hello, i'm trying to get http://superiorminitrucks.com/admin login functionality to work. It's my first logon script, which was tested to work, but I'm running out of brute force to get this one through...

<?php 
//////**************************************/
//
// LOGIN PAGE
//
//   Server-side:
//     1. Start a session
//     2. Clear the session
//     3. Generate a random challenge string
//     4. Save the challenge string in the session
//     5. Expose the challenge string to the page via a hidden input field
//
//  Client-side:
//     1. When the completes the form and clicks on Login button
//     2. Validate the form (i.e. verify that all the fields have been filled out)
//     3. Set the hidden response field to HEX(MD5(server-generated-challenge + user-supplied-password))
//     4. Submit the form
//******************************/
session_start();
session_unset();
srand();

$challenge = "";
for ($i = 0; $i < 80; $i++) {
    $challenge .= dechex(rand(0, 15));
}
$_SESSION[challenge] = $challenge;
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
    <head>
        <title>Superior Mini Trucks</title>    
        <link href="../site.css" media="screen" rel="stylesheet" type="text/css" />
        <script type="text/javascript" src="../moo.js">                 </script>     
        <script type="text/javascript" src="/admin/jmd5.js">            </script>
        <script type="text/javascript">
            
var num = 0;
			
			
			function login(num) {
			
					var loginForm0  = document.getElementById("loginForm0");
					var loginForm1  = document.getElementById("loginForm1");
					var loginForm2  = document.getElementById("loginForm2");
					var loginForm3  = document.getElementById("loginForm3");

  					var submitForm = document.getElementById("submitForm" + num);
	
					if (loginForm0.username.value == "" && loginForm1.username.value == "" && loginForm2.username.value == "" && loginForm3.username.value == "") {
						alert("Please enter your user name.");
						return false;
					}
					if (loginForm0.password.value == "" && loginForm1.password.value == "" && loginForm2.password.value == "" && loginForm3.password.value == "") {
						alert("Please enter your password.");
						return false;
					}
				
					if(num == 0) {
						submitForm.username.value = loginForm0.username.value;
						submitForm.response.value =
						hex_md5(<?php echo $challenge; ?>+loginForm0.password.value);
						submitForm.submit(); }
					if(num == 1) {
						submitForm.username.value = loginForm1.username.value;
						submitForm.response.value =
						hex_md5(<?php echo $challenge; ?>+loginForm1.password.value);
						submitForm.submit(); }
					if(num == 2) {
						submitForm.username.value = loginForm2.username.value;					
						submitForm.response.value =
						hex_md5(<?php echo $challenge; ?>+loginForm2.password.value);
						submitForm.submit(); }
					if(num == 3) {
						submitForm.username.value = loginForm3.username.value;															
						submitForm.response.value =
						hex_md5(<?php echo $challenge; ?>+loginForm3.password.value);
						submitForm.submit(); }
				
            } // end login()
			
			
			window.addEvent('domready', function() {
											   
												   
					var mySlide_inventory   = new Fx.Slide('test');
					var mySlide_information = new Fx.Slide('test1');					
					var mySlide_options     = new Fx.Slide('test2');					
					var mySlide_home        = new Fx.Slide('test3');					
				
				mySlide_inventory.hide();
				mySlide_information.hide();
				mySlide_options.hide();
				mySlide_home.hide();
				
					
				$('slidein').addEvent('click', function(e){
					e = new Event(e);
					mySlide_inventory.slideIn();
					e.stop();
				});
				 
				$('slideout').addEvent('click', function(e){
					e = new Event(e);
					mySlide_inventory.slideOut();
					e.stop();
				});
				 
				$('toggle').addEvent('click', function(e){
					e = new Event(e);
					mySlide_inventory.toggle();
					e.stop();
				});
				 
				$('hide').addEvent('click', function(e){
					e = new Event(e);
					mySlide_inventory.hide();
					e.stop();
				});





				$('slidein1').addEvent('click', function(e){
					e = new Event(e);
					mySlide_information.slideIn();
					e.stop();
				});
				 
				$('slideout1').addEvent('click', function(e){
					e = new Event(e);
					mySlide_information.slideOut();
					e.stop();
				});
				 
				$('toggle1').addEvent('click', function(e){
					e = new Event(e);
					mySlide_information.toggle();
					e.stop();
				});
				 
				$('hide1').addEvent('click', function(e){
					e = new Event(e);
					mySlide_information.hide();
					e.stop();
				});





				$('slidein2').addEvent('click', function(e){
					e = new Event(e);
					mySlide_options.slideIn();
					e.stop();
				});
				 
				$('slideout2').addEvent('click', function(e){
					e = new Event(e);
					mySlide_options.slideOut();
					e.stop();
				});
				 
				$('toggle2').addEvent('click', function(e){
					e = new Event(e);
					mySlide_options.toggle();
					e.stop();
				});
				 
				$('hide2').addEvent('click', function(e){
					e = new Event(e);
					mySlide_options.hide();
					e.stop();
				});




				$('slidein3').addEvent('click', function(e){
					e = new Event(e);
					mySlide_home.slideIn();
					e.stop();
				});
				 
				$('slideout3').addEvent('click', function(e){
					e = new Event(e);
					mySlide_home.slideOut();
					e.stop();
				});
				 
				$('toggle3').addEvent('click', function(e){
					e = new Event(e);
					mySlide_home.toggle();
					e.stop();
				});
				 
				$('hide3').addEvent('click', function(e){
					e = new Event(e);
					mySlide_home.hide();
					e.stop();
				});

				
			});			
        </script>
		<style type="text/css">
           body {
		   	text-align: left;
	       }
		 
		    #test, #test1, #test2, #test3 {
                background: #222;
                color: #fff;
                padding: 10px;
                margin: 20px;
            }

			#test  {
                border: 10px solid saddlebrown;
			}
			#test1  {
                border: 10px solid darkgoldenrod;
			}			 
			#test2  {
                border: 10px solid darkkhaki;
			}			 
			#test3  {
                border: 10px solid olive;
			}			 
			 
		a { 
			text-size: large;
			font-weight: bold;
			text-decoration: none;
			outline: none;
			color: white;
			border-bottom: 2px solid white;
	    }	
			
        </style>        
    </head>
    <body>
       <blockquote>
        
<h3 style="color: white;" class="section">Please Login</h3>
 
<a id="slideout" href="#"></a><a id="slidein" href="#"></a>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <a id="toggle" href="#">Home</a><a id="hide" href="#"></a>

<div id="test">
        
        <form id="loginForm0" action="#" method="post">
            <table>
                <?php if (isset($_REQUEST[error])) { ?>
                <tr>
                    <td>Error</td>
                    <td style="color: red;"><?php echo $_REQUEST[error]; ?></td>
                </tr>
                <?php } ?>
                <tr>
                    <td>User Name</td>
                    <td><input type="text" name="username"/></td>
                </tr>
                <tr>
                    <td>Password</td>
                    <td><input type="password" name="password"/></td>
                </tr>
                <tr>
                    <td>&nbsp;</td>
                    <td>
                        <input type="hidden" name="challenge" value="<?php echo $challenge; ?>"/>
                        <input type="button" name="submit" value="Login" onclick="login(0);"/>
                    </td>
                </tr>
            </table>
        </form>
        <form id="submitForm0" action="authenticate.php" method="post">
            <div>
                <input type="hidden" name="username"/>
                <input type="hidden" name="response"/>
            </div>
        </form>


      </div>
      
        
        <a id="slideout1" href="#"></a> <a id="slidein1" href="#"></a> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <a id="toggle1" href="#">Inventory</a> <a id="hide1" href="#"></a>
        
        <div id="test1">
                
                <form id="loginForm1" action="#" method="post">
                    <table>
                        <?php if (isset($_REQUEST[error])) { ?>
                        <tr>
                            <td>Error</td>
                            <td style="color: red;"><?php echo $_REQUEST[error]; ?></td>
                        </tr>
                        <?php } ?>
                        <tr>
                            <td>User Name</td>
                            <td><input type="text" name="username"/></td>
                        </tr>
                        <tr>
                            <td>Password</td>
                            <td><input type="password" name="password"/></td>
                        </tr>
                        <tr>
                            <td>&nbsp;</td>
                            <td>
                                <input type="hidden" name="challenge" value="<?php echo $challenge; ?>"/>
                                <input type="button" name="submit" value="Login" onclick="login(1);"/>
                            </td>
                        </tr>
                    </table>
                </form>
                <form id="submitForm1" action="authenticate1.php" method="post">
                    <div>
                        <input type="hidden" name="username"/>
                        <input type="hidden" name="response"/>
                    </div>
                </form>
              </div>
              
              
              
              
              
              
              
              
              
              
              
        <a id="slideout2" href="#"></a> <a id="slidein2" href="#"></a>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <a id="toggle2" href="#">Information</a><a id="hide2" href="#"></a>
        
        <div id="test2">
                
                <form id="loginForm2" action="#" method="post">
                    <table>
                        <?php if (isset($_REQUEST[error])) { ?>
                        <tr>
                            <td>Error</td>
                            <td style="color: red;"><?php echo $_REQUEST[error]; ?></td>
                        </tr>
                        <?php } ?>
                        <tr>
                            <td>User Name</td>
                            <td><input type="text" name="username"/></td>
                        </tr>
                        <tr>
                            <td>Password</td>
                            <td><input type="password" name="password"/></td>
                        </tr>
                        <tr>
                            <td>&nbsp;</td>
                            <td>
                                <input type="hidden" name="challenge" value="<?php echo $challenge; ?>"/>
                                <input type="button" name="submit" value="Login" onclick="login(2);"/>
                            </td>
                        </tr>
                    </table>
                </form>
                <form id="submitForm2" action="authenticate2.php" method="post">
                    <div>
                        <input type="hidden" name="username"/>
                        <input type="hidden" name="response"/>
                    </div>
                </form>
              </div>
              
              
              
              
              
              
              
              
              
              
        <a id="slideout3" href="#"></a><a id="slidein3" href="#"></a>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <a id="toggle3" href="#">Options</a><a id="hide3" href="#"></a>
        
        <div id="test3">
                
                <form id="loginForm3" action="#" method="post">
                    <table>
                        <?php if (isset($_REQUEST[error])) { ?>
                        <tr>
                            <td>Error</td>
                            <td style="color: red;"><?php echo $_REQUEST[error]; ?></td>
                        </tr>
                        <?php } ?>
                        <tr>
                            <td>User Name</td>
                            <td><input type="text" name="username"/></td>
                        </tr>
                        <tr>
                            <td>Password</td>
                            <td><input type="password" name="password"/></td>
                        </tr>
                        <tr>
                            <td>&nbsp;</td>
                            <td>
                                <input type="hidden" name="challenge" value="<?php echo $challenge; ?>"/>
                                <input type="button" name="submit" value="Login" onclick="login(3);"/>
                            </td>
                        </tr>
                    </table>
                </form>
                <form id="submitForm3" action="authenticate3.php" method="post">
                    <div>
                        <input type="hidden" name="username"/>
                        <input type="hidden" name="response"/>
                    </div>
                </form>
              </div>
              
              
              
</blockquote>              
              
              
              
              
    </body>
</html>

It's my first logon script. It works until I try to change the action by validating radio button selection.. Help is greatly appreciated. I've been working on this steadily for days.

<?php 
/////////////////////////////////////////////////////////////////////////////
//
// LOGIN PAGE
//
//   Server-side:
//     1. Start a session
//     2. Clear the session
//     3. Generate a random challenge string
//     4. Save the challenge string in the session
//     5. Expose the challenge string to the page via a hidden input field
//
//  Client-side:
//     1. When the completes the form and clicks on Login button
//     2. Validate the form (i.e. verify that all the fields have been filled out)
//     3. Set the hidden response field to HEX(MD5(server-generated-challenge + user-supplied-password))
//     4. Submit the form
//////////////////////////////////////////////////////////////////////////////////
session_start();
session_unset();
srand();
$challenge = "";
for ($i = 0; $i < 80; $i++) {
    $challenge .= dechex(rand(0, 15));
}
$_SESSION[challenge] = $challenge;
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
    <head>
        <title>Login</title>
        <script type="text/javascript" src="/admin/jmd5.js"></script>
        <script type="text/javascript">
            function login() {
                var loginForm = document.getElementById("loginForm");
                if (loginForm.username.value == "") {
                    alert("Please enter your user name.");
                    return false;
                }
                if (loginForm.password.value == "") {
                    alert("Please enter your password.");
                    return false;
                }
				
				var homePanel;
				var inventoryPanel;
				var informationPanel;
				var optionsPanel;
				
				var homePanel = document.getElementById("home");
				var inventoryPanel =document.getElementById("inventory");
				var informationPanel =document.getElementById("information");
				var optionsPanel =document.getElementById("options");
				
[B]	if(homePanel.checked) 				document.getElementById("submitForm").action="home_page_control.php";
	else if(inventoryPanel.checked) 					document.getElementById("submitForm").action="inventory_control.php";
	else if(informationPanel.checked) 					document.getElementById("submitForm").action="information_control.php";
	else if(inventoryPanel.checked)  					document.getElementById("submitForm").action="options_control.php";
	else 
alert("Please select an administration panel.");
					
									
       var submitForm = document.getElementById("submitForm");

         submitForm.username.value = loginForm.username.value;
          submitForm.response.value =
                    hex_md5(loginForm.challenge.value+loginForm.password.value);
         submitForm.submit();
    }[/B]
        </script>
	      <style type="text/css">
		   body {
		    background: #CCCC99;
			outline: none;
		   }
		   input {
		    outline: none;
		   }
		  </style>
    </head>
    <body>
       <blockquote>
        <fieldset style="background: #FFFFCC;"><legend style="background: #669966; height: 30px; width: auto; padding: 5px; border: 1px solid #222; color: #fff; letter-spacing: 3px; font-weight: bold; font-size: 18px; font-family: Arial, Helvetica, sans-serif">Please Login</legend>
        <form id="loginForm" action="#" method="post">
            <table width="381" height="244">
                <?php if (isset($_REQUEST[error])) { ?>
                <tr>
                    <td>Error</td>
                    <td style="color: red;">&nbsp;</td>
                    <td style="color: red;">&nbsp;</td>
                    <td style="color: red;"><?php echo $_REQUEST[error]; ?></td>
                </tr>
                <?php } ?>
                <tr>
                    <td>User Name</td>
                    <td>&nbsp;</td>
                    <td>&nbsp;</td>
                    <td><input type="text" size="28" name="username"/></td>
                </tr>
                <tr>
                    <td>Password</td>
                    <td>&nbsp;</td>
                    <td>&nbsp;</td>
                    <td><input type="password" size="28" name="password"/></td>
                </tr>
              <tr>
              	<td> Select Control Panel </td>
              
              
                <td>&nbsp;</td>
                <td>&nbsp;</td>
                <td><label>
                  <input type="radio" name="select_panel" value="home" id="home" />
                  Home</label></td>
              </tr>
              <tr>
                <td>&nbsp;  </td>
                <td>&nbsp;</td>
                <td>&nbsp;</td>
                <td><label>
                  <input type="radio" name="select_panel" value="inventory" id="inventory" />
                  Inventory</label></td>
              </tr>
              <tr>
                <td>&nbsp;  </td>
                <td>&nbsp;</td>
                <td>&nbsp;</td>
                <td><label>
                  <input type="radio" name="select_panel" value="information" id="information" />
                  Information</label></td>
              </tr>
              <tr>
                <td>&nbsp;  </td>
                <td>&nbsp;</td>
                <td>&nbsp;</td>
                <td><label>
                  <input type="radio" name="select_panel" value="options" id="options" />
                  Options</label></td>
              </tr>
                <tr>
                    <td>&nbsp;</td>
                    <td>&nbsp;</td>
                    <td>&nbsp;</td>
                    <td style="text-align: right; padding-right: 30px;">
                        <input type="hidden" name="challenge" value="<?php echo $challenge; ?>"/>
                        <input type="button" name="submit" value="Login" onclick="login();"/>                    </td>
                </tr>              
           </table>
     

         </form>
        <form id="submitForm" [B][[[ action removed from here ]]][/B] method="post">
            <div>
                <input type="hidden" name="username"/>
                <input type="hidden" name="response"/>
            </div>
        </form>

     </fieldset> 
</blockquote>              
              
              
              
              
    </body>
</html>

If I understand you correctly.... U are struggling with validating radiobutton (i.e) U wana make sure that one of them are seleceted well if thats the case, we can attempt to fix by doing the following, not that I know but I think u need to group ur radio buttons, that means u cant validate each one them, and thats why they merely use the for loop to validate radio buttons

now lets try this solution and see where it takes us

//variable to evaluate if radio button is checked
var optionPanel = false;
//loop to check if the user checked the radio button
for(var x = 0; x < document.formLogin.select_Panel.length; x++)
{
     if (document.formLogin.select_Panel[x].checked = true)
     { 
          optionPanel = true;
          //code what must be done here if one of the radio buttons are checked
     }
}

//Code if the radio button is unchecked or unselected
if (optionPanel = false)
{
    alert("PLease select one of my radio buttons");
    return false;
 } else {
     alert("Form values are valid");
     return true;
 }

This worked. (Sorry for the spacing mess... man I miss gedit....)

<script type="text/javascript">
            function login() {
                var loginForm = document.getElementById("loginForm");
                if (loginForm.username.value == "") {
                    alert("Please enter your user name.");
                    return false;
                }
                if (loginForm.password.value == "") {
                    alert("Please enter your password.");
                    return false;
                }
			
					
									
                var submitForm = document.getElementById("submitForm");

                submitForm.username.value = loginForm.username.value;
                submitForm.response.value =
                    hex_md5(loginForm.challenge.value+loginForm.password.value);
                submitForm.submit();
            }
		
		
			function changeAction() {
				
				var homePanel = document.getElementById("home");
				var inventoryPanel =document.getElementById("inventory");
				var informationPanel =document.getElementById("information");
				var optionsPanel =document.getElementById("options");
				
                var submitFormAction = document.getElementById("submitForm");
				
				if(homePanel.checked) {
					submitFormAction.action="authenticate.php";
					login();
			    }
				else if(inventoryPanel.checked)   {
					submitFormAction.action="authenticate1.php";
					login();
			    }
				else if(informationPanel.checked)  {
					submitFormAction.action="authenticate2.php";
					login();
			    }
				else if(optionsPanel.checked)   {
					submitFormAction.action="authenticate3.php";
					login();
			    }
				else {
					alert("Please select an administration panel.");
					return false;
			    }
			  
			 }
	
        </script>

Any reason for this complicated approach, mix of PHP and JavaScript if you can do it better with PHP on its own?

PS after merge: Please do not flood forum with multiple posts!

Comments
Agree with ~s.o.s.~ there. Peter you always moderate fairly and efficiently!
Equlizer; one performing mod duties should never be needlessly penalized.
posted a non-useful response with an infraction.......

Nevermind, Mister. I solved it myself, complex as it is...

Well..... if U solved it U can mark it as solved, to eliminate the waste of time ur fellows would waste trying to understand ur complex code

@Traicey the complex code is mainly not his. Original code provide nice PHP implementation which tefflox took it and loaded with various bits and pieces of JavaScript

PS: I'm marking it as solved based on original poster comment "I solved it myself"
PS2: Please try to use proper English as "leet" speak or "chatroom" peak is not welcome here. Thank you for understanding

Comments
useless, dictatorial humiliation of two-year member

Traicey the complex code is mainly not his

What one can say!!!!!

We may rather call it plagiarism than just a plain homework, Anyways Im just glad I dont have to go through all that, mainly trying to fascinate or impress Daniweb's Gurus with the code that is not my own making

Comments
Agree with you on this one !
useless, dictatorial humiliation of two-year member
I agree on that point

You moderators have too much time on your hands. I'm not here to learn the ropes. I'm here to get help. If it takes three moderators and eight PM's to tell me somthing trivial, daniweb is beginning to look like history.


That JS code is all mine, bizzo.

Good night and good luck!

Easy, Easy Tefflox..... All generalizations are wrong, Besides I dont know what ur complaning about (PS... Man invented language to satisfy his deep need to complain) coz U have solved your own problem and thats clever If I may say, U know posting a predicament code and come up with your own solution thats genius dude worse when there is rumor and evidence that says the code is not your original work.... and as Im sitting peperndicular to the floor and horizontal to the wall I say BRAVO keep it up man....;)

Now let's back up a bit. I joined almost two years ago. For the very first post I made, a moderator insulted me by saying this is a "professional" forum and that I should capitalize sentences and use proper spelling and grammar. I brushed it off, but heeded the words. Now read your entry...

Second, you enter with a sweeping generalization of your own: "all generalizations are wrong." That is a personal credo, not any sort of instruction or insight.

Third, I make it abundantly clear my complaint.

Fourth, Rumor + Witticism + Evidence = Hearsay Evidence. Immaterial Evidence.

Fifth, pseudo-sly humor does not impress me, or anyone, particularly.

Sixth, the fact is that the moderators are under review because of my complaints to the admins, who have been gracious and forthright from the beginning. I have not encountered a personable moderator on this site yet. The only thing I've seen of moderators is condescension and neo-conservatism. I appreciate your attempt to undo some damage, but it's just backpedaling, not genuine concern for your members beyond covering your own tracks. (As yes, the moderators have deleted some entries in this thread, when I proved them inane.)

Seventh, and in conclusion, look at the number of views to this thread, and I wonder, why has no one asked to see my functioning, useful solution? Let's ask ourselves that, the next time we search for 20 minutes for similar code, from "some genius dude." That's the whole point of coming here, to see people make connections and solve problems, not to witness petty power struggles.

Good day.

Jess Crockett

<URL snipped>

MMMmmm.... thats quite hash and please forgive my mistakes... but for the sake of Daniweb and its Precious fellows lets be civil.... Why... Because

1. I thought I was helping you with ur thread but I was way far out of what u were looking for

2. U said U solved ur own thread, And for a second there I said mmmmm this guys is a genius and I suggested that u marked ur thread as solved to eliminate the time ur fellow Gurus that are going to waste in ur so complex thread, that was fair

3. Again someone came up with a idea that ur trying to make other ppls heads dizzy by mixing What and JavaScript... I cant remember, well again that might invited ur wreth.... And of cause as crazy as I am I thought it was a joke so I took it on and laugh at it, My apology again Sir

4. I am not a moderator, neither I am hoping to be one, but dude those guys have done incredible job so far, Im not complaining, Im impressed and I just wish that the world was full of people like them.

5. Lastly I am really sorry for ur ill-lucky of not being taken serious, really I am and this time around Im not joking, Making a long story very short, please accept my apology on behalf of whoever had seriously cozed you to spit anger on Daniweb as a whole, Im sure they never meant it that way, they are here to help us after all not to make us feel belittled or anything less than that

I am sorry once again

I marked the thread solved, per your suggestion; on second thought, who can call so much of this a "solution" to anything?

Give me a few days to cool down, and I will post a new thread with the full code, that yes, in part I did borrow from someone -- the authentication page. Then I added JS code that virtually enables any page on a site accessible by changing one token of text in any number of authentication pages. It's not genius, unless you count getting it done under fire, such as we see here.

Peace out

Following is a solution that requires very little modification to employ any number of radio button redirections from a login page. It includes fieldset / legend styling that is IE7 certified.

Attached is the md5 file that is required to run the script. I have renamed it out of personal concerns to 'jmd5.js', but credit to authors remains intact.

Overview ::

A basic login screen which validates against selected radio buttons, which alters the login to redirect the user to their desired place of action..

Context view ::

This script requires several pages. For each authentication-only page, you will need a corresponding 'authenticate[a].php' page, where a is for convenience an integer value.

login page 'index.php'

<?php 
/////////////////////////////////////////////////////////////////////////////
//
// LOGIN PAGE
//
//   Server-side:
//     1. Start a session
//     2. Clear the session
//     3. Generate a random challenge string
//     4. Save the challenge string in the session
//     5. Expose the challenge string to the page via a hidden input field
//
//  Client-side:
//     1. When the completes the form and clicks on Login button
//     2. Validate the form (i.e. verify that all the fields have been filled out)
//     3. Set the hidden response field to HEX(MD5(server-generated-challenge + user-supplied-password))
//     4. Submit the form
//////////////////////////////////////////////////////////////////////////////////
session_start();
session_unset();
srand();
$challenge = "";
for ($i = 0; $i < 80; $i++) {
    $challenge .= dechex(rand(0, 15));
}
$_SESSION[challenge] = $challenge;
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
    <head>
<title>Administration</title>
<script type="text/javascript" src="/admin/jmd5.js"></script>
<script type="text/javascript">
function login() {
    var loginForm = document.getElementById("loginForm");
    if (loginForm.username.value == "") {
        alert("Please enter your user name.");
        return false;
    }
    if (loginForm.password.value == "") {
        alert("Please enter your password.");
        return false;
    }

        
                        
    var submitForm = document.getElementById("submitForm");

    submitForm.username.value = loginForm.username.value;
    submitForm.response.value =
        hex_md5(loginForm.challenge.value+loginForm.password.value);
    submitForm.submit();
}


function changeAction() {
    
    var homePanel = document.getElementById("home");
    var inventoryPanel =document.getElementById("inventory");
    var informationPanel =document.getElementById("information");
    var optionsPanel =document.getElementById("options");
    
    var submitFormAction = document.getElementById("submitForm");
    
    if(homePanel.checked) {
        submitFormAction.action="authenticate.php";
        login();
    }
    else if(inventoryPanel.checked)   {
        submitFormAction.action="authenticate1.php";
        login();
    }
    else if(informationPanel.checked)  {
        submitFormAction.action="authenticate2.php";
        login();
    }
    else if(optionsPanel.checked)   {
        submitFormAction.action="authenticate3.php";
        login();
    }
    else {
        alert("Please select an administration panel.");
        return false;
    }
  
 }

</script>
<style type="text/css">
   body {
	background: #CCCC99;
   }

   // IE7 hacks firefox ignores

   html fieldset {
	position: relative; margin-top: 1em; padding-top: 0.75em; 
   }
   
   html legend {
	position: absolute; top: -0.84em; left: 2em;
   }
</style>
    </head>
    <body>
    <br/>

<fieldset style="background: #FFFFCC; margin: auto; height: auto; width: auto;">
  <legend style="background: #669966; height: auto; width: auto; padding: 5px; border: 1px solid #222; color: #fff; letter-spacing: 3px; font-weight: bold; font-size: 18px; font-family: Arial, Helvetica, sans-serif;">
    Please Login
  </legend>

<form id="loginForm" action="#" method="post">

<table width="381" height="244">
  <?php if (isset($_REQUEST[error])) { ?>
  <tr>
    <td>Error</td>
    <td style="color: red;">&nbsp;</td>
    <td style="color: red;">&nbsp;</td>
    <td style="color: red;"><?php echo $_REQUEST[error]; ?></td>
  </tr>
  <?php } ?>
  <tr>
    <td>User Name</td>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
    <td><input type="text" size="28" name="username"/></td>
  </tr>
  <tr>
    <td>Password</td>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
    <td><input type="password" size="28" name="password"/></td>
  </tr>
  <tr>
    <td> Select Control Panel </td>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
    <td><label>
          <input type="radio" name="select_panel" value="home" id="home" />
        Home</label></td>
  </tr>
  <tr>
    <td>&nbsp;  </td>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
    <td><label>
          <input type="radio" name="select_panel" value="inventory" id="inventory" />
        Inventory</label></td>
  </tr>
  <tr>
    <td>&nbsp;  </td>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
    <td><label>
          <input type="radio" name="select_panel" value="information" id="information" />
        Information</label></td>
  </tr>
  <tr>
    <td>&nbsp;  </td>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
    <td><label>
          <input type="radio" name="select_panel" value="options" id="options" />
        Options</label></td>
  </tr>
  <tr>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
    <td style="text-align: right; padding-right: 30px;">
      <input type="hidden" name="challenge" value="<?php echo $challenge; ?>"/>
      <input type="button" name="submit" value="Login" onclick="changeAction();"/></td>
    </tr>              
</table>
</form>
             <form id="submitForm" action="index.php" method="post">
        <div>
          <input type="hidden" name="username"/>
          <input type="hidden" name="response"/>
        </div>
              </form>

</fieldset> 
 
    </body>
</html>

'authenticate[zero to many].php'

<?php 
/////////////////////////////////////////////////////////////////////////////
//
// AUTHENTICATE PAGE
//
//   Server-side:
//     1. Get the challenge from the user session
//     2. Get the password for the supplied user (local lookup)
//     3. Compute expected_response = MD5(challenge+password)
//     4. If expected_response == supplied response:
//        4.1. Mark session as authenticated and forward to secret.php
//        4.2. Otherwise, authentication failed. Go back to index.php
//////////////////////////////////////////////////////////////////////////////////

$userDB = array("log" => "pass"); // array values for demonstration only, not for practical use ! 

// the following code works, never mind how, just that it works, and for multiple redirect, 
// you only need to append one of these authentication pages to a radio button (as demonstrated)
// and then change the last line before exit() is called, to any page you want to make authentication-only


function getPasswordForUser($username) {
// get password from a simple associative array
// but this could be easily rewritten to fetch user info from a real DB
global $userDB;     return $userDB[$username];
} 
function validate($challenge, $response, $password) {
return md5($challenge . $password) == $response;
} 
function authenticate() {
if (isset($_SESSION[challenge]) &&
isset($_REQUEST[username]) &&
isset($_REQUEST[response])) {
$password = getPasswordForUser($_REQUEST[username]);
if (validate($_SESSION[challenge], $_REQUEST[response], $password)) {
$_SESSION[authenticated] = "yes";
$_SESSION[username] = $_REQUEST[username];;
unset($_SESSION[challenge]);
} else {
header("Location:index.php?error=".urlencode("Failed authentication"));
exit;
}
} else {
header("Location:index.php?error=".urlencode("Session expired"));
exit;
}
}
session_start();
authenticate();

/* * * * */ /* * * * */ /* * * * */ 

header("Location:home_page_control.php");  /* * * * */ /* change location for each radio button redirect */

/* * * * */ /* * * * */ /* * * * */

exit();
?>

"common page" required for authentication, 'common.php'

<?php
////////////////////////////////////////////////////////////////////////////////
//
// COMMON PAGE
//
//   Defines require_authentication() function:
//     If the user is not authenticated, forward to the login page
//     
//////////////////////////////////////////////////////////////////////////////// 
session_start();
function is_authenticated() {
return isset($_SESSION[authenticated]) &&
$_SESSION[authenticated] == "yes";
}
function require_authentication() {
if (!is_authenticated()) {
header("Location:index.php?error=".urlencode("Not_authenticated"));  

// NOTE :: if the login page has been renamed from 'index.php', make the change here, above as well

exit;  
}
}
?>

your authentication-only pages... such as 'inventory_control.php', 'options_control.php', etc.

<?php 
////////////////////////////////////////////////////////////////////////////////
//
// SECRET PAGE
//
//   Invokes require_authentication() to ensure that the user is authenticated
//     
//////////////////////////////////////////////////////////////////////////////// 
require("common.php");
require_authentication();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>

Logged in users only !

</body>
</html>
Attachments
/*
 * A JavaScript implementation of the RSA Data Security, Inc. MD5 Message
 * Digest Algorithm, as defined in RFC 1321.
 * Version 2.1 Copyright (C) Paul Johnston 1999 - 2002.
 * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
 * Distributed under the BSD License
 * See http://pajhome.org.uk/crypt/md5 for more info.
 */

/*
 * Configurable variables. You may need to tweak these to be compatible with
 * the server-side, but the defaults work in most cases.
 */
var hexcase = 0;  /* hex output format. 0 - lowercase; 1 - uppercase        */
var b64pad  = ""; /* base-64 pad character. "=" for strict RFC compliance   */
var chrsz   = 8;  /* bits per input character. 8 - ASCII; 16 - Unicode      */

/*
 * These are the functions you'll usually want to call
 * They take string arguments and return either hex or base-64 encoded strings
 */
function hex_md5(s){ return binl2hex(core_md5(str2binl(s), s.length * chrsz));}
function b64_md5(s){ return binl2b64(core_md5(str2binl(s), s.length * chrsz));}
function str_md5(s){ return binl2str(core_md5(str2binl(s), s.length * chrsz));}
function hex_hmac_md5(key, data) { return binl2hex(core_hmac_md5(key, data)); }
function b64_hmac_md5(key, data) { return binl2b64(core_hmac_md5(key, data)); }
function str_hmac_md5(key, data) { return binl2str(core_hmac_md5(key, data)); }

/*
 * Perform a simple self-test to see if the VM is working
 */
function md5_vm_test()
{
  return hex_md5("abc") == "900150983cd24fb0d6963f7d28e17f72";
}

/*
 * Calculate the MD5 of an array of little-endian words, and a bit length
 */
function core_md5(x, len)
{
  /* append padding */
  x[len >> 5] |= 0x80 << ((len) % 32);
  x[(((len + 64) >>> 9) << 4) + 14] = len;

  var a =  1732584193;
  var b = -271733879;
  var c = -1732584194;
  var d =  271733878;

  for(var i = 0; i < x.length; i += 16)
  {
    var olda = a;
    var oldb = b;
    var oldc = c;
    var oldd = d;

    a = md5_ff(a, b, c, d, x[i+ 0], 7 , -680876936);
    d = md5_ff(d, a, b, c, x[i+ 1], 12, -389564586);
    c = md5_ff(c, d, a, b, x[i+ 2], 17,  606105819);
    b = md5_ff(b, c, d, a, x[i+ 3], 22, -1044525330);
    a = md5_ff(a, b, c, d, x[i+ 4], 7 , -176418897);
    d = md5_ff(d, a, b, c, x[i+ 5], 12,  1200080426);
    c = md5_ff(c, d, a, b, x[i+ 6], 17, -1473231341);
    b = md5_ff(b, c, d, a, x[i+ 7], 22, -45705983);
    a = md5_ff(a, b, c, d, x[i+ 8], 7 ,  1770035416);
    d = md5_ff(d, a, b, c, x[i+ 9], 12, -1958414417);
    c = md5_ff(c, d, a, b, x[i+10], 17, -42063);
    b = md5_ff(b, c, d, a, x[i+11], 22, -1990404162);
    a = md5_ff(a, b, c, d, x[i+12], 7 ,  1804603682);
    d = md5_ff(d, a, b, c, x[i+13], 12, -40341101);
    c = md5_ff(c, d, a, b, x[i+14], 17, -1502002290);
    b = md5_ff(b, c, d, a, x[i+15], 22,  1236535329);

    a = md5_gg(a, b, c, d, x[i+ 1], 5 , -165796510);
    d = md5_gg(d, a, b, c, x[i+ 6], 9 , -1069501632);
    c = md5_gg(c, d, a, b, x[i+11], 14,  643717713);
    b = md5_gg(b, c, d, a, x[i+ 0], 20, -373897302);
    a = md5_gg(a, b, c, d, x[i+ 5], 5 , -701558691);
    d = md5_gg(d, a, b, c, x[i+10], 9 ,  38016083);
    c = md5_gg(c, d, a, b, x[i+15], 14, -660478335);
    b = md5_gg(b, c, d, a, x[i+ 4], 20, -405537848);
    a = md5_gg(a, b, c, d, x[i+ 9], 5 ,  568446438);
    d = md5_gg(d, a, b, c, x[i+14], 9 , -1019803690);
    c = md5_gg(c, d, a, b, x[i+ 3], 14, -187363961);
    b = md5_gg(b, c, d, a, x[i+ 8], 20,  1163531501);
    a = md5_gg(a, b, c, d, x[i+13], 5 , -1444681467);
    d = md5_gg(d, a, b, c, x[i+ 2], 9 , -51403784);
    c = md5_gg(c, d, a, b, x[i+ 7], 14,  1735328473);
    b = md5_gg(b, c, d, a, x[i+12], 20, -1926607734);

    a = md5_hh(a, b, c, d, x[i+ 5], 4 , -378558);
    d = md5_hh(d, a, b, c, x[i+ 8], 11, -2022574463);
    c = md5_hh(c, d, a, b, x[i+11], 16,  1839030562);
    b = md5_hh(b, c, d, a, x[i+14], 23, -35309556);
    a = md5_hh(a, b, c, d, x[i+ 1], 4 , -1530992060);
    d = md5_hh(d, a, b, c, x[i+ 4], 11,  1272893353);
    c = md5_hh(c, d, a, b, x[i+ 7], 16, -155497632);
    b = md5_hh(b, c, d, a, x[i+10], 23, -1094730640);
    a = md5_hh(a, b, c, d, x[i+13], 4 ,  681279174);
    d = md5_hh(d, a, b, c, x[i+ 0], 11, -358537222);
    c = md5_hh(c, d, a, b, x[i+ 3], 16, -722521979);
    b = md5_hh(b, c, d, a, x[i+ 6], 23,  76029189);
    a = md5_hh(a, b, c, d, x[i+ 9], 4 , -640364487);
    d = md5_hh(d, a, b, c, x[i+12], 11, -421815835);
    c = md5_hh(c, d, a, b, x[i+15], 16,  530742520);
    b = md5_hh(b, c, d, a, x[i+ 2], 23, -995338651);

    a = md5_ii(a, b, c, d, x[i+ 0], 6 , -198630844);
    d = md5_ii(d, a, b, c, x[i+ 7], 10,  1126891415);
    c = md5_ii(c, d, a, b, x[i+14], 15, -1416354905);
    b = md5_ii(b, c, d, a, x[i+ 5], 21, -57434055);
    a = md5_ii(a, b, c, d, x[i+12], 6 ,  1700485571);
    d = md5_ii(d, a, b, c, x[i+ 3], 10, -1894986606);
    c = md5_ii(c, d, a, b, x[i+10], 15, -1051523);
    b = md5_ii(b, c, d, a, x[i+ 1], 21, -2054922799);
    a = md5_ii(a, b, c, d, x[i+ 8], 6 ,  1873313359);
    d = md5_ii(d, a, b, c, x[i+15], 10, -30611744);
    c = md5_ii(c, d, a, b, x[i+ 6], 15, -1560198380);
    b = md5_ii(b, c, d, a, x[i+13], 21,  1309151649);
    a = md5_ii(a, b, c, d, x[i+ 4], 6 , -145523070);
    d = md5_ii(d, a, b, c, x[i+11], 10, -1120210379);
    c = md5_ii(c, d, a, b, x[i+ 2], 15,  718787259);
    b = md5_ii(b, c, d, a, x[i+ 9], 21, -343485551);

    a = safe_add(a, olda);
    b = safe_add(b, oldb);
    c = safe_add(c, oldc);
    d = safe_add(d, oldd);
  }
  return Array(a, b, c, d);

}

/*
 * These functions implement the four basic operations the algorithm uses.
 */
function md5_cmn(q, a, b, x, s, t)
{
  return safe_add(bit_rol(safe_add(safe_add(a, q), safe_add(x, t)), s),b);
}
function md5_ff(a, b, c, d, x, s, t)
{
  return md5_cmn((b & c) | ((~b) & d), a, b, x, s, t);
}
function md5_gg(a, b, c, d, x, s, t)
{
  return md5_cmn((b & d) | (c & (~d)), a, b, x, s, t);
}
function md5_hh(a, b, c, d, x, s, t)
{
  return md5_cmn(b ^ c ^ d, a, b, x, s, t);
}
function md5_ii(a, b, c, d, x, s, t)
{
  return md5_cmn(c ^ (b | (~d)), a, b, x, s, t);
}

/*
 * Calculate the HMAC-MD5, of a key and some data
 */
function core_hmac_md5(key, data)
{
  var bkey = str2binl(key);
  if(bkey.length > 16) bkey = core_md5(bkey, key.length * chrsz);

  var ipad = Array(16), opad = Array(16);
  for(var i = 0; i < 16; i++)
  {
    ipad[i] = bkey[i] ^ 0x36363636;
    opad[i] = bkey[i] ^ 0x5C5C5C5C;
  }

  var hash = core_md5(ipad.concat(str2binl(data)), 512 + data.length * chrsz);
  return core_md5(opad.concat(hash), 512 + 128);
}

/*
 * Add integers, wrapping at 2^32. This uses 16-bit operations internally
 * to work around bugs in some JS interpreters.
 */
function safe_add(x, y)
{
  var lsw = (x & 0xFFFF) + (y & 0xFFFF);
  var msw = (x >> 16) + (y >> 16) + (lsw >> 16);
  return (msw << 16) | (lsw & 0xFFFF);
}

/*
 * Bitwise rotate a 32-bit number to the left.
 */
function bit_rol(num, cnt)
{
  return (num << cnt) | (num >>> (32 - cnt));
}

/*
 * Convert a string to an array of little-endian words
 * If chrsz is ASCII, characters >255 have their hi-byte silently ignored.
 */
function str2binl(str)
{
  var bin = Array();
  var mask = (1 << chrsz) - 1;
  for(var i = 0; i < str.length * chrsz; i += chrsz)
    bin[i>>5] |= (str.charCodeAt(i / chrsz) & mask) << (i%32);
  return bin;
}

/*
 * Convert an array of little-endian words to a string
 */
function binl2str(bin)
{
  var str = "";
  var mask = (1 << chrsz) - 1;
  for(var i = 0; i < bin.length * 32; i += chrsz)
    str += String.fromCharCode((bin[i>>5] >>> (i % 32)) & mask);
  return str;
}

/*
 * Convert an array of little-endian words to a hex string.
 */
function binl2hex(binarray)
{
  var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef";
  var str = "";
  for(var i = 0; i < binarray.length * 4; i++)
  {
    str += hex_tab.charAt((binarray[i>>2] >> ((i%4)*8+4)) & 0xF) +
           hex_tab.charAt((binarray[i>>2] >> ((i%4)*8  )) & 0xF);
  }
  return str;
}

/*
 * Convert an array of little-endian words to a base-64 string
 */
function binl2b64(binarray)
{
  var tab = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
  var str = "";
  for(var i = 0; i < binarray.length * 4; i += 3)
  {
    var triplet = (((binarray[i   >> 2] >> 8 * ( i   %4)) & 0xFF) << 16)
                | (((binarray[i+1 >> 2] >> 8 * ((i+1)%4)) & 0xFF) << 8 )
                |  ((binarray[i+2 >> 2] >> 8 * ((i+2)%4)) & 0xFF);
    for(var j = 0; j < 4; j++)
    {
      if(i * 8 + j * 6 > binarray.length * 32) str += b64pad;
      else str += tab.charAt((triplet >> 6*(3-j)) & 0x3F);
    }
  }
  return str;
}

At the risk of driving the thread even further off course, I'd like to address some of the issues raised concerning the moderators.

>For the very first post I made, a moderator insulted me by saying this is a "professional"
>forum and that I should capitalize sentences and use proper spelling and grammar.
The very fact that you consider it an insult suggests that you're not viewing the request objectively. I've been through the better part of your early posts and saw nothing about this, so I assume it was through a private message and thus, can't verify the "insult". However, we do ask that posts be made in full sentence English for the sake of professionalism. This is clearly stated in the community rules.

>the fact is that the moderators are under review because of my complaints
Moderators are always under review. It's my job to keep an eye on them and make sure that everything is running smoothly. Taking complaints into account is simply a variable in the constant "quality assurance".

>to the admins, who have been gracious and forthright from the beginning
Being gracious and forthright doesn't mean they'll actually do anything. Any complaints about a moderator will get redirected to me, and I'll ultimately handle them. As such, you'll get faster results by following the chain of command. Complaints about a regular member go to any of the moderators, complaints about a moderator go to the super moderator, and complaints about the super moderator go to an admin.

>I have not encountered a personable moderator on this site yet.
I make it very clear to anyone who cares to ask that a moderator's behavior is governed by the same rules as everyone else. As long as they do their job well and don't break any rules, I really don't care how they act. Doing the job well and not breaking any rules is sufficient to keep behavior within acceptable norms.

>As yes, the moderators have deleted some entries in this thread, when I proved them inane.
I'll kindly ask that you refrain from making such accusations unless you have sufficient proof. What you describe is an abuse of power that if true, would likely lead the the removal of the moderator in question. As such, it's a very serious accusation that shouldn't be made lightly.

Because it's so serious, I've carefully checked the history of changes in this thread. There are no deleted posts, one edit by a moderator that adds text to his own post, and one edit that removes a single url in post #12, which constituted a violation of the rules. I see nothing that justifies your accusation.

Comments
Agree with you there. Rules are rules, and serve to better the community.
useless, self-serving diatribe

I'm gone. Any site with moderator, super moderator, and admin (four level pyramidal hierarchy, including the members, is a dated system.)

If the best you can demonstrate are some flashy yellow stars and post meaningless infractions, rummaging through 20 month old posts to support your partners in crime, well then I'm not the only one with better ideas, and better things to do.

If you have nothing constructive to offer, you are wasting the time of the people here for the solution to the original problem, not to listen to all the reasons why they should not come to daniweb, due to the now painfully obvious neo-conservative bent of her bored moderators.

Comments
i want my five minutes back. the five minutes of my life i wasted reading all of your rants.

>I'm gone.
Don't let the door hit you on the way out. I gave you the benefit of the doubt and offered a serious reply to your rant, but it's obvious at this point that you're simply trying to garner as much attention as possible due to some imagined insult. If you want to act like a child, I'll treat you like one.

This question has already been answered. Start a new discussion instead.