Problems with password protection script

mazman13 · March 9, 2009

I've used this script before, but now it's saying this when I try and log in :

Alert:

The URL is not valid and cannot be loaded.

Here is the script: password_protection.php

<?php

# Simple password protection
#
# (c) http://www.phpbuddy.com
# Author: Ranjit Kumar
# Feel free to use this script but keep this message intact!
# 
# To protect a page include this file in your PHP pages!

session_start();

$admin_user_name = "test";
$admin_password = "test";
//you can change the username and password by changing the above two strings 

if (!isset($HTTP_SESSION_VARS['user'])) {

if(isset($HTTP_POST_VARS['u_name'])) 
	$u_name = $HTTP_POST_VARS['u_name'];

if(isset($HTTP_POST_VARS['u_password'])) 
	$u_password = $HTTP_POST_VARS['u_password'];

if(!isset($u_name)) {
	?>
	<HTML>
	<HEAD>
	<TITLE><?php echo $HTTP_SERVER_VARS['HTTP_HOST']; ?> : Authentication Required</TITLE>
	</HEAD>
	<BODY bgcolor=#ffffff>
	<table border=0 cellspacing=0 cellpadding=0 width=100%>
		 <TR><TD>
		 <font face=verdana size=2><B>(Access Restricted to Authorized Personnel)</b> </font></td>
		 </tr></table>
	<P></P>
	<font face=verdana size=2>
	<center>
	<?php
	$form_to = "http://$HTTP_SERVER_VARS[HTTP_HOST]$HTTP_SERVER_VARS[php_SELF]";

	if(isset($HTTP_SERVER_VARS["QUERY_STRING"]))
	$form_to = $form_to ."?". $HTTP_SERVER_VARS["QUERY_STRING"];

	?>
	<form method=post action=<?php echo $form_to; ?>>
	<table border=0 width=350>
	<TR>
	<TD><font face=verdana size=2><B>User Name</B></font></TD>
	<TD><font face=verdana size=2><input type=text name=u_name size=20></font></TD></TR>
	<TR>
	<TD><font face=verdana size=2><B>Password</B></font></TD>
	<TD><font face=verdana size=2><input type=password name=u_password size=20></font></TD>
	</TR>
	</table>
	<input type=submit value=Login></form>
	</center>
	</font>
	</BODY>
	</HTML>

	<?php
	exit;
}
else {

	function login_error($host,$php_self) {
		echo "<HTML><HEAD>
		<TITLE>$host :  Administration</TITLE>
		</HEAD><BODY bgcolor=#ffffff>
		<table border=0 cellspacing=0 cellpadding=0 width=100%>
			 <TR><TD align=left>
			 <font face=verdana size=2><B>  You Need to log on to access this part of the site! </b> </font></td>
			 </tr></table>
		<P></P>
		<font face=verdana size=2>
		<center>";

		echo "Error: You are not authorized to access this part of the site!
		<B><a href=$php_self>Click here</a></b> to login again.<P>
		</center>
		</font>
		</BODY>
		</HTML>";
		session_unregister("adb_password");
		session_unregister("user");
		exit;
	}

	$user_checked_passed = false;


	if(isset($HTTP_SESSION_VARS['adb_password'])) {

		$adb_session_password = $HTTP_SESSION_VARS['adb_password'];

		if($admin_password != $adb_session_password) 
			login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
		else {
			$user_checked_passed = true;
		}
	}


	if($user_checked_passed == false) {

		if(strlen($u_name)< 2) 
			login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);

		if($admin_user_name != $u_name) //if username not correct
			login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);		

		if(isset($admin_password)) {

			if($admin_password == $u_password) {

				session_register("adb_password");
				session_register("user");

				$adb_password = $admin_password;
				$user = $u_name;
			}
			else { //password in-correct
				login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
			}
		}
		else {
			login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
		}

		$page_location = $HTTP_SERVER_VARS['PHP_SELF'];
		if(isset($HTTP_SERVER_VARS["QUERY_STRING"]))
		$page_location = $page_location ."?". $HTTP_SERVER_VARS["QUERY_STRING"];

		header ("Location: ". $page_location);
	}
}
}
?>

<?php
include("../include/connection.php");
include('password_protect.php');

//Logout
if($_REQUEST['action'] == "logout")
{
session_unset();
session_destroy(); 
header('Location:index.php');
}

//Script Actions

//Add Main Display
if ($_REQUEST['action'] == "add_main_d") {

//Upload Image
$target_path = "main_display/";
$target_path = $target_path . basename( $_FILES['image']['name']); 

if(move_uploaded_file($_FILES['image']['tmp_name'], $target_path)) {
    	$msg1 = "<p>The image ". basename( $_FILES['image']['name']). " has been uploaded</p>";
	} 
	else {
    	$msg1 = "<p>There was an error uploading the image, please try again!</p>";
	} 

$image = $_FILES['image']['name'];

//Add Info to Database
$query = "INSERT INTO main_display (title,descrip,link,image)
			VALUES('$_REQUEST[title]','$_REQUEST[descrip]','$_REQUEST[link]','$image')";
$result = mysql_query($query)
	or die ("Can't do anything with the query!");
$msg = "<p>" . $_REQUEST['title'] . " added to the main display.</p>";
}

//Add Guest
if ($_REQUEST['action'] == "add_guest") {

//Upload Image
$target_path = "guests/";
$target_path = $target_path . basename( $_FILES['image']['name']); 

if(move_uploaded_file($_FILES['image']['tmp_name'], $target_path)) {
    	$msg1 = "<p>The image ". basename( $_FILES['image']['name']). " has been uploaded</p>";
	} 
	else {
    	$msg1 = "<p>There was an error uploading the image, please try again!</p>";
	} 

$image = $_FILES['image']['name'];

//Add Info to Database
$query = "INSERT INTO guest (name,show,link,image)
			VALUES('$_REQUEST[name]','$_REQUEST[show]','$_REQUEST[link]','$image')";
$result = mysql_query($query)
	or die ("Can't do anything with the query!");
$msg = "<p>" . $_REQUEST['name'] . " was added to the guest list.</p>";
}

//Delete Item
if($_REQUEST['action'] == "delete_item"){
$query = "SELECT * FROM main_display WHERE id = '$_REQUEST[item]'";
$result = mysql_query($query)
	or die ("Can't do anything with the query!");
$row = mysql_fetch_array($result,MYSQL_ASSOC);
	$image = $row['image'];
unlink("main_display/$image");

//Delete news	
$query = "DELETE FROM main_display WHERE id = '$_REQUEST[item]'";
$result = mysql_query($query)
	or die ("Can't do anything with the query!");
$msg = "Display Meny Item erased.";
}

//Delete Guest
if($_REQUEST['action'] == "delete_guest"){
$query = "SELECT * FROM guest WHERE id = '$_REQUEST[item]'";
$result = mysql_query($query)
	or die ("Can't do anything with the query!");
$row = mysql_fetch_array($result,MYSQL_ASSOC);
	$image = $row['image'];
unlink("guests/$image");

//Delete news	
$query = "DELETE FROM guest WHERE id = '$_REQUEST[item]'";
$result = mysql_query($query)
	or die ("Can't do anything with the query!");
$msg = "Display Meny Item erased.";
}


?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<link rel="stylesheet" type="text/css" href="style.css" />
<title>mzLive :: Admin</title>

<?php 
//Form Check - Javascript
if($_REQUEST['view'] == "main_d") {
	include("add_main_d_check.php");
}

	if($_REQUEST['view'] == "guest_d") {
	include("add_guest_d_check.php");
}
?>
</head>

<body>
<div id="wrapper">

<h1>
mzLive Admin
</h1>

<div id="links">
	<ul>
		<li><a href="index.php">Main</a></li>
		<li><a href="index.php?view=main_d">Main Display</a></li>
		<li><a href="index.php?view=guest_d">Guests</a></li>
		<li><a href=\"index.php?action=logout\">Logout</a></li>
	</ul>
</div>

<?php
if (isset($msg1)) {
echo $msg1 . "<br />";
}
if (isset($msg)) {
echo $msg;
}

//Page Controller
switch($_REQUEST['view']) {

	case "main_d":
	include("main_d.php");
	break;

	case "guest_d":
	include("guests.php");
	break;

	default:
		if(!isset($_REQUEST['action'])){
	echo "<p>Please select an action.</p>";
		}
	break;		

}

?>

</div>
</body>
</html>

Sign In

Problems with password protection script

Recommended Posts

mazman13

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information