php password protection script
Moderator: General Moderators
-
attackle98
- Forum Newbie
- Posts: 11
- Joined: Wed Oct 27, 2004 10:13 am
php password protection script
here is the main php file:
<?php
include "password_protect_page.php";
?>
.
.
.
Your Normal page
heres the password_protect_page.php file:
<?php
# Simple password protection
#
# (c) http://www.phpbuddy.com
# Author: Ranjit Kumar
# Feel free to use this script but keep this message intact!
#
# To protect a page include this file in your PHP pages!
session_start();
$admin_user_name = "admin";
$admin_password = "pass";
//you can change the username and password by changing the above two strings
if (!isset($HTTP_SESSION_VARS['user'])) {
if(isset($HTTP_POST_VARS['u_name']))
$u_name = $HTTP_POST_VARS['u_name'];
if(isset($HTTP_POST_VARS['u_password']))
$u_password = $HTTP_POST_VARS['u_password'];
if(!isset($u_name)) {
?>
<HTML>
<HEAD>
<TITLE><?php echo $HTTP_SERVER_VARS['HTTP_HOST']; ?> : Authentication Required</TITLE>
</HEAD>
<BODY bgcolor=#ffffff>
<table border=0 cellspacing=0 cellpadding=0 width=100%>
<TR><TD>
<font face=verdana size=2><B>(Access Restricted to Authorized Personnel)</b> </font></td>
</tr></table>
<P></P>
<font face=verdana size=2>
<center>
<?php
$form_to = "http://$HTTP_SERVER_VARS[HTTP_HOST]$HTTP_SERVER_VARS[PHP_SELF]";
if(isset($HTTP_SERVER_VARS["QUERY_STRING"]))
$form_to = $form_to ."?". $HTTP_SERVER_VARS["QUERY_STRING"];
?>
<form method=post action=<?php echo $form_to; ?>>
<table border=0 width=350>
<TR>
<TD><font face=verdana size=2><B>User Name</B></font></TD>
<TD><font face=verdana size=2><input type=text name=u_name size=20></font></TD></TR>
<TR>
<TD><font face=verdana size=2><B>Password</B></font></TD>
<TD><font face=verdana size=2><input type=password name=u_password size=20></font></TD>
</TR>
</table>
<input type=submit value=Login></form>
</center>
</font>
</BODY>
</HTML>
<?php
exit;
}
else {
function login_error($host,$php_self) {
echo "<HTML><HEAD>
<TITLE>$host : Administration</TITLE>
</HEAD><BODY bgcolor=#ffffff>
<table border=0 cellspacing=0 cellpadding=0 width=100%>
<TR><TD align=left>
<font face=verdana size=2><B> You Need to log on to access this part of the site! </b> </font></td>
</tr></table>
<P></P>
<font face=verdana size=2>
<center>";
echo "Error: You are not authorized to access this part of the site!
<B><a href=$php_self>Click here</a></b> to login again.<P>
</center>
</font>
</BODY>
</HTML>";
session_unregister("adb_password");
session_unregister("user");
exit;
}
$user_checked_passed = false;
if(isset($HTTP_SESSION_VARS['adb_password'])) {
$adb_session_password = $HTTP_SESSION_VARS['adb_password'];
$adb_session_user = $HTTP_SESSION_VARS['user'];
if($admin_password != $adb_session_password)
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
else {
$user_checked_passed = true;
}
}
if($user_checked_passed == false) {
if(strlen($u_name)< 2)
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
if($admin_user_name != $u_name) //if username not correct
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
if(isset($admin_password)) {
if($admin_password == $u_password) {
session_register("adb_password");
session_register("user");
$adb_password = $admin_password;
$user = $u_name;
}
else { //password in-correct
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
}
}
else {
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
}
$page_location = $HTTP_SERVER_VARS['PHP_SELF'];
if(isset($HTTP_SERVER_VARS["QUERY_STRING"]))
$page_location = $page_location ."?". $HTTP_SERVER_VARS["QUERY_STRING"];
header ("Location: ". $page_location);
}
}
}
?>
and whenever i run it i get these errors:
Warning: session_start(): Cannot send session cookie - headers already sent by (output started at D:\home\Default\jimswalemusic.com\htdocs\php\pw.php:9) in D:\home\Default\jimswalemusic.com\htdocs\php\password_protect_page.php on line 13
Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at D:\home\Default\jimswalemusic.com\htdocs\php\pw.php:9) in D:\home\Default\jimswalemusic.com\htdocs\php\password_protect_page.php on line 13
Warning: Cannot modify header information - headers already sent by (output started at D:\home\Default\jimswalemusic.com\htdocs\php\pw.php:9) in D:\home\Default\jimswalemusic.com\htdocs\php\password_protect_page.php on line 139
. . . Your Normal page
?>
<?php
include "password_protect_page.php";
?>
.
.
.
Your Normal page
heres the password_protect_page.php file:
<?php
# Simple password protection
#
# (c) http://www.phpbuddy.com
# Author: Ranjit Kumar
# Feel free to use this script but keep this message intact!
#
# To protect a page include this file in your PHP pages!
session_start();
$admin_user_name = "admin";
$admin_password = "pass";
//you can change the username and password by changing the above two strings
if (!isset($HTTP_SESSION_VARS['user'])) {
if(isset($HTTP_POST_VARS['u_name']))
$u_name = $HTTP_POST_VARS['u_name'];
if(isset($HTTP_POST_VARS['u_password']))
$u_password = $HTTP_POST_VARS['u_password'];
if(!isset($u_name)) {
?>
<HTML>
<HEAD>
<TITLE><?php echo $HTTP_SERVER_VARS['HTTP_HOST']; ?> : Authentication Required</TITLE>
</HEAD>
<BODY bgcolor=#ffffff>
<table border=0 cellspacing=0 cellpadding=0 width=100%>
<TR><TD>
<font face=verdana size=2><B>(Access Restricted to Authorized Personnel)</b> </font></td>
</tr></table>
<P></P>
<font face=verdana size=2>
<center>
<?php
$form_to = "http://$HTTP_SERVER_VARS[HTTP_HOST]$HTTP_SERVER_VARS[PHP_SELF]";
if(isset($HTTP_SERVER_VARS["QUERY_STRING"]))
$form_to = $form_to ."?". $HTTP_SERVER_VARS["QUERY_STRING"];
?>
<form method=post action=<?php echo $form_to; ?>>
<table border=0 width=350>
<TR>
<TD><font face=verdana size=2><B>User Name</B></font></TD>
<TD><font face=verdana size=2><input type=text name=u_name size=20></font></TD></TR>
<TR>
<TD><font face=verdana size=2><B>Password</B></font></TD>
<TD><font face=verdana size=2><input type=password name=u_password size=20></font></TD>
</TR>
</table>
<input type=submit value=Login></form>
</center>
</font>
</BODY>
</HTML>
<?php
exit;
}
else {
function login_error($host,$php_self) {
echo "<HTML><HEAD>
<TITLE>$host : Administration</TITLE>
</HEAD><BODY bgcolor=#ffffff>
<table border=0 cellspacing=0 cellpadding=0 width=100%>
<TR><TD align=left>
<font face=verdana size=2><B> You Need to log on to access this part of the site! </b> </font></td>
</tr></table>
<P></P>
<font face=verdana size=2>
<center>";
echo "Error: You are not authorized to access this part of the site!
<B><a href=$php_self>Click here</a></b> to login again.<P>
</center>
</font>
</BODY>
</HTML>";
session_unregister("adb_password");
session_unregister("user");
exit;
}
$user_checked_passed = false;
if(isset($HTTP_SESSION_VARS['adb_password'])) {
$adb_session_password = $HTTP_SESSION_VARS['adb_password'];
$adb_session_user = $HTTP_SESSION_VARS['user'];
if($admin_password != $adb_session_password)
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
else {
$user_checked_passed = true;
}
}
if($user_checked_passed == false) {
if(strlen($u_name)< 2)
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
if($admin_user_name != $u_name) //if username not correct
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
if(isset($admin_password)) {
if($admin_password == $u_password) {
session_register("adb_password");
session_register("user");
$adb_password = $admin_password;
$user = $u_name;
}
else { //password in-correct
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
}
}
else {
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
}
$page_location = $HTTP_SERVER_VARS['PHP_SELF'];
if(isset($HTTP_SERVER_VARS["QUERY_STRING"]))
$page_location = $page_location ."?". $HTTP_SERVER_VARS["QUERY_STRING"];
header ("Location: ". $page_location);
}
}
}
?>
and whenever i run it i get these errors:
Warning: session_start(): Cannot send session cookie - headers already sent by (output started at D:\home\Default\jimswalemusic.com\htdocs\php\pw.php:9) in D:\home\Default\jimswalemusic.com\htdocs\php\password_protect_page.php on line 13
Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at D:\home\Default\jimswalemusic.com\htdocs\php\pw.php:9) in D:\home\Default\jimswalemusic.com\htdocs\php\password_protect_page.php on line 13
Warning: Cannot modify header information - headers already sent by (output started at D:\home\Default\jimswalemusic.com\htdocs\php\pw.php:9) in D:\home\Default\jimswalemusic.com\htdocs\php\password_protect_page.php on line 139
. . . Your Normal page
?>
Last edited by attackle98 on Thu Oct 28, 2004 10:19 am, edited 2 times in total.
- evilmonkey
- Forum Regular
- Posts: 823
- Joined: Sun Oct 06, 2002 1:24 pm
- Location: Toronto, Canada
-
kettle_drum
- DevNet Resident
- Posts: 1150
- Joined: Sun Jul 20, 2003 9:25 pm
- Location: West Yorkshire, England
You cannot send ANY data to the user before setting a session or cookie - or ANY other type of header. make sure that your not sending ANY text or white space before the script sets the session.
viewtopic.php?t=1157
viewtopic.php?t=1157
You forgot the start
Code: Select all
tag.-
attackle98
- Forum Newbie
- Posts: 11
- Joined: Wed Oct 27, 2004 10:13 am
i dont think i have sent other data to the browser as far as i know except the include statement in the first program otherwise all thats abouve the start_session is the commentskettle_drum wrote:You cannot send ANY data to the user before setting a session or cookie - or ANY other type of header. make sure that your not sending ANY text or white space before the script sets the session.
viewtopic.php?t=1157
-
kettle_drum
- DevNet Resident
- Posts: 1150
- Joined: Sun Jul 20, 2003 9:25 pm
- Location: West Yorkshire, England
-
LostMyLove
- Forum Newbie
- Posts: 20
- Joined: Mon Sep 27, 2004 12:20 pm
helping it:
not formatted, but helps a lot to people help it.. but by the errors, u need to set session_register at beggin of script
Code: Select all
<?php
# Simple password protection
#
# (c) http://www.phpbuddy.com
# Author: Ranjit Kumar
# Feel free to use this script but keep this message intact!
#
# To protect a page include this file in your PHP pages!
session_start();
$admin_user_name = "admin";
$admin_password = "pass";
//you can change the username and password by changing the above two strings
if (!isset($HTTP_SESSION_VARS['user'])) {
if(isset($HTTP_POST_VARS['u_name']))
$u_name = $HTTP_POST_VARS['u_name'];
if(isset($HTTP_POST_VARS['u_password']))
$u_password = $HTTP_POST_VARS['u_password'];
if(!isset($u_name)) {
?>
<HTML>
<HEAD>
<TITLE><?php echo $HTTP_SERVER_VARS['HTTP_HOST']; ?> : Authentication Required</TITLE>
</HEAD>
<BODY bgcolor=#ffffff>
<table border=0 cellspacing=0 cellpadding=0 width=100%>
<TR><TD>
<font face=verdana size=2><B>(Access Restricted to Authorized Personnel)</b> </font></td>
</tr></table>
<P></P>
<font face=verdana size=2>
<center>
<?php
$form_to = "http://$HTTP_SERVER_VARS[HTTP_HOST]$HTTP_SERVER_VARS[PHP_SELF]";
if(isset($HTTP_SERVER_VARS["QUERY_STRING"]))
$form_to = $form_to ."?". $HTTP_SERVER_VARS["QUERY_STRING"];
?>
<form method=post action=<?php echo $form_to; ?>>
<table border=0 width=350>
<TR>
<TD><font face=verdana size=2><B>User Name</B></font></TD>
<TD><font face=verdana size=2><input type=text name=u_name size=20></font></TD></TR>
<TR>
<TD><font face=verdana size=2><B>Password</B></font></TD>
<TD><font face=verdana size=2><input type=password name=u_password size=20></font></TD>
</TR>
</table>
<input type=submit value=Login></form>
</center>
</font>
</BODY>
</HTML>
<?php
exit;
}
else {
function login_error($host,$php_self) {
echo "<HTML><HEAD>
<TITLE>$host : Administration</TITLE>
</HEAD><BODY bgcolor=#ffffff>
<table border=0 cellspacing=0 cellpadding=0 width=100%>
<TR><TD align=left>
<font face=verdana size=2><B> You Need to log on to access this part of the site! </b> </font></td>
</tr></table>
<P></P>
<font face=verdana size=2>
<center>";
echo "Error: You are not authorized to access this part of the site!
<B><a href=$php_self>Click here</a></b> to login again.<P>
</center>
</font>
</BODY>
</HTML>";
session_unregister("adb_password");
session_unregister("user");
exit;
}
$user_checked_passed = false;
if(isset($HTTP_SESSION_VARS['adb_password'])) {
$adb_session_password = $HTTP_SESSION_VARS['adb_password'];
$adb_session_user = $HTTP_SESSION_VARS['user'];
if($admin_password != $adb_session_password)
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
else {
$user_checked_passed = true;
}
}
if($user_checked_passed == false) {
if(strlen($u_name)< 2)
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
if($admin_user_name != $u_name) //if username not correct
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
if(isset($admin_password)) {
if($admin_password == $u_password) {
session_register("adb_password");
session_register("user");
$adb_password = $admin_password;
$user = $u_name;
}
else { //password in-correct
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
}
}
else {
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
}
$page_location = $HTTP_SERVER_VARS['PHP_SELF'];
if(isset($HTTP_SERVER_VARS["QUERY_STRING"]))
$page_location = $page_location ."?". $HTTP_SERVER_VARS["QUERY_STRING"];
header ("Location: ". $page_location);
}
}
}
?>-
attackle98
- Forum Newbie
- Posts: 11
- Joined: Wed Oct 27, 2004 10:13 am
-
kettle_drum
- DevNet Resident
- Posts: 1150
- Joined: Sun Jul 20, 2003 9:25 pm
- Location: West Yorkshire, England
-
attackle98
- Forum Newbie
- Posts: 11
- Joined: Wed Oct 27, 2004 10:13 am
-
kettle_drum
- DevNet Resident
- Posts: 1150
- Joined: Sun Jul 20, 2003 9:25 pm
- Location: West Yorkshire, England
-
attackle98
- Forum Newbie
- Posts: 11
- Joined: Wed Oct 27, 2004 10:13 am
-
attackle98
- Forum Newbie
- Posts: 11
- Joined: Wed Oct 27, 2004 10:13 am
-
kettle_drum
- DevNet Resident
- Posts: 1150
- Joined: Sun Jul 20, 2003 9:25 pm
- Location: West Yorkshire, England
Well for a single user like the script has at the moment you would simply need to replace:
With code that got those values from a database. if you want multiple users then you have to use the username the user entered to get the password from the database that is for that user and then compair them.
Im sure there are already many scripts out there that do this kind of thing...if i have time later i might whip up a class to do all this.
Code: Select all
$admin_user_name = "admin";
$admin_password = "pass";Im sure there are already many scripts out there that do this kind of thing...if i have time later i might whip up a class to do all this.
-
attackle98
- Forum Newbie
- Posts: 11
- Joined: Wed Oct 27, 2004 10:13 am