(adsbygoogle = window.adsbygoogle || []).push({}); Introduction:
This is part #1 of a series of tutorials I'm going to go over to do with Content Management. In part, I am going to explain the basics of a flat file login page coded in PHP. Unfortunately Screensnapr won't work on my PC so I won't be adding any images.

Step 1
You will need to start off by telling the code what username and password you would like to choose, by using <?php $username = "Telepot"; ?>, etc.

    <?php 



$username = "Telepot"; 

$password = "password123"; 



if ($_POST['txtUsername'] != $username || $_POST['txtPassword'] != $password) { 



?> 

That has basically told the PHP your username and password, this should be put into the first line of a blank document.

Step 2
You will want to put this code below the code posted above, this will be your login page. Continue as you would when coding a normal HTML webpage

    <head>

<title>Sample Login Page</title>

</head>

<body>

</body>

Inbetween them two <body> </body> tags we're going to put the following login form.

    

<form name="form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> 

    <p><label for="txtUsername">Username:</label> <br>

    <input type="text" title="Enter your Username" name="txtUsername" /><br>



    <label for="txtpassword">Password:</label><br>

    <input type="password" title="Enter your password" name="txtPassword" /><br>



    <input type="submit" name="Submit" value="Login" /></p> 

</form>

Step 3
Under the </body> code copy the following simple code:

    <?php 



} 

else { 



?> 

Under that, you can start again with:

    

<head>

<title>Sample Login Page: You are logged in!</title>

</head>

<body>

Welcome to the admin control panel!

</body>

That is the page you're going to see when you've logged in, remember, this is all still in the same page. You can put what ever you want between the <body> </body> tags for your logged in user to see.

You're not done yet! Step 4
Copy the following code after you've done the above step.

    

<?php 



} 



?> 

That's it! You're done! You can customize this login however you would like, for example, I have added a little css and some javascript to my flat file login. Here is one I made earlier!

    

<?php 



$username = "Telepot"; 

$password = "Password13231"; 



if ($_POST['txtUsername'] != $username || $_POST['txtPassword'] != $password) { 



?> 

<head>

	<title>Ali3n Network - Staff Login</title>

	<style type="text/css"> 

    body{background-color:#000;color:#fff;font-family:Arial,Verdana,sans-serif;font-size:62.5%;margin:15% 5% 0 5%;text-align: center;}

    a,a:visited,a:active{color:#0080ff;text-decoration:underline;}

    a:hover{text-decoration:none;}

    input[type=text]{border:1px solid #ccc;color:#ccc;font-size:1em;padding:4px 6px 4px 6px;}

	input[type=password]{border:1px solid #ccc;color:#ccc;font-size:1em;padding:4px 6px 4px 6px;}

    a.adlink{color: orange;}

    #container{clear:both;font-size:3em;margin:auto;}

    #name{width:500px;}

    </style>

	<script type="text/javascript"> 

    function clearboxInput(e) {

      if (e.cleared) { return; }

      e.cleared = true;

      e.value = '';

      e.style.color = '#000';

    }

    </script> 

</head>

<body>

<form name="form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> 

    <p><label for="txtUsername">Username:</label> <br>

    <input type="text" title="Enter your Username" id="name" value="Username" name="txtUsername" onclick="clearboxInput(this);" /><br>



    <label for="txtpassword">Password:</label><br>

    <input type="password" title="Enter your password" id="name" value="Password" name="txtPassword" onclick="clearboxInput(this);" /><br>



    <input type="submit" name="Submit" value="Login" /></p> 

</form> 

</body>

<?php 



} 

else { 



?> 



<p>Welcome to Ali3n. Your objectives will soon be listed here.</p> 



<?php 



} 



?> 

If you need any help, feel free to email me at [email][email protected][/email] !

I can't even see your post.

I can't edit my user title. My account is blocked from everything. 'Telepot, you do not have permission to access this page. This could be due to one of several reasons:'

He wants to know how you would hack his login system in 5 seconds, and how you would do so like a boss.

nice php tutorial, if you like php. i do kind of, just it's a little how you umm simplistic, but still powerful nonetheless. either way keep up the good worlk.

Looking back at this I may be wrong (I am not a hacker by any means.) but couldn't you enter something like this in the username and pass and gain access?


Username:

    

2 != 1 /* 

Password:

    

*/|| 1

The result would be

    if (2 != 1 /* !=$username || */ || 1  !=$password)

Breakdown:

The reason this works (at least in my head it does) is by simply modifying your current if statement. Since I can see your php source it makes it easier.

if (2 != 1 /* !=$username || */ || 1 !=$password)

This statement says if( 2 is not equal to 1 /* comment out teh important stuff :carling: */ OR 1 is not equal to the password) do nothing else give teh admin abilities.

I think you have something wrong there, the original code for that part was

    

if ($_POST['username'] != $username || $_POST['password'] != $password)

If that statement evaluates to true, you still won't be logged in, because that's the the statement to determine an incorrect login, so changing it to always evaluate to true isn't really beneficial, is it now?

And point number two: that's not even how PHP evaluates text. Perhaps you're thinking of some sort of strange SQLI or XSS, but that doesn't really apply to server side languages.