Page is blank after login
Posted: Wed Oct 15, 2008 12:10 pm
I have some coding experience, though not with PHP, and I've been trying to understand this code to modify it for my purposes. It has been 3 days now, and I am running out of time. So I throw myself at the mercy of the php forum.
This is a login script that is intended to intercept traffic to protected pages and direct the user to a sign in page. Once the user is signed in, the script sets a cookie and proceeds to the original destination. When accessing subsequent protected pages, the script recognizes the cookie and does not display the login page.
I have the script set up to work the way it is intended. I would ALSO like to have a log in form on the index page. Everything is set up, only now the index page is blank if the user is logged in. I would really, really like to use this script if it is possible to adjust it so that the page will still display even if the log in cookie is found.
Here is the code (I have substitued some generic placeholders and stripped out the html portion of the page):
Thanks in advance for any advice.
This is a login script that is intended to intercept traffic to protected pages and direct the user to a sign in page. Once the user is signed in, the script sets a cookie and proceeds to the original destination. When accessing subsequent protected pages, the script recognizes the cookie and does not display the login page.
I have the script set up to work the way it is intended. I would ALSO like to have a log in form on the index page. Everything is set up, only now the index page is blank if the user is logged in. I would really, really like to use this script if it is possible to adjust it so that the page will still display even if the log in cookie is found.
Here is the code (I have substitued some generic placeholders and stripped out the html portion of the page):
Code: Select all
<?php
error_reporting(E_ALL);
ini_set('display_errors',TRUE);
// Add login/password pairs below
$LOGIN_INFORMATION = array(
'user' => 'password',
);
$REDIRECTS = array(
'user' => 'http://www.example.com/gohere.php'
);
// request login? true - show login and password boxes, false - password box only
define('USE_USERNAME', true);
// User will be redirected to this page after logout
define('LOGOUT_URL', 'http://www.example.com/nowgohere.php');
// time out after NN minutes of inactivity. Set to 0 to not timeout
define('TIMEOUT_MINUTES', 0);
// This parameter is only useful when TIMEOUT_MINUTES is not zero
// true - timeout time from last activity, false - timeout time from login
define('TIMEOUT_CHECK_ACTIVITY', true);
// timeout in seconds
$timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60);
// logout?
if(isset($_GET['logout'])) {
setcookie("verify", '', $timeout, '/'); // clear password;
header('Location: ' . LOGOUT_URL);
exit();
}
if(!function_exists('showLoginPasswordProtect')) {
// show login form
function showLoginPasswordProtect($error_msg) {
?>
.....TOP PART OF MY PAGE.....
<form method="post">
<font color="red"><?php echo $error_msg; ?></font><br />
<?php if (USE_USERNAME) echo 'Login:<br /><input type="input" name="access_login" /><br />Password:<br />'; ?>
<input type="password" name="access_password" /><p></p><input type="submit" name="Submit" value="Submit" />
</form>
.....BOTTOM PART OF MY PAGE.....
<?php
// stop at this point
die();
}
}
// user provided password
if (isset($_POST['access_password'])) {
$login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
$pass = $_POST['access_password'];
if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION)
|| (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass ) )
) {
showLoginPasswordProtect("Incorrect user name or password. Please try again.");
}
else {
// set cookie if password was validated
setcookie("verify", md5($login.'%'.$pass), $timeout, '/');
// Some programs (like Form1 Bilder) check $_POST array to see if parameters passed
// So need to clear password protector variables
unset($_POST['access_login']);
unset($_POST['access_password']);
unset($_POST['Submit']);
header('Location: '.$REDIRECTS[$login]); exit();
}
}
else {
// check if password cookie is set
if (!isset($_COOKIE['verify'])) {
showLoginPasswordProtect("");
}
// check if cookie is good
$found = false;
foreach($LOGIN_INFORMATION as $key=>$val) {
$lp = (USE_USERNAME ? $key : '') .'%'.$val;
if ($_COOKIE['verify'] == md5($lp)) {
$found = true;
// prolong timeout
if (TIMEOUT_CHECK_ACTIVITY) {
setcookie("verify", md5($lp), $timeout, '/');
}
break;
}
}
if (!$found) {
showLoginPasswordProtect("");
}
}
?>