Jump to content

Archived

This topic is now archived and is closed to further replies.

farcat2007

Password protect and redirect

Recommended Posts

Hey, nooby here :)

I am looking for a PHP solution for password protect pages.
I have successfully implemented this code which check a user name and password to grant access.
The problem is that each user needs a different (password protected) page.

What I would like to do is take it a step further and have each user directed to a specific page.

visitor1 => www.mysite.com/visitor1.com
visitor2 => www.mysite.com/visitor2.com

Since I am not going to have anymore than three users I don't want the complication of a database and keep everything PHP.

Any idea please?

Cheers,

 

This is the login page:

<?php
$LOGIN_INFORMATION = array(
  'visitor1' => 'password1',
  'visitor2' => 'password2'
);


define('USE_USERNAME', true);

define('LOGOUT_URL', 'http://www.mysite.com/logout.php');

define('TIMEOUT_MINUTES', 0);

define('TIMEOUT_CHECK_ACTIVITY', true);

if(isset($_GET['help'])) {
  die('Include following code into every page you would like to protect, at the very beginning (first line):<br><?php include("' . str_replace('\\','\\\\',__FILE__) . '"); ?>');
}


$timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60);


if(isset($_GET['logout'])) {
  setcookie("verify", '', $timeout, '/'); // clear password;
  header('Location: ' . LOGOUT_URL);
  exit();
}

if(!function_exists('showLoginPasswordProtect')) {


function showLoginPasswordProtect($error_msg) {
?>
<!DOCTYPE HTML>
<html>
	<head>
	</head>
	<body class="loading">
		<div style="width:500px; margin-left:auto; margin-right:auto; text-align:center">
			<form method="post">
				<p>Please enter password</p><br />
				<font color="red"><?php echo $error_msg; ?></font><br />
				<?php if (USE_USERNAME) echo 'Login:<br /><input type="input" name="access_login" /><br />Password:<br />'; ?>
				<input type="password" name="access_password" /><p></p><input type="submit" name="Submit" value="Submit" />
			</form>
		</div>
	</body>
</html>
<?php

  die();
}
}


if (isset($_POST['access_password'])) {

  $login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
  $pass = $_POST['access_password'];
  if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION)
  || (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass ) ) 
  ) {
    showLoginPasswordProtect("Incorrect password.");
  }
  else {

    setcookie("verify", md5($login.'%'.$pass), $timeout, '/');
    

    unset($_POST['access_login']);
    unset($_POST['access_password']);
    unset($_POST['Submit']);
  }

}

else {


  if (!isset($_COOKIE['verify'])) {
    showLoginPasswordProtect("");
  }


  $found = false;
  foreach($LOGIN_INFORMATION as $key=>$val) {
    $lp = (USE_USERNAME ? $key : '') .'%'.$val;
    if ($_COOKIE['verify'] == md5($lp)) {
      $found = true;
      // prolong timeout
      if (TIMEOUT_CHECK_ACTIVITY) {
        setcookie("verify", md5($lp), $timeout, '/');
      }
      break;
    }
  }
  if (!$found) {
    showLoginPasswordProtect("");
  }

}

?>

And here is the code I used at the top of each protected page:

<?php include("/home/user/public_html/clients/login.php"); ?>[/code]

Share this post


Link to post
Share on other sites

More importantly - you will have a unique page for each visitor?  Really?  Or is it just a customized page that is basically the same for all with just some php-generated(?) tweaks to make it more personal?  Also - does the url have to be unique for each user (implying again 'unique pages for each user' )?

Share this post


Link to post
Share on other sites

Since I am not going to have anymore than three users...

 

I remember saying that before. Are you sure there will never be more than 3 users?

 

 

...I don't want the complication of a database and keep everything PHP.

 

If you don't use a database or PHP, how are you planning to prevent user 1 from viewing the other user's pages? What about everyone else? At some point, someone may discover what the pages are named and type an address directly.

Share this post


Link to post
Share on other sites

@ ginerjm, each visitor will have a dedicated page, mostly an archive of videos.

I know that it could be build dynamically but I am chosing my battles and for now I concentrate on the login and redirect.

So yeah, the url has to be unique for each user.

 

@cyberRobot. Yes, it is a very specific job and there in no more than 3 users.

Well, the script I am currently using does stop people from opening the page without the password.

If they discover the page the login sript kicks in.  Or am I really misguided?  :-\

Share this post


Link to post
Share on other sites

To redirect users to their own specific pages, you could tie their URL to their login. Then you just need to use the header() function to redirect a user once they log in.

Share this post


Link to post
Share on other sites

@cyberRobot, thanks for that :)

Keeping in mind my "hey, Nooby here"- intro, would you mind elaborating code-wise please?

 

Cheers

Share this post


Link to post
Share on other sites

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.