php password protection script

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

attackle98
Forum Newbie
Posts: 11
Joined: Wed Oct 27, 2004 10:13 am

php password protection script

Post by attackle98 »

here is the main php file:
<?php
include "password_protect_page.php";
?>
.
.
.
Your Normal page


heres the password_protect_page.php file:
<?php
# Simple password protection
#
# (c) http://www.phpbuddy.com
# Author: Ranjit Kumar
# Feel free to use this script but keep this message intact!
#
# To protect a page include this file in your PHP pages!

session_start();

$admin_user_name = "admin";
$admin_password = "pass";
//you can change the username and password by changing the above two strings

if (!isset($HTTP_SESSION_VARS['user'])) {

if(isset($HTTP_POST_VARS['u_name']))
$u_name = $HTTP_POST_VARS['u_name'];

if(isset($HTTP_POST_VARS['u_password']))
$u_password = $HTTP_POST_VARS['u_password'];

if(!isset($u_name)) {
?>
<HTML>
<HEAD>
<TITLE><?php echo $HTTP_SERVER_VARS['HTTP_HOST']; ?> : Authentication Required</TITLE>
</HEAD>
<BODY bgcolor=#ffffff>
<table border=0 cellspacing=0 cellpadding=0 width=100%>
<TR><TD>
<font face=verdana size=2><B>(Access Restricted to Authorized Personnel)</b> </font></td>
</tr></table>
<P></P>
<font face=verdana size=2>
<center>
<?php
$form_to = "http://$HTTP_SERVER_VARS[HTTP_HOST]$HTTP_SERVER_VARS[PHP_SELF]";

if(isset($HTTP_SERVER_VARS["QUERY_STRING"]))
$form_to = $form_to ."?". $HTTP_SERVER_VARS["QUERY_STRING"];

?>
<form method=post action=<?php echo $form_to; ?>>
<table border=0 width=350>
<TR>
<TD><font face=verdana size=2><B>User Name</B></font></TD>
<TD><font face=verdana size=2><input type=text name=u_name size=20></font></TD></TR>
<TR>
<TD><font face=verdana size=2><B>Password</B></font></TD>
<TD><font face=verdana size=2><input type=password name=u_password size=20></font></TD>
</TR>
</table>
<input type=submit value=Login></form>
</center>
</font>
</BODY>
</HTML>

<?php
exit;
}
else {

function login_error($host,$php_self) {
echo "<HTML><HEAD>
<TITLE>$host : Administration</TITLE>
</HEAD><BODY bgcolor=#ffffff>
<table border=0 cellspacing=0 cellpadding=0 width=100%>
<TR><TD align=left>
<font face=verdana size=2><B> You Need to log on to access this part of the site! </b> </font></td>
</tr></table>
<P></P>
<font face=verdana size=2>
<center>";

echo "Error: You are not authorized to access this part of the site!
<B><a href=$php_self>Click here</a></b> to login again.<P>
</center>
</font>
</BODY>
</HTML>";
session_unregister("adb_password");
session_unregister("user");
exit;
}

$user_checked_passed = false;


if(isset($HTTP_SESSION_VARS['adb_password'])) {

$adb_session_password = $HTTP_SESSION_VARS['adb_password'];
$adb_session_user = $HTTP_SESSION_VARS['user'];


if($admin_password != $adb_session_password)
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
else {
$user_checked_passed = true;
}
}


if($user_checked_passed == false) {

if(strlen($u_name)< 2)
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);

if($admin_user_name != $u_name) //if username not correct
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);

if(isset($admin_password)) {

if($admin_password == $u_password) {

session_register("adb_password");
session_register("user");

$adb_password = $admin_password;
$user = $u_name;
}
else { //password in-correct
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
}
}
else {
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
}

$page_location = $HTTP_SERVER_VARS['PHP_SELF'];
if(isset($HTTP_SERVER_VARS["QUERY_STRING"]))
$page_location = $page_location ."?". $HTTP_SERVER_VARS["QUERY_STRING"];

header ("Location: ". $page_location);
}
}
}
?>


and whenever i run it i get these errors:
Warning: session_start(): Cannot send session cookie - headers already sent by (output started at D:\home\Default\jimswalemusic.com\htdocs\php\pw.php:9) in D:\home\Default\jimswalemusic.com\htdocs\php\password_protect_page.php on line 13

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at D:\home\Default\jimswalemusic.com\htdocs\php\pw.php:9) in D:\home\Default\jimswalemusic.com\htdocs\php\password_protect_page.php on line 13

Warning: Cannot modify header information - headers already sent by (output started at D:\home\Default\jimswalemusic.com\htdocs\php\pw.php:9) in D:\home\Default\jimswalemusic.com\htdocs\php\password_protect_page.php on line 139
. . . Your Normal page
?>
Last edited by attackle98 on Thu Oct 28, 2004 10:19 am, edited 2 times in total.
User avatar
evilmonkey
Forum Regular
Posts: 823
Joined: Sun Oct 06, 2002 1:24 pm
Location: Toronto, Canada

Post by evilmonkey »

I hear feyd coming and saying "PHP TAGS!!! :twisted: ". Seriously though, you should use them if you want help on these forums.
kettle_drum
DevNet Resident
Posts: 1150
Joined: Sun Jul 20, 2003 9:25 pm
Location: West Yorkshire, England

Post by kettle_drum »

You cannot send ANY data to the user before setting a session or cookie - or ANY other type of header. make sure that your not sending ANY text or white space before the script sets the session.

viewtopic.php?t=1157
AngusL
Forum Contributor
Posts: 155
Joined: Fri Aug 20, 2004 4:28 am
Location: Falkirk, Scotland

Post by AngusL »

You forgot the start

Code: Select all

tag.
attackle98
Forum Newbie
Posts: 11
Joined: Wed Oct 27, 2004 10:13 am

Post by attackle98 »

kettle_drum wrote:You cannot send ANY data to the user before setting a session or cookie - or ANY other type of header. make sure that your not sending ANY text or white space before the script sets the session.

viewtopic.php?t=1157
i dont think i have sent other data to the browser as far as i know except the include statement in the first program otherwise all thats abouve the start_session is the comments
kettle_drum
DevNet Resident
Posts: 1150
Joined: Sun Jul 20, 2003 9:25 pm
Location: West Yorkshire, England

Post by kettle_drum »

Whats on or around line 9 on pw.php ?
(output started at D:\home\Default\jimswalemusic.com\htdocs\php\pw.php:9)
LostMyLove
Forum Newbie
Posts: 20
Joined: Mon Sep 27, 2004 12:20 pm

Post by LostMyLove »

helping it:

Code: Select all

<?php
# Simple password protection
#
# (c) http://www.phpbuddy.com
# Author: Ranjit Kumar
# Feel free to use this script but keep this message intact!
#
# To protect a page include this file in your PHP pages!

session_start();

$admin_user_name = "admin";
$admin_password = "pass";
//you can change the username and password by changing the above two strings

if (!isset($HTTP_SESSION_VARS['user'])) {

if(isset($HTTP_POST_VARS['u_name']))
$u_name = $HTTP_POST_VARS['u_name'];

if(isset($HTTP_POST_VARS['u_password']))
$u_password = $HTTP_POST_VARS['u_password'];

if(!isset($u_name)) {
?>
<HTML>
<HEAD>
<TITLE><?php echo $HTTP_SERVER_VARS['HTTP_HOST']; ?> : Authentication Required</TITLE>
</HEAD>
<BODY bgcolor=#ffffff>
<table border=0 cellspacing=0 cellpadding=0 width=100%>
<TR><TD>
<font face=verdana size=2><B>(Access Restricted to Authorized Personnel)</b> </font></td>
</tr></table>
<P></P>
<font face=verdana size=2>
<center>
<?php
$form_to = "http://$HTTP_SERVER_VARS[HTTP_HOST]$HTTP_SERVER_VARS[PHP_SELF]";

if(isset($HTTP_SERVER_VARS["QUERY_STRING"]))
$form_to = $form_to ."?". $HTTP_SERVER_VARS["QUERY_STRING"];

?>
<form method=post action=<?php echo $form_to; ?>>
<table border=0 width=350>
<TR>
<TD><font face=verdana size=2><B>User Name</B></font></TD>
<TD><font face=verdana size=2><input type=text name=u_name size=20></font></TD></TR>
<TR>
<TD><font face=verdana size=2><B>Password</B></font></TD>
<TD><font face=verdana size=2><input type=password name=u_password size=20></font></TD>
</TR>
</table>
<input type=submit value=Login></form>
</center>
</font>
</BODY>
</HTML>

<?php
exit;
}
else {

function login_error($host,$php_self) {
echo "<HTML><HEAD>
<TITLE>$host : Administration</TITLE>
</HEAD><BODY bgcolor=#ffffff>
<table border=0 cellspacing=0 cellpadding=0 width=100%>
<TR><TD align=left>
<font face=verdana size=2><B> You Need to log on to access this part of the site! </b> </font></td>
</tr></table>
<P></P>
<font face=verdana size=2>
<center>";

echo "Error: You are not authorized to access this part of the site!
<B><a href=$php_self>Click here</a></b> to login again.<P>
</center>
</font>
</BODY>
</HTML>";
session_unregister("adb_password");
session_unregister("user");
exit;
}

$user_checked_passed = false;


if(isset($HTTP_SESSION_VARS['adb_password'])) {

$adb_session_password = $HTTP_SESSION_VARS['adb_password'];
$adb_session_user = $HTTP_SESSION_VARS['user'];


if($admin_password != $adb_session_password)
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
else {
$user_checked_passed = true;
}
}


if($user_checked_passed == false) {

if(strlen($u_name)< 2)
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);

if($admin_user_name != $u_name) //if username not correct
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);

if(isset($admin_password)) {

if($admin_password == $u_password) {

session_register("adb_password");
session_register("user");

$adb_password = $admin_password;
$user = $u_name;
}
else { //password in-correct
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
}
}
else {
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
}

$page_location = $HTTP_SERVER_VARS['PHP_SELF'];
if(isset($HTTP_SERVER_VARS["QUERY_STRING"]))
$page_location = $page_location ."?". $HTTP_SERVER_VARS["QUERY_STRING"];

header ("Location: ". $page_location);
}
}
}
?>
not formatted, but helps a lot to people help it.. but by the errors, u need to set session_register at beggin of script
attackle98
Forum Newbie
Posts: 11
Joined: Wed Oct 27, 2004 10:13 am

Post by attackle98 »

so what at like line 22 on the code above instead of session_start();, put session_register();?
sorry im a complete newb to php
kettle_drum
DevNet Resident
Posts: 1150
Joined: Sun Jul 20, 2003 9:25 pm
Location: West Yorkshire, England

Post by kettle_drum »

The problem is that you are sending some kind of data to the user at line 9 in pw.php - so look at that part of your code.

(output started at D:\home\Default\jimswalemusic.com\htdocs\php\pw.php:9)
attackle98
Forum Newbie
Posts: 11
Joined: Wed Oct 27, 2004 10:13 am

Post by attackle98 »

line 9 in pw.php is this: <?php
kettle_drum
DevNet Resident
Posts: 1150
Joined: Sun Jul 20, 2003 9:25 pm
Location: West Yorkshire, England

Post by kettle_drum »

Is there any spaces before that? Go back with your arrow keys and make sure there are no spaces.
attackle98
Forum Newbie
Posts: 11
Joined: Wed Oct 27, 2004 10:13 am

Post by attackle98 »

i deleted everything else except that php statement <?php include "password_protect_page.php"; ?> and i deleted the beginning html tags in the other php program and it works now sweet thanks for helping me
attackle98
Forum Newbie
Posts: 11
Joined: Wed Oct 27, 2004 10:13 am

Post by attackle98 »

just one more hard question probably not for you but on the site i got the script from they said it would be simple where i could store the usernames and passwords in a db just wondering how i could do it
kettle_drum
DevNet Resident
Posts: 1150
Joined: Sun Jul 20, 2003 9:25 pm
Location: West Yorkshire, England

Post by kettle_drum »

Well for a single user like the script has at the moment you would simply need to replace:

Code: Select all

$admin_user_name = "admin"; 
$admin_password = "pass";
With code that got those values from a database. if you want multiple users then you have to use the username the user entered to get the password from the database that is for that user and then compair them.

Im sure there are already many scripts out there that do this kind of thing...if i have time later i might whip up a class to do all this.
attackle98
Forum Newbie
Posts: 11
Joined: Wed Oct 27, 2004 10:13 am

Post by attackle98 »

umm well i dont know how to do db's if anyone could help it would be very much appreciated
Post Reply