THANK YOU so much for the help, you saved my life. I went ahead and tested the script on my local computer. I noticed however that when the correct password is entered, and you hit enter to submit, the webpage refreshes. However if you type the same password, it works, any ideas?. Please note, I used relative links for testing purposes on a local computer. Ill go ahead and post my login page. Thanks again. Sc1234freak.

EDIT: Is there a way to re-direct rather then then the header:location way. I am getting errors like "Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at C:\xampp\htdocs\publish\login.php:1) in C:\xampp\htdocs\publish\login.php on line 4 & Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\publish\index.php:1) in C:\xampp\htdocs\publish\index.php on line 10" The script worked in the limited mode, but when I added my HTML I'm getting these errors. I belive I need a better way to re-direct then header:location, but Im no expert. :p Thanks again. FYI: I also changed it so index.php is my legit home page, and login.php is the login system.
Code: Select all
<?php
/* Code to secure pages */
# Start Session
session_start();
# Check Authorization Token
// (Best Practice says to fail first when possible)
if(!isset($_SESSION['auth']) || $_SESSION['auth'] != "jHS590hsHSLQZ8fD801") {
# Redirect to login page
header('location:login.php');
exit();
} else {
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Serif WebPlus X4 (12.0.1.022)">
<title>Home</title>
<meta name="keywords" content="Sc1234freak,Sc1234freak Clan,Sc1234freak's Clan Website,The Legends,The Legends Clan">
<meta name="description" content="Sc1234freak's Clan Website">
<meta name="author" content="Sc1234freak">
<meta name="copyright" content="© Sc1234freak - 2010">
<meta http-equiv="Content-Language" content="en-us">
<meta name="robots" content="noindex,nofollow">
<script type="text/javascript" src="wpscripts/jsNavBarFuncs.js"></script>
<script type="text/javascript" src="wpscripts/global_navtree.js"></script>
<script type="text/javascript" src="wpscripts/wp_navbar_flash.js"></script>
<style type="text/css">
<!--
body {margin: 0px; padding: 0px;}
a:link {color: #0000ff;}
a:visited {color: #000080;}
a:hover {color: #000080;}
a:active {color: #0000ff;}
.Body-P
{
margin:0.0px 0.0px 12.0px 0.0px; text-align:left; font-weight:400;
}
.Artistic-Body-P
{
margin:0.0px 0.0px 0.0px 0.0px; text-align:right; font-weight:400;
}
.Body-P0
{
margin:0.0px 0.0px 12.0px 0.0px; text-align:center; font-weight:400;
}
.Body-C
{
font-family:"Verdana", sans-serif; font-weight:700; font-size:11.0px;
line-height:1.18em;
}
.Artistic-Body-C
{
font-family:"Verdana", sans-serif; font-size:13.0px;
line-height:1.23em;
}
.Body-C0
{
font-family:"Verdana", sans-serif; font-weight:700; font-size:16.0px;
line-height:1.13em;
}
.Body-C1
{
font-family:"Verdana", sans-serif; font-size:16.0px;
line-height:1.13em;
}
.Body-C2
{
font-family:"Verdana", sans-serif; font-size:16.0px;
line-height:1.13em; color:#612420;
}
-->
</style>
<script type="text/javascript" src="wpscripts/jspngfix.js"></script>
<script type="text/javascript"><!--
var blankSrc = "wpscripts/blank.gif";
--></script>
</head>
<body text="#000000" style="background-color:#9c5b2c; text-align:center; height:800px;">
<div style="background-color:transparent;text-align:left;margin-left:auto;margin-right:auto;position:relative;width:1024px;height:800px;">
<div style="position:absolute; left:0px; top:0px; width:1024px; height:771px;">
<img src="wpimages/wp35e59b77.png" width="1024" height="771" border="0" id="qs_2" name="qs_2" title="" alt="" onload="OnLoadPngFix()"></div>
<div style="position:absolute; left:0px; top:772px; width:1024px; height:28px;">
<img src="wpimages/wpc20ec91e.png" width="1024" height="28" border="0" id="qs_5" name="qs_5" title="" alt="" onload="OnLoadPngFix()"></div>
<div id="nav_77" style="position:absolute; left:0px; top:74px; width:922px; height:87px;">
<script type="text/javascript"><!--
try {
var navtree_nav_77 = WpNavBar.getNavTreeTopLevel( global_navtree, {m_sThisPageUrl:'index.php',
m_sNavBarTarget:'_self',
m_bIncludeAnchors:false,
m_bIncludeChildren:false,
m_bHideCurrent:false} );
if( !navtree_nav_77 ) throw WpNavBar.getErrorObj( 'Link tree could not be read' );
var nav_77 = new wp_navbar_flash("nav_77", navtree_nav_77, {'ExportNoScript':false,m_iWidth:922,
m_iHeight:87}, {'sFlashFile':'wpscripts/Designer_08_DD.swf','MenuButtonItem1Col':'944b22','MenuButtonItem2Col':'a96e4a','MenuButtonItem3Col':'ff00ff','ButtonCaps':false,'FontStyle':'Tahoma','FontSize':'20','FontColour':'#944b22','FontAlign':1,'endColor':'#ffffff','ButtonMargin':2,'ButtonSpace':20,'MenuDivider':false,'Margin':0,'MenuAlignMent':1,'MenuButtonStretch':true,'StretchButtons':false,'SubMenuMargin':10,'SubMenuButtonItem1Col':'944b22','SubMenuButtonItem2Col':'d1dde2','SubFontStyle':'Tahoma','SubFontSize':12,'SubFontColour':'#9c5b2c','SubTextOver':'#612420','SubButtonStretch':true,'VerticalMenus':false,'DropdownMenus':true,'differencePos':0,'ParticleColour':'#ff8000','NumberParticles':30,'Direction':0,'FixButtons':false,'SubInline':false,'SpeakFontStyle':'Tahoma','SpeakFontSize':'12','SpeakFontColour':'#cfa78c','SpeakFontAlign':1,'Speak':false,'ButtonScale':120});
} catch(e){
document.write( 'There was an error generating the navbar:<br>' + e.message );
}
--></script>
</div>
<div id="txt_1" style="position:absolute; left:0px; top:785px; width:316px; height:15px;-moz-box-sizing:border-box;box-sizing:border-box; overflow:hidden;">
<p class="Body-P"><span class="Body-C">Donors: Sc1234freak ($ 99.93), Erin ($ 15.00)</span></p>
</div>
<div style="position:absolute; left:743px; top:784px; width:270px; height:16px;">
<div class="Artistic-Body-P">
<span class="Artistic-Body-C"><a href="logout.php">Logout</a> | <a href="contact.php">Contact Us</a> | <a href="donate.php">Donate</a></span></div>
</div>
<div style="position:absolute; left:0px; top:0px; width:1024px; height:64px;">
<img src="wpimages/wp8a8047ca_05.jpg" width="1024" height="64" border="0" id="pic_5" name="pic_5" title="" alt=""></div>
<div style="position:absolute; left:572px; top:186px; width:190px; height:23px;">
<img src="wpimages/wped2a4168.png" width="190" height="23" border="0" id="art_1" name="art_1" title="" alt="Est. December 2007" onload="OnLoadPngFix()"></div>
<div style="position:absolute; left:771px; top:484px; width:228px; height:263px;">
<img src="wpimages/wp5730c55d.png" width="228" height="263" border="0" id="qs_2" name="qs_2" title="" alt="" onload="OnLoadPngFix()"></div>
<div style="position:absolute; left:125px; top:139px; width:280px; height:122px;">
<img src="wpimages/wpcfee9bb5.png" width="280" height="122" border="0" id="qs_1" name="qs_1" title="" alt="" onload="OnLoadPngFix()"></div>
<div style="position:absolute; left:278px; top:258px; width:469px; height:285px;">
<img src="wpimages/wp627385f4.png" width="469" height="285" border="0" id="qs_2" name="qs_2" title="" alt="" onload="OnLoadPngFix()"></div>
<div style="position:absolute; left:13px; top:136px; width:175px; height:174px;">
<img src="wpimages/wpb9ee888b.png" width="175" height="174" border="0" id="pic_6" name="pic_6" title="" alt="" onload="OnLoadPngFix()"></div>
<div style="position:absolute; left:837px; top:134px; width:175px; height:174px;">
<img src="wpimages/wpd5580449.png" width="175" height="174" border="0" id="pic_7" name="pic_7" title="" alt="" onload="OnLoadPngFix()"></div>
<div style="position:absolute; left:129px; top:153px; width:277px; height:99px;">
<img src="wpimages/wpb6aca00a.png" width="277" height="99" border="0" id="art_2" name="art_2" title="" alt="The only clan that everyone wants to be in!" onload="OnLoadPngFix()"></div>
<div id="txt_1" style="position:absolute; left:791px; top:501px; width:185px; height:221px;-moz-box-sizing:border-box;box-sizing:border-box; overflow:hidden;">
<p class="Body-P0"><span class="Body-C0">Welcome to The Legends Clan Website!</span></p>
<p class="Body-P0"><span class="Body-C0"> </span></p>
<p class="Body-P0"><span class="Body-C0">We have 70+ active members, and have been running non-<wbr>stop for two years. </span></p>
<p class="Body-P0"><span class="Body-C0">Welcome to the adventure</span><span class="Body-C1">!</span></p>
<p class="Body-P0"><span class="Body-C2"> </span></p>
</div>
<div style="position:absolute; left:287px; top:268px; width:451px; height:263px;">
<img src="wpimages/wpce6352de_05.jpg" width="451" height="263" border="0" id="pic_1" name="pic_1" title="Clan Photo" alt="Clan Photo"></div>
<div style="position:absolute; left:35px; top:511px; width:129px; height:197px;">
<img src="wpimages/wp3a9e32be.png" width="129" height="197" border="0" id="pic_4" name="pic_4" title="" alt="" onload="OnLoadPngFix()"></div>
</div>
<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script>
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-15096683-1");
pageTracker._trackPageview();
} catch(err) {}</script>
</body>
</html>
<?php
}
?>
Code: Select all
<?php
/* Login Form (login.php) */
# Start Session
session_start();
# Includes
// Try to use an absolute path starting from the root dir when possible
// ex: /var/www/login_project/login/db_connect.php
// Use include_once();
include_once("secure/db_connect.php");
# Handle Form Post
if($_POST['submit']) {
# Fetch POST vars
// md5 is not cryptographically suitable. You should use atleast sha256
$pass = (isset($_POST['password']) && !empty($_POST['password'])) ? hash('sha512', $_POST['password']) : '';
# Sanity Check
if(empty($pass)) {
# Redirect to login page
header('location:login.php?error=' . urlencode("Incorrect Password."));
exit();
}
# Fetch Password store from the database
// Do not display mysql_error() in a production environment
$clanpasslookup = mysql_query("SELECT `clanpass` FROM `clanpassword` LIMIT 1;");
# Verify Query was successful and atleast 1 row returned in result set
if(!$clanpasslookup || mysql_numrows($clanpasslookup) == 0) {
# Redirect to login page
header('location:login.php?error=' . urlencode("Incorrect Password."));
exit();
} else {
$clanpassvalue = mysql_fetch_array($clanpasslookup);
}
if($pass != $clanpassvalue['clanpass']) {
/* Passwords do not match */
# Redirect to login page
header('location:login.php?error=' . urlencode("Incorrect Password."));
exit();
} else {
/* Passwords match*/
# Regenerate Session Id
session_regenerate_id(1);
# Set Authentication Token
$_SESSION['auth'] = "jHS590hsHSLQZ8fD801";
# Redirect to user home
header('location:index.php');
exit();
}
} else {
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Serif WebPlus X4">
<title>Login</title>
<meta name="keywords" content="Sc1234freak,Sc1234freak Clan,Sc1234freak's Clan Website,The Legends,The Legends Clan">
<meta name="description" content="Sc1234freak's Clan Website">
<meta name="author" content="Sc1234freak">
<meta name="copyright" content="© Sc1234freak - 2010">
<meta http-equiv="Content-Language" content="en-us">
<meta name="robots" content="index,nofollow">
<script type="text/javascript">
<!--
function validate_form_1( form )
{
if( ltrim(rtrim(form.elements['edit_2'].value,' '),' ')=="" ) { alert("Incorrect Password."); form.elements['edit_2'].focus(); return false; }
return true;
}
-->
</script>
<style type="text/css">
<!--
body {margin: 0px; padding: 0px;}
a:link {color: #0000ff;}
a:visited {color: #000080;}
a:hover {color: #000080;}
a:active {color: #0000ff;}
.Body-P
{
margin:0.0px 0.0px 12.0px 0.0px; text-align:center; font-weight:400;
}
.Body-P0
{
margin:0.0px 0.0px 12.0px 0.0px; text-align:left; font-weight:400;
}
.Body-C
{
font-family:"Dragline BTN Dm", sans-serif; font-weight:700;
font-size:48.0px; line-height:1.23em;
}
.Body-C0
{
font-family:"Verdana", sans-serif; font-size:16.0px;
line-height:1.13em;
}
.Body-C1
{
font-family:"Verdana", sans-serif; font-weight:700; font-size:16.0px;
line-height:1.13em;
}
.Body-C2
{
font-family:"Verdana", sans-serif; font-weight:700; font-size:16.0px;
line-height:1.13em; text-decoration: underline;
}
-->
</style>
<script type="text/javascript" src="wpscripts/jspngfix.js"></script>
<script type="text/javascript"><!--
var blankSrc = "wpscripts/blank.gif";
--></script>
<script type="text/javascript" src="wpscripts/jsValidation.js"></script>
</head>
<body text="#000000" style="background-color:#9c5b2c; text-align:center; height:600px;">
<div style="background-color:transparent;text-align:left;margin-left:auto;margin-right:auto;position:relative;width:600px;height:600px;">
<div style="position:absolute; left:9px; top:8px; width:584px; height:583px;">
<img src="wpimages/wp07eb701b.png" width="584" height="583" border="0" id="qs_12" name="qs_12" title="" alt="" onload="OnLoadPngFix()"></div>
<div id="txt_1" style="position:absolute; left:38px; top:33px; width:525px; height:75px;-moz-box-sizing:border-box;box-sizing:border-box; overflow:hidden;">
<p class="Body-P"><span class="Body-C">The Legend’s Clan</span></p>
</div>
<div style="position:absolute; left:53px; top:136px; width:489px; height:373px;">
<img src="wpimages/wp4dc472d9.png" width="489" height="373" border="0" id="pic_1" name="pic_1" title="" alt="" onload="OnLoadPngFix()"></div>
<form method="post" action="login.php">
<form id="password" onSubmit="return validate_form_1(this)" action="" method="post" target="_self" enctype="application/x-www-form-urlencoded" style="margin:0px;">
<div style="position:absolute; left:234px; top:349px; width:155px; height:22px; text-align:left;">
<input type="password" id="edit_2" name="edit_2" size="21" style="width:155px;" maxlength="16" value="">
</div>
<div style="position:absolute; left:260px; top:408px; width:81px; height:22px; text-align:left;">
<input type="submit" id="butn_1" value="Login">
</div>
<div id="txt_1" style="position:absolute; left:102px; top:355px; width:126px; height:27px;-moz-box-sizing:border-box;box-sizing:border-box; overflow:hidden;">
<p class="Body-P0"><span class="Body-C0">Clan Password:</span></p>
</div>
</form>
<div style="position:absolute; left:366px; top:454px; width:206px; height:129px;">
<img src="wpimages/wp910fe8a9.png" width="206" height="129" border="0" id="qs_2" name="qs_2" title="" alt="" onload="OnLoadPngFix()"></div>
<div id="txt_2" style="position:absolute; left:374px; top:458px; width:192px; height:115px;-moz-box-sizing:border-box;box-sizing:border-box; overflow:hidden;">
<p class="Body-P"><span class="Body-C1">Please Note:</span><span class="Body-C0"> Pressing the Enter button to submit the password currently does </span><span class="Body-C2">NOT</span><span class="Body-C0">
work. It is being looked into.</span></p>
</div>
</div>
<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script>
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-15096683-1");
pageTracker._trackPageview();
} catch(err) {}</script>
</body>
</html>
<?php
# If there was an error, fetch error text
$error = (isset($_GET['error'])) ? $_GET['error'] : '';
# If there was an error, display error text
if(!empty($error))
print $error;
}
?>