prons with password scripts (newbie)

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hello all - I am a newbie for PHP but have some experience with
javascript so forgive me if my questions are basic. As with other
programs, what seems will take 10 minutes ends up taking 10 hours.. I
suspect the anwser is of the type 'if you know it, it's easy'

I want to password-protection *each* of my photo albums from one page
using PHP so
I downloaded and incroporated a free PHP script to do this.

The script worked fine on my home machine.

However, when I used a differnt machine, I only had to enter a
password once for *any* of the albums  and all the other albums
instantly become freely accessible.

The site structure is something like this (under each album directory
there are three extra files that provide the protection)




and so on

FYI - I opted for using  'sessions' not 'cookies'

I have two questions:

1) why did one machine demand a password for only the first album
requested, then provide free access to all the others (thus defeating
the whole objective of password protection)?
It bothers me that the script worked fine on one machine then was crap
on another (I'm confused because I thought PHP was supposed to be
independent of  the client's brower, platform or whatever)

2) i have decided not to use the *logout* script.. hence logout.php
serves no purpose as i removed the 'logout' button from the photo
Is this related to (1).
From my understanding, logout is only useful  if people access my site
from a machine with different users (eg in a cybercafe). Leaving it
out means that visitors using the same machine do not have to log in
each time they visit the page, ie particular photo album.
Is this correct?

thanks for any help


Re: prons with password scripts (newbie)

Although there is probably not enough detail to answer all of your
questions, I'll try and clear some things up for you:

Without the logout button, you are leaving the session open. This means that
the server will wait for a pre-determined amount of time (20 mins normally)
before forgetting the browser that made the call. The session relies on the
browser staying on your site too. If the user closes the browser and opens
it again, then it starts with a new identity, therefore the server won't
match it to the open session, and will create a new one (hoping that the
browser you have now closed will come back to the first session).

You will need to set a cookie  that expires a while off in the future, and
use this to identify the user that logged in before.

Finally, the session will work across the server... Therefore you need to
build in to the session a way of seeing which photo album has been logged in
to, and work out if they have access to the current one. Otherwise, once
logged in on one, the session will remain and they will appear to be logged
in on all of the photo albums.

With cookies, you can set the path on the server that the cookie refers
too... therefore the album recognition was probably built in anyway, using
that, as each album is in a different location.

Does this help? Feel free to ask more, or ask me to expand.

Quoted text here. Click to load it

Re: prons with password scripts (newbie)

Thanks very much for your help Elliot - I understand better about

 I took a closer look at the script and decided to use different
cookie names for each album and it worked.

So your suggestion was spot on .


Re: prons with password scripts (newbie)

Quoted text here. Click to load it

You're more than welcome. Good luck with your project then!

Site Timeline