Jump to content

Password protect and redirect


farcat2007

Recommended Posts

Hey, nooby here :)

I am looking for a PHP solution for password protect pages.
I have successfully implemented this code which check a user name and password to grant access.
The problem is that each user needs a different (password protected) page.

What I would like to do is take it a step further and have each user directed to a specific page.

visitor1 => www.mysite.com/visitor1.com
visitor2 => www.mysite.com/visitor2.com

Since I am not going to have anymore than three users I don't want the complication of a database and keep everything PHP.

Any idea please?

Cheers,

 

This is the login page:

<?php
$LOGIN_INFORMATION = array(
  'visitor1' => 'password1',
  'visitor2' => 'password2'
);


define('USE_USERNAME', true);

define('LOGOUT_URL', 'http://www.mysite.com/logout.php');

define('TIMEOUT_MINUTES', 0);

define('TIMEOUT_CHECK_ACTIVITY', true);

if(isset($_GET['help'])) {
  die('Include following code into every page you would like to protect, at the very beginning (first line):<br><?php include("' . str_replace('\\','\\\\',__FILE__) . '"); ?>');
}


$timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60);


if(isset($_GET['logout'])) {
  setcookie("verify", '', $timeout, '/'); // clear password;
  header('Location: ' . LOGOUT_URL);
  exit();
}

if(!function_exists('showLoginPasswordProtect')) {


function showLoginPasswordProtect($error_msg) {
?>
<!DOCTYPE HTML>
<html>
	<head>
	</head>
	<body class="loading">
		<div style="width:500px; margin-left:auto; margin-right:auto; text-align:center">
			<form method="post">
				<p>Please enter password</p><br />
				<font color="red"><?php echo $error_msg; ?></font><br />
				<?php if (USE_USERNAME) echo 'Login:<br /><input type="input" name="access_login" /><br />Password:<br />'; ?>
				<input type="password" name="access_password" /><p></p><input type="submit" name="Submit" value="Submit" />
			</form>
		</div>
	</body>
</html>
<?php

  die();
}
}


if (isset($_POST['access_password'])) {

  $login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
  $pass = $_POST['access_password'];
  if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION)
  || (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass ) ) 
  ) {
    showLoginPasswordProtect("Incorrect password.");
  }
  else {

    setcookie("verify", md5($login.'%'.$pass), $timeout, '/');
    

    unset($_POST['access_login']);
    unset($_POST['access_password']);
    unset($_POST['Submit']);
  }

}

else {


  if (!isset($_COOKIE['verify'])) {
    showLoginPasswordProtect("");
  }


  $found = false;
  foreach($LOGIN_INFORMATION as $key=>$val) {
    $lp = (USE_USERNAME ? $key : '') .'%'.$val;
    if ($_COOKIE['verify'] == md5($lp)) {
      $found = true;
      // prolong timeout
      if (TIMEOUT_CHECK_ACTIVITY) {
        setcookie("verify", md5($lp), $timeout, '/');
      }
      break;
    }
  }
  if (!$found) {
    showLoginPasswordProtect("");
  }

}

?>

And here is the code I used at the top of each protected page:

<?php include("/home/user/public_html/clients/login.php"); ?>[/code]
Link to comment
Share on other sites

More importantly - you will have a unique page for each visitor?  Really?  Or is it just a customized page that is basically the same for all with just some php-generated(?) tweaks to make it more personal?  Also - does the url have to be unique for each user (implying again 'unique pages for each user' )?

Link to comment
Share on other sites

Since I am not going to have anymore than three users...

 

I remember saying that before. Are you sure there will never be more than 3 users?

 

 

...I don't want the complication of a database and keep everything PHP.

 

If you don't use a database or PHP, how are you planning to prevent user 1 from viewing the other user's pages? What about everyone else? At some point, someone may discover what the pages are named and type an address directly.

Link to comment
Share on other sites

@ ginerjm, each visitor will have a dedicated page, mostly an archive of videos.

I know that it could be build dynamically but I am chosing my battles and for now I concentrate on the login and redirect.

So yeah, the url has to be unique for each user.

 

@cyberRobot. Yes, it is a very specific job and there in no more than 3 users.

Well, the script I am currently using does stop people from opening the page without the password.

If they discover the page the login sript kicks in.  Or am I really misguided?  :-\

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.