Jump to content

password protected page

axhi

By axhi
in PHP Coding Help

 Share

Recommended Posts

axhi Newbie

axhi

Posted
Posted

I try loging in and it brings me back to the same page or it tells me my session id can't be used. Here is the password code i used.

 

<?php

# Simple password protection
#
# (c) http://www.phpbuddy.com
# Author: Ranjit Kumar
# Feel free to use this script but keep this message intact!
# 
# To protect a page include this file in your PHP pages!

session_start();

$admin_user_name = "dan";
$admin_password = "x11x12";
//you can change the username and password by changing the above two strings 

if (!isset($HTTP_SESSION_VARS['user'])) {

if(isset($HTTP_POST_VARS['u_name'])) 
	$u_name = $HTTP_POST_VARS['u_name'];

if(isset($HTTP_POST_VARS['u_password'])) 
	$u_password = $HTTP_POST_VARS['u_password'];

if(!isset($u_name)) {
	?>
	<HTML>
	<HEAD>
	<TITLE><?php echo $HTTP_SERVER_VARS['HTTP_HOST']; ?> : Authentication Required</TITLE>
	</HEAD>
	<BODY>
	<table width="800" border="00" align="center" cellpadding="00" cellspacing="0">
          <tr>
            <td><font face=verdana size=2><b>Private Tour Login </b></font></td>
          </tr>
          <tr>
            <td><font face=verdana size=2>
              <center>
                <?php
	$form_to = "http://$HTTP_SERVER_VARS[HTTP_HOST]$HTTP_SERVER_VARS[php_SELF]";

	if(isset($HTTP_SERVER_VARS["QUERY_STRING"]))
	$form_to = $form_to ."?". $HTTP_SERVER_VARS["QUERY_STRING"];

	?>
                <form method=post action=<?php echo $form_to; ?>>
                  <table border=0 width=350>
                    <TR>
                      <TD><B>Tour ID: </B></TD>
                      <TD>
                        <input type=text name=u_name2 size=20>
                      </TD>
                    </TR>
                    <TR>
                      <TD><B>Password</B>/TD>
                      <TD>
                        <input type=password name=u_password2 size=20>
                     </TD>
                    </TR>
                  </table>
                  <input name="submit" type=submit value=Login>
                </form>
              </center>
            </font> </td>
          </tr>
        </table>
	</BODY>
	</HTML>

	<?php
	exit;
}
else {

	function login_error($host,$php_self) {
		echo "<HTML><HEAD>
		<TITLE>$host :  Administration</TITLE>
		</HEAD><BODY bgcolor=#ffffff>
		<table border=0 cellspacing=0 cellpadding=0 width=100%>
			 <TR><TD align=left>
			 <font face=verdana size=2><B>  You Need to log on to access this part of the site! </b> </font></td>
			 </tr></table>
		<P></P>
		<font face=verdana size=2>
		<center>";

		echo "Error: You are not authorized to access this part of the site!
		<B><a href=$php_self>Click here</a></b> to login again.<P>
		</center>
		</font>
		</BODY>
		</HTML>";
		session_unregister("adb_password");
		session_unregister("user");
		exit;
	}

	$user_checked_passed = false;


	if(isset($HTTP_SESSION_VARS['adb_password'])) {

		$adb_session_password = $HTTP_SESSION_VARS['adb_password'];

		if($admin_password != $adb_session_password) 
			login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
		else {
			$user_checked_passed = true;
		}
	}


	if($user_checked_passed == false) {

		if(strlen($u_name)< 2) 
			login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);

		if($admin_user_name != $u_name) //if username not correct
			login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);		

		if(isset($admin_password)) {

			if($admin_password == $u_password) {

				session_register("adb_password");
				session_register("user");

				$adb_password = $admin_password;
				$user = $u_name;
			}
			else { //password in-correct
				login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
			}
		}
		else {
			login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
		}

		$page_location = $HTTP_SERVER_VARS['PHP_SELF'];
		if(isset($HTTP_SERVER_VARS["QUERY_STRING"]))
		$page_location = $page_location ."?". $HTTP_SERVER_VARS["QUERY_STRING"];

		header ("Location: ". $page_location);
	}
}
}
?>

Link to comment
Share on other sites
Foser Regular Member

Foser

Posted
Posted

this is a very complex way of making a password protected page. I don't understand why it's so long. Something more simple.

 

like 

session_start();
$username = mac
$password = superwoman
if(isset($_POST['submit'])){
if ($username == mac && $password == superwoman){
$_SESSION['LOGGEDIN'] = TRUE;
$_SESSION['USERNAME'] = $username;
header("Location: page.php"); exit;
}
else{ echo " you have entered the correct data";}
}

 

but the easy thing when you use this session style.

all you have to do is put it in a different file with no connection to it such as:

 

session_start();
if ($_SESSION['LOGGEDIN'] != TRUE){
echo "You are not logged in"; exit;}
//than rest of the code.

 

something like this is much easier if you can write a bit of php.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.