9 replies
In my quest to learn Php I have another task but I've hit a block.

What I am trying to do is have a resume put online BUT when someone clicks on this html button to go to my resume page they are given a password prompt. What I want is that if they enter the correct password the resume page displays and if not then an error message appears. I am trying to do this with Php. The thing I can't get around or at the moment can't think of is how can I prevent the user from just typing in the url of the resume page and thus going around my password check? I thought about having the resume as an "include" to another file but if the user does a "view source" they can still see the resume file name. Any suggestions? Maybe I'm approaching this wrong or missing the obvious?
#php #question
  • Profile picture of the author CrhisD
    Originally Posted by Firstbaysmith View Post

    In my quest to learn Php I have another task but I've hit a block.

    What I am trying to do is have a resume put online BUT when someone clicks on this html button to go to my resume page they are given a password prompt. What I want is that if they enter the correct password the resume page displays and if not then an error message appears. I am trying to do this with Php. The thing I can't get around or at the moment can't think of is how can I prevent the user from just typing in the url of the resume page and thus going around my password check? I thought about having the resume as an "include" to another file but if the user does a "view source" they can still see the resume file name. Any suggestions? Maybe I'm approaching this wrong or missing the obvious?
    Personally it seems to me that you're trying to annoy all your prospective employers, but there are a few ways you can do that. You can use cookies or REFERER to find out where he came from.
    {{ DiscussionBoard.errors[2911903].message }}
  • Profile picture of the author esrun
    For something like this, you'd probably want to keep it as simple as possible.

    You can do it with the code I've just thrown together and attached.

    Provided the resume has a hard to guess file name then include(""); is perfectly fine. The file name will not be shown in the HTML source.
    {{ DiscussionBoard.errors[2912152].message }}
    • Profile picture of the author caesargus
      Great code snippet!

      I'd probably change the password check part to make it easier to read, but from the way the code looks, I imagine that the code should work fine.


      Originally Posted by esrun View Post

      For something like this, you'd probably want to keep it as simple as possible.

      You can do it with the code I've just thrown together and attached.

      Provided the resume has a hard to guess file name then include(""); is perfectly fine. The file name will not be shown in the HTML source.
      {{ DiscussionBoard.errors[2915087].message }}
    • Profile picture of the author CrhisD
      Originally Posted by esrun View Post

      For something like this, you'd probably want to keep it as simple as possible.

      You can do it with the code I've just thrown together and attached.

      Provided the resume has a hard to guess file name then include(""); is perfectly fine. The file name will not be shown in the HTML source.
      Maybe not in the HTML source.. but this will not prevent someone from just emailing or otherwise communicating the link to everyone
      {{ DiscussionBoard.errors[2916505].message }}
      • Profile picture of the author esrun
        Originally Posted by CrhisD View Post

        Maybe not in the HTML source.. but this will not prevent someone from just emailing or otherwise communicating the link to everyone
        I don't get it. No one would ever know the link to the real resume document.

        1) Create new folder called resume
        2) Upload index.php (the code sample I attached previously)
        3) Upload df3_354-5435_t453.html (your resume)
        4) Link people to /resume/

        The only way people will be able to link directly to your resume file is by knowing the file name. They're not going to guess that file name.

        They could email someone the link to the php file AND the password. But if you're worried about that then you should also worry about people just downloading the document after viewing it and emailing it on.

        Have you tested the script? Perhaps you're getting confused about how it actually works.
        {{ DiscussionBoard.errors[2916594].message }}
        • Profile picture of the author CrhisD
          Originally Posted by esrun View Post

          I don't get it. No one would ever know the link to the real resume document.

          1) Create new folder called resume
          2) Upload index.php (the code sample I attached previously)
          3) Upload df3_354-5435_t453.html (your resume)
          4) Link people to /resume/

          The only way people will be able to link directly to your resume file is by knowing the file name. They're not going to guess that file name.

          They could email someone the link to the php file AND the password. But if you're worried about that then you should also worry about people just downloading the document after viewing it and emailing it on.

          Have you tested the script? Perhaps you're getting confused about how it actually works.
          Maybe I'm getting confused, but if for some reason the file gets corrupted, or doesn't load for whatever reason you'd get

          Warning: include(supersecretresumefilename.html) [function.include]: failed to open stream:

          and then they would know right? unless you turned off warnings with

          ini_set('display_errors', 0);

          but then you'd have to remember to turn it on and off when you're debugging, which would be kind of annoying actually.

          Also how would this work if the resume was more than one page?
          {{ DiscussionBoard.errors[2917127].message }}
          • Profile picture of the author esrun
            Originally Posted by CrhisD View Post

            Maybe I'm getting confused, but if for some reason the file gets corrupted, or doesn't load for whatever reason you'd get

            Warning: include(supersecretresumefilename.html) function.include: failed to open stream:

            and then they would know right? unless you turned off warnings with

            ini_set('display_errors', 0);

            but then you'd have to remember to turn it on and off when you're debugging, which would be kind of annoying actually.

            Also how would this work if the resume was more than one page?

            That error only shows because 'supersecretresumefilename.html' doesn't actually exist. If you create the file then it wont ever display that error.

            Alternatively just put an @ symbol before the include(), this will suppress any error.

            E.g: @include('supersecretresumefilename.html');

            If you're really worried that your file might become corrupt or unreadable then use something like this:

            if(@$resume = file_get_contents("supersecretresumefilename.html" )){
            echo $resume;
            } else {
            echo 'My resume isn\'t available right now, sorry dude!';
            }


            If it's more than 1 page then you might want to consider the cookie approach. Or just protect the directory with htaccess.
            {{ DiscussionBoard.errors[2917209].message }}
            • Profile picture of the author CrhisD
              Originally Posted by esrun View Post

              That error only shows because 'supersecretresumefilename.html' doesn't actually exist. If you create the file then it wont ever display that error.

              Alternatively just put an @ symbol before the include(), this will suppress any error.

              E.g: @include('supersecretresumefilename.html');

              If you're really worried that your file might become corrupt or unreadable then use something like this:

              if(@ = file_get_contents("supersecretresumefilename.html" )){
              echo ;
              } else {
              echo 'My resume isn\'t available right now, sorry dude!';
              }


              If it's more than 1 page then you might want to consider the cookie approach. Or just protect the directory with htaccess.
              If he's going to have to change the code when it gets longer than a page, he might as well start using cookies from the beginning, then he wouldn't have to change the code when it does
              {{ DiscussionBoard.errors[2917566].message }}
  • Profile picture of the author mahesh2010
    Hi,
    You just use one database for storing passwords then retrieve the password from database and then check this will do
    {{ DiscussionBoard.errors[2917938].message }}

Trending Topics