Need to create a way for users to login

[HardSide]

I'm a bit way over my head with this, haven't designed or coded webpages since 2002. I need a way for users to login using the website so they can download personal information such as W2 forms or timesheets. I am not sure if I would need to do this in .php or what. If anybody can give me some advice, I would appreciate it.

[Seahorsepip Veteran]

You can use multiple types of code, php, asp, jsp etc.

 

Here's a simple php tutorial: http://www.phpeasystep.com/phptu/6.html

 

Make sure to secure your passwords with a hash, I recommend PBKDF2, bcrypt or scrypt if you want to be absolutely sure the password cannot be cracked even when your user database is stolen.

[HardSide]

I should have been more clearer, I understand how to create a login, but I am not sure how to tie the login so the login can access certain files.

[Seahorsepip Veteran]

  On 18/07/2014 at 02:41, HardSide said:

I should have been more clearer, I understand how to create a login, but I am not sure how to tie the login so the login can access certain files.

See step 4 that php code should be added to the pages which should only be available to users who are logged in.

[Moogey]

You might try something like this:

 

1. Store the files you want to be only available to specific users in a web-inaccessible location (but one that PHP can read)
2. Use something like this in a download script:

if ($loggedIn) {
        header("Content-type: application/msword");
        header("Content-disposition: attachment; filename=\"W2.doc\"");
        echo file_get_contents("/home/username/yoursite/JohnDoeW2.doc");
} else {
        echo "You are not authorized";
}

First, a conditional checks one of two possibilities: whether you're logged in or not. Then, it sets two headers. The first tells the browser it's going to receive a MS Word document, and the second tells it that it should download the file rather than show it in the browser. Here, you get to specify a name for the file that is different than the actual file itself (W2.doc). Then, you echo the contents of John Doe's W2 file (JohnDoeW2.doc). So if you go to the site and you're logged in, your browser will prompt you to download JohnDoeW2.doc - but it will be called W2.doc in the client. Hope that helps!

[Seahorsepip Veteran]

  On 24/07/2014 at 18:33, Moogey said:

You might try something like this:

 

1. Store the files you want to be only available to specific users in a web-inaccessible location (but one that PHP can read)
2. Use something like this in a download script:

if ($loggedIn) {
        header("Content-type: application/msword");
        header("Content-disposition: attachment; filename=\"W2.doc\"");
        echo file_get_contents("/home/username/yoursite/JohnDoeW2.doc");
} else {
        echo "You are not authorized";
}

First, a conditional checks one of two possibilities: whether you're logged in or not. Then, it sets two headers. The first tells the browser it's going to receive a MS Word document, and the second tells it that it should download the file rather than show it in the browser. Here, you get to specify a name for the file that is different than the actual file itself (W2.doc). Then, you echo the contents of John Doe's W2 file (JohnDoeW2.doc). So if you go to the site and you're logged in, your browser will prompt you to download JohnDoeW2.doc - but it will be called W2.doc in the client. Hope that helps!

Nice method for actually securing file download links!

[Original Poster]

  On 24/07/2014 at 18:33, Moogey said:

You might try something like this:

 

1. Store the files you want to be only available to specific users in a web-inaccessible location (but one that PHP can read)
2. Use something like this in a download script:

if ($loggedIn) {
        header("Content-type: application/msword");
        header("Content-disposition: attachment; filename=\"W2.doc\"");
        echo file_get_contents("/home/username/yoursite/JohnDoeW2.doc");
} else {
        echo "You are not authorized";
}

First, a conditional checks one of two possibilities: whether you're logged in or not. Then, it sets two headers. The first tells the browser it's going to receive a MS Word document, and the second tells it that it should download the file rather than show it in the browser. Here, you get to specify a name for the file that is different than the actual file itself (W2.doc). Then, you echo the contents of John Doe's W2 file (JohnDoeW2.doc). So if you go to the site and you're logged in, your browser will prompt you to download JohnDoeW2.doc - but it will be called W2.doc in the client. Hope that helps!

nice little bit of code, though dont forget about the sessions! (if you need to know that as well)