Jump to content

Recommended Posts

Hello all.

 

I have just changed web hosts and everything is now running fine except one php script. The script in question is a password protection script. Is there any obvious reason for this problem? I have looked at my php.ini file but wouldn't know what or if to change. I can post the whole script if you think it is the script not the web host that is the problem.

(The script was working great before the change.)

 

Thanks

 

Davo

I have just changed web hosts and everything is now running fine except one php script

 

So it's probably the script.  Please post it.  What does this script do?  Are there any errors?  Without this information we really can't help you.

Hey guys

 

Thanks for replying. The script is from a website called zubrag.com Its a password protecting script. What it does is redirect a user to their own page on my website when they enter their username and password. Each protected page has a script at the top like this: <?php include("/home/content/d/e/s/designbrand/html/password_protect.php"); ?>

 

I have had it running well for two years or so. I went straight to zubrag.com when it stopped working but it appears that zubrag.com is not really functioning anymore! I realise that this is quite a long and complex script so I understand if no one wants to unravel it! I was kind of hoping the trouble was on the servers side as I haven't changed the script at all.

 

Thanks again

 

Davo

 

(sorry about the huge cut and paste!)

 

 

<?php

###############################################################
# Page Password Protect 2.13
###############################################################
# Visit http://www.zubrag.com/scripts/ for updates
############################################################### 
#
# Usage:
# Set usernames / passwords below between SETTINGS START and SETTINGS END.
# Open it in browser with "help" parameter to get the code
# to add to all files being protected. 
#    Example: password_protect.php?help
# Include protection string which it gave you into every file that needs to be protected
#
# Add following HTML code to your page where you want to have logout link
# <a href="http://www.example.com/path/to/protected/page.php?logout=1">Logout</a>
#
###############################################################

/*
-------------------------------------------------------------------
SAMPLE if you only want to request login and password on login form.
Each row represents different user.

$LOGIN_INFORMATION = array(
  'zubrag' => 'root',
  'test' => 'testpass',
  'admin' => 'passwd'
);

--------------------------------------------------------------------
SAMPLE if you only want to request only password on login form.
Note: only passwords are listed

$LOGIN_INFORMATION = array(
  'root',
  'testpass',
  'passwd'
);

--------------------------------------------------------------------
*/

##################################################################
#  SETTINGS START
##################################################################

// Add login/password pairs below, like described above
// NOTE: all rows except last must have comma "," at the end of line
$LOGIN_INFORMATION = array(
  'user1' => 'password1',
  'user2' => 'password2'
  
);
$REDIRECTS = array (
'user1' => 'user1.php',
'user2' => 'user2.php'
);

// request login? true - show login and password boxes, false - password box only
define('USE_USERNAME', true);

// User will be redirected to this page after logout
define('LOGOUT_URL', 'http://www.designbrand.co.nz/password_protect.php');

// time out after NN minutes of inactivity. Set to 0 to not timeout
define('TIMEOUT_MINUTES', 1);


// This parameter is only useful when TIMEOUT_MINUTES is not zero
// true - timeout time from last activity, false - timeout time from login
define('TIMEOUT_CHECK_ACTIVITY', false);

##################################################################
#  SETTINGS END
##################################################################


///////////////////////////////////////////////////////
// do not change code below
///////////////////////////////////////////////////////

// show usage example
if(isset($_GET['help'])) {
  die('Include following code into every page you would like to protect, at the very beginning (first line):<br><?php include("' . str_replace('\\','\\\\',__FILE__) . '"); ?>');
}

// timeout in seconds
$timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60);

// logout?
if(isset($_GET['logout'])) {
  setcookie("verify", '', $timeout, '/'); // clear password;
  header('Location: ' . LOGOUT_URL);
  exit();
}

if(!function_exists('showLoginPasswordProtect')) {

// show login form
function showLoginPasswordProtect($error_msg) {
?>
<HTML>
<HEAD>
<META name="keywords" content="wellington, industrial design, product design, new zealand, consultancy, product development, digitizing, reverse engineering, cad, Jurgen Brand">
<TITLE>Design Brand  - Product Design Consultancy in Wellington, New Zealand</TITLE>
<link rel='stylesheet' href='DesignBrandStyle.css' type='text/css'>
<link rel="Shortcut Icon" href="/favicon.ico">
  <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
  <META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
  <BASE href="http://www.designbrand.co.nz/">
</HEAD>

<? $Request='Client'; ?>

<? $id = $_GET['id']; ?>

<BODY leftmargin="0px" topmargin="0px" marginwidth="0px" marginheight="0px">

<!-- Start of StatCounter Code -->
<script type="text/javascript" language="javascript">
var sc_project=2601482; 
var sc_invisible=0; 
var sc_partition=25; 
var sc_security="8f52f483"; 
</script>

<script type="text/javascript" language="javascript" src="http://www.statcounter.com/counter/counter.js"></script><noscript><a href="http://www.statcounter.com/" target="_blank"><img  src="http://c26.statcounter.com/counter.php?sc_project=2601482&java=0&security=8f52f483&invisible=0" alt="blog stats" border="0"></a> </noscript>
<!-- End of StatCounter Code -->

<table class='Page' width='800' height='600' align='center' valign='top' cellpadding='0' cellspacing='0' border='0'>

<!--Main Navigation Menu-->

<? Include('TopNavigation.php'); ?>

<!--Contact Content-->

<tr>
<td>
	<table cellpadding='0' cellspacing='0'>
		<tr>
			<td><img src='Images/transparent.gif' height='180' width='75'></td>
			<td> <style>
    input { border: 1px solid black; }
  </style>
  <form method="post">
  <span class="NewsText"> <b> Please Enter Password </b> </span>
  <br>
    <font color="red"><?php echo $error_msg; ?></font><br />
<?php if (USE_USERNAME) echo 'Login:<br /><input type="input" name="access_login" /><br />Password:<br />'; ?>
    <input type="password" name="access_password" /><p></p><input type="submit" name="Submit" value="Submit" />
  </form>
  <br />
  <a style="font-size:9px" href="http://www.zubrag.com/scripts/password-protect.php" title="Download Webpage Password Protect">Powered by Webpage Password Protect</a></td>
	  </tr>
	</table>
</td>
</tr>
<tr>
<td><img src='Images/transparent.gif' height='190' width='312'></td>
</tr>

<? include('BottomBoxes.php'); ?>

</table>
</BODY>
</HTML>

<?php
  // stop at this point
  die();
}
}

// user provided password
if (isset($_POST['access_password'])) {

  $login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
  $pass = $_POST['access_password'];
  if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION)
  || (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass ) ) 
  ) {
    showLoginPasswordProtect("Incorrect password.");
  }
  else {
    // set cookie if password was validated
    setcookie("verify", md5($login.'%'.$pass), $timeout, '/');
    
    // Some programs (like Form1 Bilder) check $_POST array to see if parameters passed
    // So need to clear password protector variables
    unset($_POST['access_login']);
    unset($_POST['access_password']);
    unset($_POST['Submit']);
header('Location: http://www.designbrand.co.nz/'.$REDIRECTS[$login]); die();     

  }

}

else {

  // check if password cookie is set
  if (!isset($_COOKIE['verify'])) {
    showLoginPasswordProtect("");
  }

  // check if cookie is good
  $found = false;
  foreach($LOGIN_INFORMATION as $key=>$val) {
    $lp = (USE_USERNAME ? $key : '') .'%'.$val;
    if ($_COOKIE['verify'] == md5($lp)) {
      $found = true;
      // prolong timeout
      if (TIMEOUT_CHECK_ACTIVITY) {
        setcookie("verify", md5($lp), $timeout, '/'); 
      }
      break;
    }
  }
  if (!$found) {
    showLoginPasswordProtect("");
  }

}
?>

 

(edited by kenrbnsn to add


tags)

Sorry - to clarify:

 

When users enter their username/password they are redirected to their page but all they see is the login page instead of their content. (eg. User1 sees user1.php in the address bar but sees the login content instead of his own content on the page.)

I believe you are saying that this use to be your full(/home/content/d/e/s/designbrand/html/)  What you probably want to do is pull down all of your files and replace "/home/content/d/e/s/designbrand/html/" with your new full server path.  In the future you want to refrain from hard coding this.

 

realpath() is what I usually use.

Hey Robbob

 

That is my new server path - I changed the files when I moved to the new server. Could you please explain realpath()

 

Thanks for your help

 

Davo

for example, if you want the full server path to the current directory you just use realpath("./") or realpath(".\\") on windows.

Robbob and croNIX

 

Thanks for replies, I have changed all tags to real php tags. Unfortunately no result though.

I replaced the server path with this: <?php include realpath("./password_protect.php"); ?>

Unfortunately there was no change either.

 

Any other thoughts? I really appreciate the help everyone.

 

Davo

anywhere that you define a domain specific path, change it to be more dynamic.  For example: change this line:

<?php header('Location: http://www.designbrand.co.nz/'.$REDIRECTS[$login]); ?>

to this:

<?php header('Location: http://'.$_SERVER['SERVER_NAME'].'/'.$REDIRECTS[$login]); ?>

 

Anything that is server specific, you want to try to make dynamic as possible.

Maybe this will help the diagnosis!?

When I use the original server path I receive this error:

 

Warning: include() [function.include]: Failed opening '/var/www/designbrand.co.nz/htdocs/password_protect.php' for inclusion (include_path='.:/usr/local/php5/lib/php') in /home/content/d/e/s/designbrand/html/Example.php on line 1

 

What is meant by this?: (include_path='.:/usr/local/php5/lib/php')

Hello again everyone

 

I have thought about the issue this weekend and have another idea. Could it be a cookie issue? It appears that when the users page loads the script doesn't recognise the verify cookie so it displays the login page again. Does that sound feasible? When I try and login I don't find any cookies saved by my browser.

Thanks

 

Davo

Can't find topic solved button - even after reading the sticky!!

 

Thank you so much to everyone who helped.

 

The solution:

 

Ahemmmm. I just realised that I had blocked cookies from my own domain while testing a previous project. So the cookies weren't being sent and the login page kept appearing. Sorry everyone - seems it only happens when you post on a forum!

 

Davo

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.