mfaerber

I have been going around and around with a guy for several days now trying figure out what is causing his problem. I have a CMS and a few clients that use it, he however, is the only one experiencing this problem. It’s a problem that’s old as the hills: when he enters his login info and clicks “login”, he is greeted by this page: [!--coloro:DimGray--][span style=\"color:DimGray\"][!--/coloro--][blockquote]The page cannot be displayed The page you are looking for might have been removed or had its name changed. -------------------------------------------------------------------------------- Please try the following: Open the username@email.com:password@www.mywebsite.org home page, and then look for links to the information you want. If you typed the page address in the Address bar, make sure that it is spelled correctly. If you still cannot open the page, click the Internet Explorer Search button to look for similar sites. Internet Explorer [/blockquote] [!--colorc--][/span][!--/colorc--] He has winXP and IE 6.0.29 SP2. He has gone through probably every system tweak ever posted on this problem to no avail. Most peoples standard response to this problem deals with cookies and caches and everything within the security section of the advanced tab of IE’s “internet options” – and it’s all been tried. Regardless of what his problem is though, I would like to fix the CODE ITSELF so that it doesn’t care about whatever his network or ISP’s settings are that may be causing this. The closest I’ve come to the source of the problem is in regards to how IE sometimes has a problem with the POST command. I am relatively new at PHP and MYSQL and I learn best by example if anyone has any suggestions. [a href=\"http://publicecology.org/login_code.txt\" target=\"_blank\"]Here is a link to a text file of my login script. [/a] Thank you very much in advance.

Behold, as I contruct an unnecessarily long explanation for my simple problem: The Situation: I have page A and page B, and page B is 2 folders deep within page A. Page A is an index.php file with an include statement that calls upon page B. Page B has code in it that prints out the stats (filze sizes) of the folder within it. The Problem: When I go to page A in my browser, I see the stats for the folders relative to page A, not page B. I have not been able to figure out how to add absolute paths to the script within page B, as I know this would solve this. Is that what I want to do, and where do I put them, OR is there a simpler way? Here is the relevant code for page B: [code]<?php function foldersize( $path ) {   $size = 0;   if( $dir = @opendir( $path )) {     while(($file = readdir($dir)) !== false ) {       if( is_dir( "$path/$file" ) && $file != '.' && $file != '..' ) {              $size += foldersize( "$path/$file" );       }       if( is_file( "$path/$file" )) {         $size += filesize( "$path/$file" );       }     }     closedir($dir);   }   return $size; } $sizes['files'] = 0; if( $dir = @opendir( '.' )) {   while(($file = readdir($dir)) !== false ) {     if( is_dir( "$file" ) && $file != '.' && $file != '..' ) {      $sizes[$file] = foldersize( "$file" );     }     if( is_file( "$file" )) {       $sizes['files'] += filesize( "$file" );     }   }   closedir($dir); } $totsize = 0; foreach( $sizes as $fsize ) {   $totsize += $fsize; } echo "<table>"; foreach( $sizes as $key => $size ) {   $perc = 100 * $size / $totsize;   $width = 4 * $perc;   $percstr = number_format( $perc, 1 ) . '%';   $sizestr = number_format( $size );   $dir = "/images/100/";   printf( '<tr><td>%s</td><td align="right">%s</td><td><img src="red_dot.gif" width="%s" ' .     'height="10" border="0" alt="%s"> %s</td>', $key, $sizestr, $width, $percstr,$percstr );   } echo "</table>"; ?>[/code] Thank you in advance!

Thank you very much Twentyoneth, I played with your code a lot, and then led me in a whole bunch of different directions. Ultimately, I've come up with this little nugget using sessions. If I simply include this into all of the pages I want to protect, they'll be protected. Anyone see anything wrong with this code? It sure seems to work pretty well. [code]<?php session_start(); if ($_POST['username'] == 'XXX' and      $_POST['password'] == 'YYY')    $_SESSION['authorized'] = true; ?> <?php if (!$_SESSION['authorized']): ?>      <form action="<?=$_SERVER['PHP_SELF']?>" method="POST">        <p>Username: <input type="text" name="username" /><br />           Password: <input type="password" name="password" /><br />           <input type="submit" /></p>      </form> <?php else: ?> <!-- Super-secret HTML content goes here --> <?php endif; ?>[/code] Now I just need to perfect a "logout" button for it... Which I'm not excited about because of my dealings with trying to simply expire cookies... which have left mental scars...

[!--quoteo(post=369605:date=Apr 28 2006, 10:51 AM:name=wildteen88)--][div class=\'quotetop\']QUOTE(wildteen88 @ Apr 28 2006, 10:51 AM) [snapback]369605[/snapback][/div][div class=\'quotemain\'][!--quotec--] Why javascript? It is not secure to password protect a page with javascript as it is easy to bypass the password login, but simply disabling javascript. With PHP is much more secure as the password cannot be seen by anyone. [/quote] I knew this question was going to come up at some point. Do you have any specific suggestions? I started out using .htaccess, and really, really liked it, but it gave some users trouble so I abandoned it. I'm working on a CMS and it has a "members only section", which has, as the name implies, multiple pages within in it. With the code I am using, if the user disabled javascript, then he/she is redirected an "access denied" page. If the user tries to type in the URL to a page PAST the login page, then he/she is redirected to an "access denied" screen. I ultimately chose this particular script because I understand it, and it's easy to use it to protect multiple pages by simply adding 2 lines between the head tags. Right now I am the most worried about it being 100%, or at least 99.9999% usable by everyone without problems. Oh, and I'm note really interested in adding yet another table to my database for this cause...

Wow, I'm not used to asking questions in forums like this, thanks for the quick response! I think that I do indeed want to use the method you describe, however not in it's exact scripty form. The password protection that I'm using is based on the good doctors code ([a href=\"http://www.ddj.com/184412419\" target=\"_blank\"]http://www.ddj.com/184412419[/a]), in which, he using various tricks to make everything a tad more secure. Anyways, instead of checking the users input against a password that's hard coded into the same page that the form is on, my script checks the users input against the password in another page, "blank.html", of which you can see it referred to in my original post, and which has the following code, in which "xxx" is the password: [code]<script language="javascript"> var pw = "xxx"; if (parent.location.href==window.location.href) {         window.location.href="pw_required.html"         } </script> <body> <body bgcolor="#ffffff" onLoad='javascript:parent.body.location.href="homepage.html"'>[/code] I hope I've made my intentions clear enough... thank you again Orio

Howdy, long time PHP supporter, first time caller: Allright, I'm using some funky javascripting to password-protect some low-level senstive sites. As is, users click on a link and are prompted with a pop-up box asking for a password. Instead of this action, I would like to have a field embedded right into a PHP webpage so that users can just type in the password and click "login!" without messing with the popup box at all. I've done this using forms, but not with javascript. Below is the portion of the script that currently activates the prompt: [!--coloro:#006600--][span style=\"color:#006600\"][!--/coloro--][code]function askPW() { var password = prompt('Please enter your password:'); if (password == parent.blank.pw) { setCookie("pubeconet",password);              document.location.href="homepage.html";                } else {                        document.location.href="pw_required.html";              }                    }[/code][!--colorc--][/span][!--/colorc--] I know there has to be a simple solution, and recognizing that I learn better by example, can anyone give me a suggestion? Thank you in advance!