"The URL is not valid and cannot be loaded" alert with password protect

mazman13 · January 19, 2011

I'm trying to password protect and admin area but an included script, but it's not working very well.

I've used this script forever, but for some reason it pops up an alert that says "The URL is not valid and cannot be loaded," when the form is submitted. It's an old script from PHPBuddy.

Here is the script: // password_protect.php

<?php

# Simple password protection
#
# (c) http://www.phpbuddy.com
# Author: Ranjit Kumar
# Feel free to use this script but keep this message intact!
# 
# To protect a page include this file in your PHP pages!

session_start();

$admin_user_name = "admin";
$admin_password = "admin";
//you can change the username and password by changing the above two strings 

if (!isset($HTTP_SESSION_VARS['user'])) {

if(isset($HTTP_POST_VARS['u_name'])) 
	$u_name = $HTTP_POST_VARS['u_name'];

if(isset($HTTP_POST_VARS['u_password'])) 
	$u_password = $HTTP_POST_VARS['u_password'];

if(!isset($u_name)) {
	?>
	<HTML>
	<HEAD>
	<TITLE><?php echo $HTTP_SERVER_VARS['HTTP_HOST']; ?> : Authentication Required</TITLE>
	</HEAD>
	<BODY bgcolor=#ffffff>
	<table border=0 cellspacing=0 cellpadding=0 width=100%>
		 <TR><TD>
		 <font face=verdana size=2><B>(Access Restricted to Authorized Personnel)</b> </font></td>
		 </tr></table>
	<P></P>
	<font face=verdana size=2>
	<center>
	<?php
	$form_to = "http://$HTTP_SERVER_VARS[HTTP_HOST]$HTTP_SERVER_VARS[php_SELF]";

	if(isset($HTTP_SERVER_VARS["QUERY_STRING"]))
	$form_to = $form_to ."?". $HTTP_SERVER_VARS["QUERY_STRING"];

	?>
	<form method=post action=<?php echo $form_to; ?>>
	<table border=0 width=350>
	<TR>
	<TD><font face=verdana size=2><B>User Name</B></font></TD>
	<TD><font face=verdana size=2><input type=text name=u_name size=20></font></TD></TR>
	<TR>
	<TD><font face=verdana size=2><B>Password</B></font></TD>
	<TD><font face=verdana size=2><input type=password name=u_password size=20></font></TD>
	</TR>
	</table>
	<input type=submit value=Login></form>
	</center>
	</font>
	</BODY>
	</HTML>

	<?php
	exit;
}
else {

	function login_error($host,$php_self) {
		echo "<HTML><HEAD>
		<TITLE>$host :  Administration</TITLE>
		</HEAD><BODY bgcolor=#ffffff>
		<table border=0 cellspacing=0 cellpadding=0 width=100%>
			 <TR><TD align=left>
			 <font face=verdana size=2><B>  You Need to log on to access this part of the site! </b> </font></td>
			 </tr></table>
		<P></P>
		<font face=verdana size=2>
		<center>";

		echo "Error: You are not authorized to access this part of the site!
		<B><a href=$php_self>Click here</a></b> to login again.<P>
		</center>
		</font>
		</BODY>
		</HTML>";
		session_unregister("adb_password");
		session_unregister("user");
		exit;
	}

	$user_checked_passed = false;


	if(isset($HTTP_SESSION_VARS['adb_password'])) {

		$adb_session_password = $HTTP_SESSION_VARS['adb_password'];

		if($admin_password != $adb_session_password) 
			login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
		else {
			$user_checked_passed = true;
		}
	}


	if($user_checked_passed == false) {

		if(strlen($u_name)< 2) 
			login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);

		if($admin_user_name != $u_name) //if username not correct
			login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);		

		if(isset($admin_password)) {

			if($admin_password == $u_password) {

				session_register("adb_password");
				session_register("user");

				$adb_password = $admin_password;
				$user = $u_name;
			}
			else { //password in-correct
				login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
			}
		}
		else {
			login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
		}

		$page_location = $HTTP_SERVER_VARS['PHP_SELF'];
		if(isset($HTTP_SERVER_VARS["QUERY_STRING"]))
		$page_location = $page_location ."?". $HTTP_SERVER_VARS["QUERY_STRING"];

		header ("Location: ". $page_location);
	}
}
}
?>

And here is the file I'm trying to protect: //index.php

<?php
include('password_protect.php');
include("connection.php");


//Logout
if($_REQUEST['action'] == "logout")
{
session_unset();
session_destroy(); 
header('Location:index.php');
}

//Script Actions

//Add Main Display
if ($_REQUEST['action'] == "add_main_d") {

//Upload Image
$target_path = "main_display/";
$target_path = $target_path . basename( $_FILES['image']['name']); 

if(move_uploaded_file($_FILES['image']['tmp_name'], $target_path)) {
    	$msg1 = "<p>The image ". basename( $_FILES['image']['name']). " has been uploaded</p>";
	} 
	else {
    	$msg1 = "<p>There was an error uploading the image, please try again!</p>";
	} 

$image = $_FILES['image']['name'];

//Add Info to Database
$query = "INSERT INTO main_display (title,descrip,link,image)
			VALUES('$_REQUEST[title]','$_REQUEST[descrip]','$_REQUEST[link]','$image')";
$result = mysql_query($query)
	or die ("Can't do anything with the query!");
$msg = "<p>" . $_REQUEST['title'] . " added to the main display.</p>";
}

//Add Guest
if ($_REQUEST['action'] == "add_guest") {

//Upload Image
$target_path = "guests/";
$target_path = $target_path . basename( $_FILES['image']['name']); 

if(move_uploaded_file($_FILES['image']['tmp_name'], $target_path)) {
    	$msg1 = "<p>The image ". basename( $_FILES['image']['name']). " has been uploaded</p>";
	} 
	else {
    	$msg1 = "<p>There was an error uploading the image, please try again!</p>";
	} 

$image = $_FILES['image']['name'];

//Add Info to Database
$query = "INSERT INTO guest (name,ep,link,image)
			VALUES('$_REQUEST[name]','$_REQUEST[ep]','$_REQUEST[link]','$image')";
$result = mysql_query($query)
	or die ("Can't do anything with the query!");
$msg = "<p>" . $_REQUEST['name'] . " was added to the guest list.</p>";
}

//Delete Item
if($_REQUEST['action'] == "delete_item"){
$query = "SELECT * FROM main_display WHERE id = '$_REQUEST[item]'";
$result = mysql_query($query)
	or die ("Can't do anything with the query!");
$row = mysql_fetch_array($result,MYSQL_ASSOC);
	$image = $row['image'];
unlink("main_display/$image");

//Delete news	
$query = "DELETE FROM main_display WHERE id = '$_REQUEST[item]'";
$result = mysql_query($query)
	or die ("Can't do anything with the query!");
$msg = "Display Meny Item erased.";
}

//Delete Guest
if($_REQUEST['action'] == "delete_guest"){
$query = "SELECT * FROM guest WHERE id = '$_REQUEST[item]'";
$result = mysql_query($query)
	or die ("Can't do anything with the query!");
$row = mysql_fetch_array($result,MYSQL_ASSOC);
	$image = $row['image'];
unlink("guests/$image");

//Delete news	
$query = "DELETE FROM guest WHERE id = '$_REQUEST[item]'";
$result = mysql_query($query)
	or die ("Can't do anything with the query!");
$msg = "Display Meny Item erased.";
}


?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<link rel="stylesheet" type="text/css" href="style.css" />
<title>Admin Window</title>

<?php 
//Form Check - Javascript
if($_REQUEST['view'] == "main_d") {
	include("add_main_d_check.php");
}

	if($_REQUEST['view'] == "guest_d") {
	include("add_guest_d_check.php");
}
?>
</head>

<body>
<div id="wrapper">

<h1>
Admin Window
</h1>

<div id="links">
	<ul>
		<li><a href="index.php">Main</a></li>
		<li><a href="index.php?view=main_d">Main Display</a></li>
		<li><a href="index.php?view=guest_d">Guests</a></li>
		<li><a href=\"index.php?action=logout\">Logout</a></li>
	</ul>
</div>

<?php
if (isset($msg1)) {
echo $msg1 . "<br />";
}
if (isset($msg)) {
echo $msg;
}

//Page Controller
switch($_REQUEST['view']) {

	case "main_d":
	include("main_d.php");
	break;

	case "guest_d":
	include("guests.php");
	break;

	default:
		if(!isset($_REQUEST['action'])){
	echo "<p>Please select an action.</p>";
		}
	break;		

}

?>

</div>
</body>
</html>

I will be grateful for any help on this. Thanks! :confused:

Sign In

"The URL is not valid and cannot be loaded" alert with password protect

Recommended Posts

mazman13

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information