Jump to content

Problems with password protection script

mazman13

By mazman13
in PHP Coding Help

Recommended Posts

mazman13 Regular Member

mazman13

Posted
Posted

I've used this script before, but now it's saying this when I try and log in :

 

Alert:

The URL is not valid and cannot be loaded.

 

Here is the script: password_protection.php

<?php

# Simple password protection
#
# (c) http://www.phpbuddy.com
# Author: Ranjit Kumar
# Feel free to use this script but keep this message intact!
# 
# To protect a page include this file in your PHP pages!

session_start();

$admin_user_name = "test";
$admin_password = "test";
//you can change the username and password by changing the above two strings 

if (!isset($HTTP_SESSION_VARS['user'])) {

if(isset($HTTP_POST_VARS['u_name'])) 
	$u_name = $HTTP_POST_VARS['u_name'];

if(isset($HTTP_POST_VARS['u_password'])) 
	$u_password = $HTTP_POST_VARS['u_password'];

if(!isset($u_name)) {
	?>
	<HTML>
	<HEAD>
	<TITLE><?php echo $HTTP_SERVER_VARS['HTTP_HOST']; ?> : Authentication Required</TITLE>
	</HEAD>
	<BODY bgcolor=#ffffff>
	<table border=0 cellspacing=0 cellpadding=0 width=100%>
		 <TR><TD>
		 <font face=verdana size=2><B>(Access Restricted to Authorized Personnel)</b> </font></td>
		 </tr></table>
	<P></P>
	<font face=verdana size=2>
	<center>
	<?php
	$form_to = "http://$HTTP_SERVER_VARS[HTTP_HOST]$HTTP_SERVER_VARS[php_SELF]";

	if(isset($HTTP_SERVER_VARS["QUERY_STRING"]))
	$form_to = $form_to ."?". $HTTP_SERVER_VARS["QUERY_STRING"];

	?>
	<form method=post action=<?php echo $form_to; ?>>
	<table border=0 width=350>
	<TR>
	<TD><font face=verdana size=2><B>User Name</B></font></TD>
	<TD><font face=verdana size=2><input type=text name=u_name size=20></font></TD></TR>
	<TR>
	<TD><font face=verdana size=2><B>Password</B></font></TD>
	<TD><font face=verdana size=2><input type=password name=u_password size=20></font></TD>
	</TR>
	</table>
	<input type=submit value=Login></form>
	</center>
	</font>
	</BODY>
	</HTML>

	<?php
	exit;
}
else {

	function login_error($host,$php_self) {
		echo "<HTML><HEAD>
		<TITLE>$host :  Administration</TITLE>
		</HEAD><BODY bgcolor=#ffffff>
		<table border=0 cellspacing=0 cellpadding=0 width=100%>
			 <TR><TD align=left>
			 <font face=verdana size=2><B>  You Need to log on to access this part of the site! </b> </font></td>
			 </tr></table>
		<P></P>
		<font face=verdana size=2>
		<center>";

		echo "Error: You are not authorized to access this part of the site!
		<B><a href=$php_self>Click here</a></b> to login again.<P>
		</center>
		</font>
		</BODY>
		</HTML>";
		session_unregister("adb_password");
		session_unregister("user");
		exit;
	}

	$user_checked_passed = false;


	if(isset($HTTP_SESSION_VARS['adb_password'])) {

		$adb_session_password = $HTTP_SESSION_VARS['adb_password'];

		if($admin_password != $adb_session_password) 
			login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
		else {
			$user_checked_passed = true;
		}
	}


	if($user_checked_passed == false) {

		if(strlen($u_name)< 2) 
			login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);

		if($admin_user_name != $u_name) //if username not correct
			login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);		

		if(isset($admin_password)) {

			if($admin_password == $u_password) {

				session_register("adb_password");
				session_register("user");

				$adb_password = $admin_password;
				$user = $u_name;
			}
			else { //password in-correct
				login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
			}
		}
		else {
			login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
		}

		$page_location = $HTTP_SERVER_VARS['PHP_SELF'];
		if(isset($HTTP_SERVER_VARS["QUERY_STRING"]))
		$page_location = $page_location ."?". $HTTP_SERVER_VARS["QUERY_STRING"];

		header ("Location: ". $page_location);
	}
}
}
?>

 

<?php
include("../include/connection.php");
include('password_protect.php');

//Logout
if($_REQUEST['action'] == "logout")
{
session_unset();
session_destroy(); 
header('Location:index.php');
}

//Script Actions

//Add Main Display
if ($_REQUEST['action'] == "add_main_d") {

//Upload Image
$target_path = "main_display/";
$target_path = $target_path . basename( $_FILES['image']['name']); 

if(move_uploaded_file($_FILES['image']['tmp_name'], $target_path)) {
    	$msg1 = "<p>The image ". basename( $_FILES['image']['name']). " has been uploaded</p>";
	} 
	else {
    	$msg1 = "<p>There was an error uploading the image, please try again!</p>";
	} 

$image = $_FILES['image']['name'];

//Add Info to Database
$query = "INSERT INTO main_display (title,descrip,link,image)
			VALUES('$_REQUEST[title]','$_REQUEST[descrip]','$_REQUEST[link]','$image')";
$result = mysql_query($query)
	or die ("Can't do anything with the query!");
$msg = "<p>" . $_REQUEST['title'] . " added to the main display.</p>";
}

//Add Guest
if ($_REQUEST['action'] == "add_guest") {

//Upload Image
$target_path = "guests/";
$target_path = $target_path . basename( $_FILES['image']['name']); 

if(move_uploaded_file($_FILES['image']['tmp_name'], $target_path)) {
    	$msg1 = "<p>The image ". basename( $_FILES['image']['name']). " has been uploaded</p>";
	} 
	else {
    	$msg1 = "<p>There was an error uploading the image, please try again!</p>";
	} 

$image = $_FILES['image']['name'];

//Add Info to Database
$query = "INSERT INTO guest (name,show,link,image)
			VALUES('$_REQUEST[name]','$_REQUEST[show]','$_REQUEST[link]','$image')";
$result = mysql_query($query)
	or die ("Can't do anything with the query!");
$msg = "<p>" . $_REQUEST['name'] . " was added to the guest list.</p>";
}

//Delete Item
if($_REQUEST['action'] == "delete_item"){
$query = "SELECT * FROM main_display WHERE id = '$_REQUEST[item]'";
$result = mysql_query($query)
	or die ("Can't do anything with the query!");
$row = mysql_fetch_array($result,MYSQL_ASSOC);
	$image = $row['image'];
unlink("main_display/$image");

//Delete news	
$query = "DELETE FROM main_display WHERE id = '$_REQUEST[item]'";
$result = mysql_query($query)
	or die ("Can't do anything with the query!");
$msg = "Display Meny Item erased.";
}

//Delete Guest
if($_REQUEST['action'] == "delete_guest"){
$query = "SELECT * FROM guest WHERE id = '$_REQUEST[item]'";
$result = mysql_query($query)
	or die ("Can't do anything with the query!");
$row = mysql_fetch_array($result,MYSQL_ASSOC);
	$image = $row['image'];
unlink("guests/$image");

//Delete news	
$query = "DELETE FROM guest WHERE id = '$_REQUEST[item]'";
$result = mysql_query($query)
	or die ("Can't do anything with the query!");
$msg = "Display Meny Item erased.";
}


?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<link rel="stylesheet" type="text/css" href="style.css" />
<title>mzLive :: Admin</title>

<?php 
//Form Check - Javascript
if($_REQUEST['view'] == "main_d") {
	include("add_main_d_check.php");
}

	if($_REQUEST['view'] == "guest_d") {
	include("add_guest_d_check.php");
}
?>
</head>

<body>
<div id="wrapper">

<h1>
mzLive Admin
</h1>

<div id="links">
	<ul>
		<li><a href="index.php">Main</a></li>
		<li><a href="index.php?view=main_d">Main Display</a></li>
		<li><a href="index.php?view=guest_d">Guests</a></li>
		<li><a href=\"index.php?action=logout\">Logout</a></li>
	</ul>
</div>

<?php
if (isset($msg1)) {
echo $msg1 . "<br />";
}
if (isset($msg)) {
echo $msg;
}

//Page Controller
switch($_REQUEST['view']) {

	case "main_d":
	include("main_d.php");
	break;

	case "guest_d":
	include("guests.php");
	break;

	default:
		if(!isset($_REQUEST['action'])){
	echo "<p>Please select an action.</p>";
		}
	break;		

}

?>

</div>
</body>
</html>

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.