• 0

Need to create a way for users to login


Question

I'm a bit way over my head with this, haven't designed or coded webpages since 2002. I need a way for users to login using the website so they can download personal information such as W2 forms or timesheets. I am not sure if I would need to do this in .php or what. If anybody can give me some advice, I would appreciate it.

6 answers to this question

Recommended Posts

  • 0

You can use multiple types of code, php, asp, jsp etc.

 

Here's a simple php tutorial: http://www.phpeasystep.com/phptu/6.html

 

Make sure to secure your passwords with a hash, I recommend PBKDF2, bcrypt or scrypt if you want to be absolutely sure the password cannot be cracked even when your user database is stolen.

  • 0
  On 18/07/2014 at 02:41, HardSide said:

I should have been more clearer, I understand how to create a login, but I am not sure how to tie the login so the login can access certain files.

See step 4 that php code should be added to the pages which should only be available to users who are logged in.
  • 0

You might try something like this:

 

  1. Store the files you want to be only available to specific users in a web-inaccessible location (but one that PHP can read)
  2. Use something like this in a download script:
if ($loggedIn) {
        header("Content-type: application/msword");
        header("Content-disposition: attachment; filename=\"W2.doc\"");
        echo file_get_contents("/home/username/yoursite/JohnDoeW2.doc");
} else {
        echo "You are not authorized";
}

First, a conditional checks one of two possibilities: whether you're logged in or not. Then, it sets two headers. The first tells the browser it's going to receive a MS Word document, and the second tells it that it should download the file rather than show it in the browser. Here, you get to specify a name for the file that is different than the actual file itself (W2.doc). Then, you echo the contents of John Doe's W2 file (JohnDoeW2.doc). So if you go to the site and you're logged in, your browser will prompt you to download JohnDoeW2.doc - but it will be called W2.doc in the client. Hope that helps!

  • Like 2
  • 0
  On 24/07/2014 at 18:33, Moogey said:

You might try something like this:

 

  1. Store the files you want to be only available to specific users in a web-inaccessible location (but one that PHP can read)
  2. Use something like this in a download script:
if ($loggedIn) {
        header("Content-type: application/msword");
        header("Content-disposition: attachment; filename=\"W2.doc\"");
        echo file_get_contents("/home/username/yoursite/JohnDoeW2.doc");
} else {
        echo "You are not authorized";
}

First, a conditional checks one of two possibilities: whether you're logged in or not. Then, it sets two headers. The first tells the browser it's going to receive a MS Word document, and the second tells it that it should download the file rather than show it in the browser. Here, you get to specify a name for the file that is different than the actual file itself (W2.doc). Then, you echo the contents of John Doe's W2 file (JohnDoeW2.doc). So if you go to the site and you're logged in, your browser will prompt you to download JohnDoeW2.doc - but it will be called W2.doc in the client. Hope that helps!

Nice method for actually securing file download links!

  • 0
  On 24/07/2014 at 18:33, Moogey said:

You might try something like this:

 

  1. Store the files you want to be only available to specific users in a web-inaccessible location (but one that PHP can read)
  2. Use something like this in a download script:
if ($loggedIn) {
        header("Content-type: application/msword");
        header("Content-disposition: attachment; filename=\"W2.doc\"");
        echo file_get_contents("/home/username/yoursite/JohnDoeW2.doc");
} else {
        echo "You are not authorized";
}

First, a conditional checks one of two possibilities: whether you're logged in or not. Then, it sets two headers. The first tells the browser it's going to receive a MS Word document, and the second tells it that it should download the file rather than show it in the browser. Here, you get to specify a name for the file that is different than the actual file itself (W2.doc). Then, you echo the contents of John Doe's W2 file (JohnDoeW2.doc). So if you go to the site and you're logged in, your browser will prompt you to download JohnDoeW2.doc - but it will be called W2.doc in the client. Hope that helps!

nice little bit of code, though dont forget about the sessions! (if you need to know that as well) 

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Microsoft reportedly planning to lay off thousands of employees, mostly in sales by Usama Jawad Back in May 2025, Microsoft decided to lay off 3% of its workforce, which amounted to roughly 6,000 employees. It claimed that this decision allowed it to implement better organizational changes in a "dynamic marketplace". Now, a new report claims that the Redmond tech firm is planning to lay off thousands more next month. Citing unnamed sources, Bloomberg reports that as the company continues investing heavily in its AI ventures, it is about to announce layoffs of thousands of workers as early as next month. This reduction in workforce will primarily affect sales teams, but they won't be the only ones affected. That said, the sources did mention that the timing for this announcement may change. This move, if true, won't be entirely surprising. In April 2025, Microsoft announced that it will be relying more on third-party firms to sell its software to small- and medium-sized customers. It's currently unclear how many employees will be impacted by this change, but even if the layoff percentage is in the single digits, it would still be significant as it would be impacting the professional careers of thousands. The May 2025 layoffs primarily impacted engineering and product teams. The other major round of layoffs prior to this was the decision to eliminate 10,000 jobs back in January 2023. Those represented 5% of the total workforce at that time, with numerous teams, including the one leading Mixed Reality (MR) efforts, being heavily impacted. It is interesting to note that if the timing of the announcement for layoffs is accurate, it would be soon after Microsoft closes its fiscal year at the end of June 2025. Although we'll get financial reports for the latest quarter soon after too, one has to wonder what the human cost of profit is, as Microsoft continues to report billions of dollars in revenue every quarter. Source: Bloomberg (paywall)
    • Ah .. lockout for suspicious activity. I bet they uploaded the SanDisk utility detected as malware
    • Microsoft 365 will soon disable outdated authentication protocols for file access by Usama Jawad On a fairly regular basis, Microsoft disables outdated protocols that are used to access its services. In the past few years, the company has deprecated Basic Auth in Exchange Online and cut access to Outlook for third-party apps relying on this protocol. Now, it has decided to get rid of old authentication protocols for file access across Microsoft 365 services. As reported by Bleeping Computer, Microsoft has posted a message on its Microsoft 365 Admin Center. Starting from mid-July 2025, the company will begin disabling legacy authentication protocols used to access files across Microsoft 365 and Office apps, SharePoint, and OneDrive. Essentially, applications or services which use the Relying Party Suite (RPS) or FrontPage Remote Procedure Call (FPRPC) will to perform browser-based authentication to perform open operations on Office files will no longer be able to do so. As expected, this is primarily being done to improve the cybersecurity posture of various services. Microsoft states that RPS can be brute-forced and phished with relative ease as it is fairly outdated. Similarly, FPRPC is typically used for remote web page authoring and it is susceptible to exploitation through various vulnerabilities too. As such, both of these protocols will be disabled by default starting from mid-July 2025, with the rollout of this change targeting completion by August 2025. The Redmond tech giant will update the protocol baseline by default without mandating any licensing changes for customers. In addition, once these modifications are rolled out, Microsoft 365 will require admin consent to get third-party access to files and sites. IT admins can view the guidance available here to configure admin consent workflows. Microsoft says that these changes align with the principles of its Secure Future Initiative (SFI). Earlier today, it announced the rollout of improved security defaults for Windows 365 citing the same reasons too.
    • This is how you kill your own business.
  • Recent Achievements

    • First Post
      Fuzz_c earned a badge
      First Post
    • First Post
      TIGOSS earned a badge
      First Post
    • Week One Done
      slackerzz earned a badge
      Week One Done
    • Week One Done
      vivetool earned a badge
      Week One Done
    • Reacting Well
      pnajbar earned a badge
      Reacting Well
  • Popular Contributors

    1. 1
      +primortal
      704
    2. 2
      ATLien_0
      283
    3. 3
      Michael Scrip
      216
    4. 4
      +FloatingFatMan
      195
    5. 5
      Steven P.
      131
  • Tell a friend

    Love Neowin? Tell a friend!