Jump to content

Redirecting.


Braveheartt

Recommended Posts

Hello.

 

I have a page which requires a password to continue to the other pages with a menu etc. How could I make sure no one could access ANY of the other pages (for example, a link or typing the link into their browsers) unless they enter a correct password into the password field first? Would I need some code on every page?

 

 

I tried using:

 

if (stristr($_SERVER['PHP_SELF'], "mainmenu.php")) 
{  Header("Location: start.php"); }

 

on each page, but it doesn't work. Please help!

Link to comment
Share on other sites

So I create the session array on the password auth page if the password is correct, then each page there after I retrieve the data from that session array? Do I need to redefine what the session array is on each page or...?

 

For example, can I just do on the password auth page:

 

 

$_SESSION['password'] = $_POST['pass'];
&password = "pass1";

 

then there on each page do:

 

if($_SESSION['password'] = $password))
   //Begin protected code

 

 

Does it work like that? Or do I need to define the $_SESSION on each page?

Link to comment
Share on other sites

On the page that has authorised your guest put:

session_start();
$_SESSION['password'] = 'somedifficultword';
//Now it is set. You must put session_start() at the top of every page.

 

On the pages that need to be verified put:

session_start();
if ($_SESSION['password'] == 'somedifficultword'){
//ok. Load page
}else{
exit;
}
//not authorised

Good Luck

Link to comment
Share on other sites

Password input:

<?php session_start(); 
$_SESSION['password'] = "password";
echo "<html><center><body bgcolor='black'><img src='headert.jpg'><br />
     <br />	
     <font color='red' size ='5'>Password required for access:</font>
     <form method='POST' action='auth.php'><input type='password' maxlength='20' name='pass'><br />
     <br />	
     <input type='submit' value='Login!' name='login'></form></body></center></html>";

?>

 

Password auth:

<?php    
session_start;
$_SESSION['password'] = "password";
$passwordd = $_POST['pass'];

if($passwordd == $_SESSION['password'])
  { require("mainmenu.php"); 
    echo "<center><font color='green' size='5'>Successfully logged in, welcome tester!</font></center>"; 
        header("Location: main.php"); }
     
elseif($passwordd != $_SESSION['password'])
   { echo "<center><body bgcolor='black'><font color='red' size='5'>Incorrect password!</font></body></center>";
      header("Location: start.php"); }   
      
else
   { header("Location: start.php"); }

        ?> 
</body></html>

 

Included mainmenu:

<?php 
session_start(); 
   if($_SESSION['password'] != "password")
    { header("Location: start.php"); } 
    else ?>
<html>
<body bgcolor="black">
<title>ZDay Bugs</title> 
<center><img border="0" src="headert.jpg" width="700" height="190" ALT="ZDay Testers' System"><br />
<br />	
<center><font face="Verdana, ariel" color="#33CCCC" size=3>Testers' system custom coded and designed by Braveheart</font></center><br />		
<br />	
<a href="main.php"><img border="0" src="home.gif" width="70" height="30"></a> -
<a href="../testers/bugs/bugs_main.php"><img border="0" src="bugs_home.gif" width="70" height="30"></a> -
</a> 
<br />
<br /></center>

 

Why isn't the above working? No matter what I do (nothing in the field, incorrect password or even the correct password) is just keeps refreshing start.php...

 

Link to comment
Share on other sites

first i would figure out which header("Location: start.php"); is getting executed by adding a GET parameter on each instance:

 

header("Location: start.php?location=1");



header("Location: start.php?location=2");



etc.

 

also, you can't echo before header(); you can't output anything to the browser before header.

Link to comment
Share on other sites

first i would figure out which header("Location: start.php"); is getting executed by adding a GET parameter on each instance:

 

header("Location: start.php?location=1");



header("Location: start.php?location=2");



etc.

 

I don't understand what you mean... What about using echos instead?

 

 

also, you can't echo before header(); you can't output anything to the browser before header.

 

You can't!? So how can I make the browser redirect if someone just happens to type the link into their address bar without going through the password stage...?

 

 

Do you mean a header on its own and not part of an if/elseif/else statement?

Link to comment
Share on other sites

I don't understand what you mean... What about using echos instead?

 

sure, anything.

 

you can not, ever, echo anything before a header();

 

to protect pages:

 

if ($_SESSION['password'] == $password) {//user is logged in
   // Show the contents of the protected page

} else { // user is not logged in, send them to index.php
    header("location: index.php");
    exit;
}

Link to comment
Share on other sites

if ($_SESSION['password'] == $password) {//user is logged in
   // Show the contents of the protected page

} else { // user is not logged in, send them to index.php
    header("location: index.php");
    exit;
}

 

So "$_SESSION['password']" I store the password in, and I don't have to redefine that on every page, what should I put into $password? And what about getting the user's input? Shoudl I use the POST method?

Link to comment
Share on other sites

On the page where you are giving permission put:

<?php
session_start();
//NOTHING AT ALL CAN GO BEFORE session_start();
//if logged in successfully
$_SESSION['password'] = 'potatotheimaginarypassword';
?>

That is the same as setting the $password variable which is not needed in this case.

 

 

Every page needing password protection. NOTHING AT ALL CAN GO BEFORE THIS:

<?php
session_start();
if ($_SESSION['password'] == 'potatotheimaginarypassword') {//user is logged in
   // Show the contents of the protected pageπ

} else { // user is not logged in, send them to index.php
    header("location: index.php");
    exit;
}
?>

Link to comment
Share on other sites

On the page where you are giving permission put:

<?php
session_start();
//NOTHING AT ALL CAN GO BEFORE session_start();
//if logged in successfully
$_SESSION['password'] = 'potatotheimaginarypassword';
?>

That is the same as setting the $password variable which is not needed in this case.

 

 

Every page needing password protection. NOTHING AT ALL CAN GO BEFORE THIS:

<?php
session_start();
if ($_SESSION['password'] == 'potatotheimaginarypassword') {//user is logged in
   // Show the contents of the protected pageπ

} else { // user is not logged in, send them to index.php
    header("location: index.php");
    exit;
}
?>

 

It doesn't work... I can simply type the URL of a "protected" page into the address bar and it will load up.

 

Do I need to start a new session on every page? And shouldn't I be using a $_POST to get what actually was typed into the password box?

 

DAMN this frustrates me :P.

Link to comment
Share on other sites

why are you so hellbend on doing that?

 

just check if a session, or cookie for that matter is present at the start of the script, if it is not present, then just echo an error message, else show what you normally be showing on the page.

 

It's php remember the server is only spitting out raw html, not the php in the source, so you should be relatively safe.

Link to comment
Share on other sites

why are you so hellbend on doing that?

 

just check if a session, or cookie for that matter is present at the start of the script, if it is not present, then just echo an error message, else show what you normally be showing on the page.

 

It's php remember the server is only spitting out raw html, not the php in the source, so you should be relatively safe.

 

I don't quite understand... ::)

Link to comment
Share on other sites

try this

 

<?php
//VERY START of the page
session_start();
if(isset($_POST['pass']))
{
$_SESSION['access'] = false;
$passwordd = $_POST['pass'];
if($passwordd == "SecurePassword")//your password 
{
$_SESSION['access'] = true;
header("Location: access.php");
}
echo "Invalid password";
}
?>

echo "<html><center><body bgcolor='black'><img src='headert.jpg'><br />
     <br />	
     <font color='red' size ='5'>Password required for access:</font>
     <form method='POST'><input type='password' maxlength='20' name='pass'><br />
     <br />	
     <input type='submit' value='Login!' name='login'></form></body></center></html>";

 

<?php
//VERY START of the page
session_start();
if(!$_SESSION['access'])
{
header("Location: start.php");
}
echo "your in ";
//reset of the page 
?>

 

Link to comment
Share on other sites

It doesn't work... I can simply type the URL of a "protected" page into the address bar and it will load up.

 

Do I need to start a new session on every page? And shouldn't I be using a $_POST to get what actually was typed into the password box?

 

DAMN this frustrates me :P.

You must still be logged in.

you need to log out and when doing that unset $_SESSION['password'];

 

GOOD LUCK

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.