how to password protect another page with a different page

[Noskiw]

<?php

function no_password($password){
$password = "bambam";

if(!$password){
	echo "Please enter the password <a href='index.php?p=blog&p=admin&p=credentials'>here</a>!";
}else{
		echo "

<form action='index.php?p=blog' method='POST'>

<table width='100%'>

    <tr>

    <td width='7%' valign='top'>
    Your Name:
    </td>

    <td valign='top'>
    <input type='text' name='name' maxlength='25' />
    </td>

    </tr>

    <tr>

    <td valign='top'>
    Your Email:
    </td>

    <td>
    <input type='text' name='email' maxlength='35' />
    </td>

    </tr>

    <tr>

    <td valign='top'>
    Your Message:
    </td>

    <td>
    <textarea cols='20' rows='2' name='message' maxlength='250'></textarea>
    <p><input type='submit' name='submit' value='Post' />
    </td>

    </tr>
    </table>

    </form>";
}
}

?>

 

there is my function for protecting it

 

<?php

$cred = $_GET['credentails'];
$p = $_GET['p'];

include "functions.php";

no_password($password);


?>

 

there is my admin page.

 

<?php

if(!$_POST['submit']){
echo "<form action='index.php?p=blog&p=admin&p=credentials' method='POST'>";
echo "Enter Credentials (password): <input type='password' name='password'>";
echo "<input type='submit' name='submit'  value='Access' />";
echo "</form>";
}else{
$password = $_POST['password'];

if(!$password){
	echo "Password Required";
}else{
	if($password != "bambam"){
		echo "Wrong Password!";
	}
}
}

if($password == "bambam"){
echo "Successful!"; echo "       <a href='index.php?p=blog&p=admin'>Place your post</a>";
}

?>

 

and there is my credentials page... what am I doing wrong?

[lemmin]

Can you specify what the problem is?

[Noskiw]

well basically, when i just go to the admin page, (index.php?p=blog&p=admin) it doesn't show that you need to enter the password in order to continue.

[lemmin]

Your input in this function isn't doing anything because you are immediately changing it:

function no_password($password){
$password = "bambam";

 

Also, you can't set p equal to two things:

index.php?p=blog&p=admin

[Noskiw]

its in a seperate variable in a seperate file, so i'm pretty sure that it's fine... but I made it index.php?p=credentials so it's fine now... xD

 

[lemmin]

Pretty sure what's fine? Every time you call the function no_password(), regardless of what parameter you put in it, it is never going to ask the user to insert a password because you set the password to "bambam."

[Noskiw]

that kind of worked. now it just keeps saying that you need to enter a password.

[Noskiw]

please help me

[Noskiw]

seiously, please help me, this was meant to be quite a big project. And it's going to be ruined unless I get just a little help. Please. Any advice like store it in a session. It might work but I wouldn't know where to begin.

[jon23d]

You are making this way harder than it needs to be, consider one using one page for logging in:

 

<?
  if (isset($_POST['username']) && isset($_POST['password'])) {
    if ($_POST['username'] == 'my-username' && $_POST['password'] == 'my-password') {
      session_start();
      // set session stuff here
      $_SESSION['username'] = 'my-username';
      header('Location: admin-area.php');
    }
    $message = 'Invalid credentials';
  }
?>


<h1>Login</h1>
<?= $message ?>
<form action='this-page.php' method='post'>
  username: <input type='text' name='username' /><br />
  password: <input type='password' name='password' /><br />
  <input type='submit' />
</form>

 

Then just check for the session info in subsequent requests, just make sure to always call session_start.  I usually store session info in a database as well.