dpad Posted January 22, 2009 Share Posted January 22, 2009 Hi there, I have a password script for my website (the script is 'Page Password Protect 2.13'), but I can't figure out how to modify it so it redirects to an error page instead of just popping up 'incorrect password'. I looked high and low on the internet for a good password script, and this was the only one I could find that was easy to setup and free. This the is the part of the script that calls the incorrect password: --------------------------------------------------------- // user provided password if (isset($_POST['access_password'])) { $login = isset($_POST['access_login']) ? $_POST['access_login'] : ''; $pass = $_POST['access_password']; if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION) || (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass ) ) ) { showLoginPasswordProtect("Invalid Password"); } else { // set cookie if password was validated setcookie("verify", md5($login.'%'.$pass), $timeout, '/'); // Some programs (like Form1 Bilder) check $_POST array to see if parameters passed // So need to clear password protector variables unset($_POST['access_login']); unset($_POST['access_password']); unset($_POST['Submit']); } } --------------------------------------------------------- Sorry for being such a newb, but PHP is totally foreign to me. Any help would be greatly appreciated. Quote Link to comment Share on other sites More sharing options...
revraz Posted January 22, 2009 Share Posted January 22, 2009 Replace showLoginPasswordProtect("Invalid Password"); with either a Header (if there hasn't been output), a HTML redirect or a Javascript redirect. Quote Link to comment Share on other sites More sharing options...
dpad Posted January 22, 2009 Author Share Posted January 22, 2009 Replace showLoginPasswordProtect("Invalid Password"); with either a Header (if there hasn't been output), a HTML redirect or a Javascript redirect. You mean, like "<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.yourdomain.com/index.html">" I'll give it a go... Quote Link to comment Share on other sites More sharing options...
dpad Posted January 22, 2009 Author Share Posted January 22, 2009 Hmmm...now the password page doesn't load at all. Here's the original script in it's complete form. Can you show me what you mean? Sorry for being a newb... <?php ############################################################### # Page Password Protect 2.13 ############################################################### # Visit http://www.zubrag.com/scripts/ for updates ############################################################### # # Usage: # Set usernames / passwords below between SETTINGS START and SETTINGS END. # Open it in browser with "help" parameter to get the code # to add to all files being protected. # Example: password_protect.php?help # Include protection string which it gave you into every file that needs to be protected # # Add following HTML code to your page where you want to have logout link # <a href="http://www.example.com/path/to/protected/page.php?logout=1">Logout</a> # ############################################################### /* ------------------------------------------------------------------- SAMPLE if you only want to request login and password on login form. Each row represents different user. $LOGIN_INFORMATION = array( 'zubrag' => 'root', 'test' => 'testpass', 'admin' => 'passwd' ); -------------------------------------------------------------------- SAMPLE if you only want to request only password on login form. Note: only passwords are listed $LOGIN_INFORMATION = array( 'root', 'testpass', 'passwd' ); -------------------------------------------------------------------- */ ################################################################## # SETTINGS START ################################################################## // Add login/password pairs below, like described above // NOTE: all rows except last must have comma "," at the end of line $LOGIN_INFORMATION = array( 'zubrag' => 'root', 'admin' => 'adminpass' ); // request login? true - show login and password boxes, false - password box only define('USE_USERNAME', true); // User will be redirected to this page after logout define('LOGOUT_URL', 'http://www.example.com/'); // time out after NN minutes of inactivity. Set to 0 to not timeout define('TIMEOUT_MINUTES', 0); // This parameter is only useful when TIMEOUT_MINUTES is not zero // true - timeout time from last activity, false - timeout time from login define('TIMEOUT_CHECK_ACTIVITY', true); ################################################################## # SETTINGS END ################################################################## /////////////////////////////////////////////////////// // do not change code below /////////////////////////////////////////////////////// // show usage example if(isset($_GET['help'])) { die('Include following code into every page you would like to protect, at the very beginning (first line):<br><?php include("' . str_replace('\\','\\\\',__FILE__) . '"); ?>'); } // timeout in seconds $timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60); // logout? if(isset($_GET['logout'])) { setcookie("verify", '', $timeout, '/'); // clear password; header('Location: ' . LOGOUT_URL); exit(); } if(!function_exists('showLoginPasswordProtect')) { // show login form function showLoginPasswordProtect($error_msg) { ?> <html> <head> <title>Please enter password to access this page</title> <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE"> <META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE"> </head> <body> <style> input { border: 1px solid black; } </style> <div style="width:500px; margin-left:auto; margin-right:auto; text-align:center"> <form method="post"> <h3>Please enter password to access this page</h3> <font color="red"><?php echo $error_msg; ?></font><br /> <?php if (USE_USERNAME) echo 'Login:<br /><input type="input" name="access_login" /><br />Password:<br />'; ?> <input type="password" name="access_password" /><p></p><input type="submit" name="Submit" value="Submit" /> </form> <br /> <a style="font-size:9px; color: #B0B0B0; font-family: Verdana, Arial;" href="http://www.zubrag.com/scripts/password-protect.php" title="Download Password Protector">Powered by Password Protect</a> </div> </body> </html> <?php // stop at this point die(); } } // user provided password if (isset($_POST['access_password'])) { $login = isset($_POST['access_login']) ? $_POST['access_login'] : ''; $pass = $_POST['access_password']; if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION) || (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass ) ) ) { showLoginPasswordProtect("Incorrect password."); } else { // set cookie if password was validated setcookie("verify", md5($login.'%'.$pass), $timeout, '/'); // Some programs (like Form1 Bilder) check $_POST array to see if parameters passed // So need to clear password protector variables unset($_POST['access_login']); unset($_POST['access_password']); unset($_POST['Submit']); } } else { // check if password cookie is set if (!isset($_COOKIE['verify'])) { showLoginPasswordProtect(""); } // check if cookie is good $found = false; foreach($LOGIN_INFORMATION as $key=>$val) { $lp = (USE_USERNAME ? $key : '') .'%'.$val; if ($_COOKIE['verify'] == md5($lp)) { $found = true; // prolong timeout if (TIMEOUT_CHECK_ACTIVITY) { setcookie("verify", md5($lp), $timeout, '/'); } break; } } if (!$found) { showLoginPasswordProtect(""); } } ?> Quote Link to comment Share on other sites More sharing options...
revraz Posted January 22, 2009 Share Posted January 22, 2009 Show me the line you used. Quote Link to comment Share on other sites More sharing options...
mike12255 Posted February 7, 2009 Share Posted February 7, 2009 make sure you echo the line or end the php script so its read as an html peice of code Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.