• 0

Need to create a way for users to login


Question

I'm a bit way over my head with this, haven't designed or coded webpages since 2002. I need a way for users to login using the website so they can download personal information such as W2 forms or timesheets. I am not sure if I would need to do this in .php or what. If anybody can give me some advice, I would appreciate it.

6 answers to this question

Recommended Posts

  • 0

You can use multiple types of code, php, asp, jsp etc.

 

Here's a simple php tutorial: http://www.phpeasystep.com/phptu/6.html

 

Make sure to secure your passwords with a hash, I recommend PBKDF2, bcrypt or scrypt if you want to be absolutely sure the password cannot be cracked even when your user database is stolen.

  • 0
  On 18/07/2014 at 02:41, HardSide said:

I should have been more clearer, I understand how to create a login, but I am not sure how to tie the login so the login can access certain files.

See step 4 that php code should be added to the pages which should only be available to users who are logged in.
  • 0

You might try something like this:

 

  1. Store the files you want to be only available to specific users in a web-inaccessible location (but one that PHP can read)
  2. Use something like this in a download script:
if ($loggedIn) {
        header("Content-type: application/msword");
        header("Content-disposition: attachment; filename=\"W2.doc\"");
        echo file_get_contents("/home/username/yoursite/JohnDoeW2.doc");
} else {
        echo "You are not authorized";
}

First, a conditional checks one of two possibilities: whether you're logged in or not. Then, it sets two headers. The first tells the browser it's going to receive a MS Word document, and the second tells it that it should download the file rather than show it in the browser. Here, you get to specify a name for the file that is different than the actual file itself (W2.doc). Then, you echo the contents of John Doe's W2 file (JohnDoeW2.doc). So if you go to the site and you're logged in, your browser will prompt you to download JohnDoeW2.doc - but it will be called W2.doc in the client. Hope that helps!

  • Like 2
  • 0
  On 24/07/2014 at 18:33, Moogey said:

You might try something like this:

 

  1. Store the files you want to be only available to specific users in a web-inaccessible location (but one that PHP can read)
  2. Use something like this in a download script:
if ($loggedIn) {
        header("Content-type: application/msword");
        header("Content-disposition: attachment; filename=\"W2.doc\"");
        echo file_get_contents("/home/username/yoursite/JohnDoeW2.doc");
} else {
        echo "You are not authorized";
}

First, a conditional checks one of two possibilities: whether you're logged in or not. Then, it sets two headers. The first tells the browser it's going to receive a MS Word document, and the second tells it that it should download the file rather than show it in the browser. Here, you get to specify a name for the file that is different than the actual file itself (W2.doc). Then, you echo the contents of John Doe's W2 file (JohnDoeW2.doc). So if you go to the site and you're logged in, your browser will prompt you to download JohnDoeW2.doc - but it will be called W2.doc in the client. Hope that helps!

Nice method for actually securing file download links!

  • 0
  On 24/07/2014 at 18:33, Moogey said:

You might try something like this:

 

  1. Store the files you want to be only available to specific users in a web-inaccessible location (but one that PHP can read)
  2. Use something like this in a download script:
if ($loggedIn) {
        header("Content-type: application/msword");
        header("Content-disposition: attachment; filename=\"W2.doc\"");
        echo file_get_contents("/home/username/yoursite/JohnDoeW2.doc");
} else {
        echo "You are not authorized";
}

First, a conditional checks one of two possibilities: whether you're logged in or not. Then, it sets two headers. The first tells the browser it's going to receive a MS Word document, and the second tells it that it should download the file rather than show it in the browser. Here, you get to specify a name for the file that is different than the actual file itself (W2.doc). Then, you echo the contents of John Doe's W2 file (JohnDoeW2.doc). So if you go to the site and you're logged in, your browser will prompt you to download JohnDoeW2.doc - but it will be called W2.doc in the client. Hope that helps!

nice little bit of code, though dont forget about the sessions! (if you need to know that as well) 

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • it might be a work or school thing. at my work, a disclaimer pops up stating that "you should use google chrome or edge for the best possible experience." at my school, the disclaimer says just to use google chrome. i'm sure a lot of IT guys just want to make it easy and tell employees to use google chrome because of the apparent trends in web developers testing and all. i'm sure that can have big ramifications on browser usage for average users since "if my IT dep permits it, then it's good". i liked that my work also stated Edge, but i've seen "use google chrome" a lot more without mentioning edge. matter of fact, my employer removed firefox from all devices.
    • I happen to try it today not knowing about the update and was happily surprised; it is great.
    • Hello, Hardware Support Applications are a special kind of Microsoft Store app and have to go through additional checks and certifications because they can communicate directly with their driver, which means that a vulnerability in one of them could allow an attacker access to kernel space memory through the HSA ←→ device driver interface.  In other words, a BYOVD (bring your won vulnerable driver) attack, but with the HSA being used as an extra step. Remember, the Microsoft Store is strategic to Microsoft's long-term goals: they see it as the means to get the same 30% of every application sale that Apple and Google get through their stores, which is why it has been a fixture of Windows since Windows 8 was introduced in 2012 despite a low adoption rate.  Microsoft cannot afford to have anyone get an app through their store which causes a security issue for their end users.  Even if the app was written by and uploaded to the Microsoft Store by a partner, it is Microsoft's name on the store, and they are the ones that will have reputational/brand damage if they allow something malicious into their store. Regards, Aryeh Goretsky  
    • This is more from my childhood, when nickelodeon just launched and had to license shows to have something to air. Left a big an impact, but probably more emotion positive / childhood thing. Europe got the follow up season's decade's latter with the animation studio that did Air Bender but never licenses for the US. I miss the day's of longer intro's. Nier (PS3) Intro is epic, and was very unexpected.  PS1 Xengears was also epic and an amazing game.  
  • Recent Achievements

    • Week One Done
      Ricky Chan earned a badge
      Week One Done
    • Week One Done
      maimutza earned a badge
      Week One Done
    • Week One Done
      abortretryfail earned a badge
      Week One Done
    • First Post
      Mr bot earned a badge
      First Post
    • First Post
      Bkl211 earned a badge
      First Post
  • Popular Contributors

    1. 1
      +primortal
      484
    2. 2
      +FloatingFatMan
      263
    3. 3
      snowy owl
      240
    4. 4
      ATLien_0
      227
    5. 5
      Edouard
      188
  • Tell a friend

    Love Neowin? Tell a friend!