice method for actually securing file download links!

  • 0
  On 24/07/2014 at 18:33, Moogey said:

You might try something like this:

 

  1. Store the files you want to be only available to specific users in a web-inaccessible location (but one that PHP can read)
  2. Use something like this in a download script:
if ($loggedIn) {
        header("Content-type: application/msword");
        header("Content-disposition: attachment; filename=\"W2.doc\"");
        echo file_get_contents("/home/username/yoursite/JohnDoeW2.doc");
} else {
        echo "You are not authorized";
}

First, a conditional checks one of two possibilities: whether you're logged in or not. Then, it sets two headers. The first tells the browser it's going to receive a MS Word document, and the second tells it that it should download the file rather than show it in the browser. Here, you get to specify a name for the file that is different than the actual file itself (W2.doc). Then, you echo the contents of John Doe's W2 file (JohnDoeW2.doc). So if you go to the site and you're logged in, your browser will prompt you to download JohnDoeW2.doc - but it will be called W2.doc in the client. Hope that helps!

nice little bit of code, though dont forget about the sessions! (if you need to know that as well) 

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • I assume he would make the same statement in those cases as well.
    • Looks like an alien. Probably is an alien. First it was aaaaallll Azure and drop everything else. Now its aaaaallll AI and drop everything else. Narrow-minded. I really loathe this guy. He's good for shareholders but absolutely nothing else. Dry as desert sand and evil to the bone.
    • Don’t care about a wrestling union. No normal person should care. 
    • Limassol, Cyprus. Just south of Turkey. NOT Russia.
    • Hello, Given the reports of Chinese Mini PCs shipping with malware, I would recommend wiping the machine and performing a clean install of Windows on it before use.  From what I can infer from the reports, the Mini PCs that shipped with malware were not the result of targeted purposeful action on the part of the device manufacturers (which is something that has happened with low-cost Android smartphones and TV boxes from China) but rather due to lax security in the manufacturing process.   Getting back to the subject at hand, there are a few steps you will want to go through before wiping the Mini PC: You can start preparing even before the Mini PC arrives.  Once you have ordered it and know the brand and model, go to the manufacturer's website and download all of the latest device drivers, BIOS (UEFI) firmware updates, machine-specific software (if any), and manuals.  Many Mini PC manufacturers do not do a lot of customization of their device drivers, just shipping whatever device drivers the the silicon vendors provide.  I still recommend downloading them, though, just in case there are some customizations or for initial install since those are the drivers you know the manufacturer validated for the Mini PC.  Store these in a safe place, so you have them ready when the Mini PC arrives. Use Microsoft's Windows Media Creation Tool to create an installation USB.  You can also create a directory on installation USB--like C:\DRIVERS\ or whatnot--and store the extracted device drivers there in case you need them while or after installing Windows. Once the Mini PC arrives, and you have your Windows installation USB available, you can proceed with wiping the PC and doing the clean install.  Here's how you do that, step-by-step: Check the computer and make sure you know how to boot it from a USB flash drive (may be a specific key you have to press when the computer is powered on, or a change to the BIOS (UEFI) firmware settings.  The PC may tell you what key combination you need to press to boot from another drive, or the manual for the PC may it. Plug the USB flash drive into the computer and power it up using the means to have it boot from the Windows install USB. Once the computer finishes booting, it should be at a Windows installation screen. Do not agree to any prompts, copyright licenses, or click on any buttons. Press the Shift + F10 keys together to open a Command Prompt. Run DISKPART to start the command-line disk partitioning utility. The command line prompt will change to DISKPART>. At the DISKPART> prompt, type LIST DISK to get the numbers of all drives installed in the system. Make a note of what number is assigned to what drive (if the Mini PC has more than one drive).  At the DISKPART> prompt, type SEL DISK n  where n is the number of the drive containing Windows. At the DISKPART> prompt, type CLEAN and this will erase the GPT/MBR code from the beginning of the drive. *WARNING:* After performing the clean operation, the drive now be blank/erased, and everything on it will be gone (all files, etc.).  You can exit DiskPart and just continue with the Windows installation as you normally would.  If needed, you can install the device drivers you put on the Windows install media to get your network connection up and running, and from there run Windows Update to get the operating system and device drivers up to date Regards, Aryeh Goretsky
  • Recent Achievements

    • Week One Done
      cac1lll earned a badge
      Week One Done
    • One Month Later
      Falcon.ai earned a badge
      One Month Later
    • Week One Done
      Falcon.ai earned a badge
      Week One Done
    • Dedicated
      EYEREX earned a badge
      Dedicated
    • First Post
      Electronic Person earned a badge
      First Post
  • Popular Contributors

    1. 1
      +primortal
      627
    2. 2
      ATLien_0
      238
    3. 3
      Xenon
      166
    4. 4
      neufuse
      143
    5. 5
      +FloatingFatMan
      123
  • Tell a friend

    Love Neowin? Tell a friend!