Page 1 of 2

php password protection script

Posted: Wed Oct 27, 2004 10:18 am
by attackle98
here is the main php file:
<?php
include "password_protect_page.php";
?>
.
.
.
Your Normal page


heres the password_protect_page.php file:
<?php
# Simple password protection
#
# (c) http://www.phpbuddy.com
# Author: Ranjit Kumar
# Feel free to use this script but keep this message intact!
#
# To protect a page include this file in your PHP pages!

session_start();

$admin_user_name = "admin";
$admin_password = "pass";
//you can change the username and password by changing the above two strings

if (!isset($HTTP_SESSION_VARS['user'])) {

if(isset($HTTP_POST_VARS['u_name']))
$u_name = $HTTP_POST_VARS['u_name'];

if(isset($HTTP_POST_VARS['u_password']))
$u_password = $HTTP_POST_VARS['u_password'];

if(!isset($u_name)) {
?>
<HTML>
<HEAD>
<TITLE><?php echo $HTTP_SERVER_VARS['HTTP_HOST']; ?> : Authentication Required</TITLE>
</HEAD>
<BODY bgcolor=#ffffff>
<table border=0 cellspacing=0 cellpadding=0 width=100%>
<TR><TD>
<font face=verdana size=2><B>(Access Restricted to Authorized Personnel)</b> </font></td>
</tr></table>
<P></P>
<font face=verdana size=2>
<center>
<?php
$form_to = "http://$HTTP_SERVER_VARS[HTTP_HOST]$HTTP_SERVER_VARS[PHP_SELF]";

if(isset($HTTP_SERVER_VARS["QUERY_STRING"]))
$form_to = $form_to ."?". $HTTP_SERVER_VARS["QUERY_STRING"];

?>
<form method=post action=<?php echo $form_to; ?>>
<table border=0 width=350>
<TR>
<TD><font face=verdana size=2><B>User Name</B></font></TD>
<TD><font face=verdana size=2><input type=text name=u_name size=20></font></TD></TR>
<TR>
<TD><font face=verdana size=2><B>Password</B></font></TD>
<TD><font face=verdana size=2><input type=password name=u_password size=20></font></TD>
</TR>
</table>
<input type=submit value=Login></form>
</center>
</font>
</BODY>
</HTML>

<?php
exit;
}
else {

function login_error($host,$php_self) {
echo "<HTML><HEAD>
<TITLE>$host : Administration</TITLE>
</HEAD><BODY bgcolor=#ffffff>
<table border=0 cellspacing=0 cellpadding=0 width=100%>
<TR><TD align=left>
<font face=verdana size=2><B> You Need to log on to access this part of the site! </b> </font></td>
</tr></table>
<P></P>
<font face=verdana size=2>
<center>";

echo "Error: You are not authorized to access this part of the site!
<B><a href=$php_self>Click here</a></b> to login again.<P>
</center>
</font>
</BODY>
</HTML>";
session_unregister("adb_password");
session_unregister("user");
exit;
}

$user_checked_passed = false;


if(isset($HTTP_SESSION_VARS['adb_password'])) {

$adb_session_password = $HTTP_SESSION_VARS['adb_password'];
$adb_session_user = $HTTP_SESSION_VARS['user'];


if($admin_password != $adb_session_password)
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
else {
$user_checked_passed = true;
}
}


if($user_checked_passed == false) {

if(strlen($u_name)< 2)
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);

if($admin_user_name != $u_name) //if username not correct
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);

if(isset($admin_password)) {

if($admin_password == $u_password) {

session_register("adb_password");
session_register("user");

$adb_password = $admin_password;
$user = $u_name;
}
else { //password in-correct
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
}
}
else {
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
}

$page_location = $HTTP_SERVER_VARS['PHP_SELF'];
if(isset($HTTP_SERVER_VARS["QUERY_STRING"]))
$page_location = $page_location ."?". $HTTP_SERVER_VARS["QUERY_STRING"];

header ("Location: ". $page_location);
}
}
}
?>


and whenever i run it i get these errors:
Warning: session_start(): Cannot send session cookie - headers already sent by (output started at D:\home\Default\jimswalemusic.com\htdocs\php\pw.php:9) in D:\home\Default\jimswalemusic.com\htdocs\php\password_protect_page.php on line 13

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at D:\home\Default\jimswalemusic.com\htdocs\php\pw.php:9) in D:\home\Default\jimswalemusic.com\htdocs\php\password_protect_page.php on line 13

Warning: Cannot modify header information - headers already sent by (output started at D:\home\Default\jimswalemusic.com\htdocs\php\pw.php:9) in D:\home\Default\jimswalemusic.com\htdocs\php\password_protect_page.php on line 139
. . . Your Normal page
?>

Posted: Wed Oct 27, 2004 10:20 am
by evilmonkey
I hear feyd coming and saying "PHP TAGS!!! :twisted: ". Seriously though, you should use them if you want help on these forums.

Posted: Wed Oct 27, 2004 10:21 am
by kettle_drum
You cannot send ANY data to the user before setting a session or cookie - or ANY other type of header. make sure that your not sending ANY text or white space before the script sets the session.

viewtopic.php?t=1157

Posted: Wed Oct 27, 2004 10:23 am
by AngusL
You forgot the start

Code: Select all

tag.

Posted: Wed Oct 27, 2004 10:27 am
by attackle98
kettle_drum wrote:You cannot send ANY data to the user before setting a session or cookie - or ANY other type of header. make sure that your not sending ANY text or white space before the script sets the session.

viewtopic.php?t=1157
i dont think i have sent other data to the browser as far as i know except the include statement in the first program otherwise all thats abouve the start_session is the comments

Posted: Wed Oct 27, 2004 10:30 am
by kettle_drum
Whats on or around line 9 on pw.php ?
(output started at D:\home\Default\jimswalemusic.com\htdocs\php\pw.php:9)

Posted: Wed Oct 27, 2004 9:05 pm
by LostMyLove
helping it:

Code: Select all

<?php
# Simple password protection
#
# (c) http://www.phpbuddy.com
# Author: Ranjit Kumar
# Feel free to use this script but keep this message intact!
#
# To protect a page include this file in your PHP pages!

session_start();

$admin_user_name = "admin";
$admin_password = "pass";
//you can change the username and password by changing the above two strings

if (!isset($HTTP_SESSION_VARS['user'])) {

if(isset($HTTP_POST_VARS['u_name']))
$u_name = $HTTP_POST_VARS['u_name'];

if(isset($HTTP_POST_VARS['u_password']))
$u_password = $HTTP_POST_VARS['u_password'];

if(!isset($u_name)) {
?>
<HTML>
<HEAD>
<TITLE><?php echo $HTTP_SERVER_VARS['HTTP_HOST']; ?> : Authentication Required</TITLE>
</HEAD>
<BODY bgcolor=#ffffff>
<table border=0 cellspacing=0 cellpadding=0 width=100%>
<TR><TD>
<font face=verdana size=2><B>(Access Restricted to Authorized Personnel)</b> </font></td>
</tr></table>
<P></P>
<font face=verdana size=2>
<center>
<?php
$form_to = "http://$HTTP_SERVER_VARS[HTTP_HOST]$HTTP_SERVER_VARS[PHP_SELF]";

if(isset($HTTP_SERVER_VARS["QUERY_STRING"]))
$form_to = $form_to ."?". $HTTP_SERVER_VARS["QUERY_STRING"];

?>
<form method=post action=<?php echo $form_to; ?>>
<table border=0 width=350>
<TR>
<TD><font face=verdana size=2><B>User Name</B></font></TD>
<TD><font face=verdana size=2><input type=text name=u_name size=20></font></TD></TR>
<TR>
<TD><font face=verdana size=2><B>Password</B></font></TD>
<TD><font face=verdana size=2><input type=password name=u_password size=20></font></TD>
</TR>
</table>
<input type=submit value=Login></form>
</center>
</font>
</BODY>
</HTML>

<?php
exit;
}
else {

function login_error($host,$php_self) {
echo "<HTML><HEAD>
<TITLE>$host : Administration</TITLE>
</HEAD><BODY bgcolor=#ffffff>
<table border=0 cellspacing=0 cellpadding=0 width=100%>
<TR><TD align=left>
<font face=verdana size=2><B> You Need to log on to access this part of the site! </b> </font></td>
</tr></table>
<P></P>
<font face=verdana size=2>
<center>";

echo "Error: You are not authorized to access this part of the site!
<B><a href=$php_self>Click here</a></b> to login again.<P>
</center>
</font>
</BODY>
</HTML>";
session_unregister("adb_password");
session_unregister("user");
exit;
}

$user_checked_passed = false;


if(isset($HTTP_SESSION_VARS['adb_password'])) {

$adb_session_password = $HTTP_SESSION_VARS['adb_password'];
$adb_session_user = $HTTP_SESSION_VARS['user'];


if($admin_password != $adb_session_password)
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
else {
$user_checked_passed = true;
}
}


if($user_checked_passed == false) {

if(strlen($u_name)< 2)
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);

if($admin_user_name != $u_name) //if username not correct
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);

if(isset($admin_password)) {

if($admin_password == $u_password) {

session_register("adb_password");
session_register("user");

$adb_password = $admin_password;
$user = $u_name;
}
else { //password in-correct
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
}
}
else {
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
}

$page_location = $HTTP_SERVER_VARS['PHP_SELF'];
if(isset($HTTP_SERVER_VARS["QUERY_STRING"]))
$page_location = $page_location ."?". $HTTP_SERVER_VARS["QUERY_STRING"];

header ("Location: ". $page_location);
}
}
}
?>
not formatted, but helps a lot to people help it.. but by the errors, u need to set session_register at beggin of script

Posted: Thu Oct 28, 2004 8:31 am
by attackle98
so what at like line 22 on the code above instead of session_start();, put session_register();?
sorry im a complete newb to php

Posted: Thu Oct 28, 2004 9:39 am
by kettle_drum
The problem is that you are sending some kind of data to the user at line 9 in pw.php - so look at that part of your code.

(output started at D:\home\Default\jimswalemusic.com\htdocs\php\pw.php:9)

Posted: Thu Oct 28, 2004 9:41 am
by attackle98
line 9 in pw.php is this: <?php

Posted: Thu Oct 28, 2004 9:53 am
by kettle_drum
Is there any spaces before that? Go back with your arrow keys and make sure there are no spaces.

Posted: Thu Oct 28, 2004 10:10 am
by attackle98
i deleted everything else except that php statement <?php include "password_protect_page.php"; ?> and i deleted the beginning html tags in the other php program and it works now sweet thanks for helping me

Posted: Thu Oct 28, 2004 10:20 am
by attackle98
just one more hard question probably not for you but on the site i got the script from they said it would be simple where i could store the usernames and passwords in a db just wondering how i could do it

Posted: Thu Oct 28, 2004 1:07 pm
by kettle_drum
Well for a single user like the script has at the moment you would simply need to replace:

Code: Select all

$admin_user_name = "admin"; 
$admin_password = "pass";
With code that got those values from a database. if you want multiple users then you have to use the username the user entered to get the password from the database that is for that user and then compair them.

Im sure there are already many scripts out there that do this kind of thing...if i have time later i might whip up a class to do all this.

Posted: Mon Nov 01, 2004 8:52 am
by attackle98
umm well i dont know how to do db's if anyone could help it would be very much appreciated