Page 1 of 1

Help w/ phpSecurePages

Posted: Tue Jun 18, 2002 9:29 pm
by ChristinaB
I need some help with phpSecurePages, a user authentication system. I have some teachers that are looking for a way to login and update their lesson plans, photo gallery, etc. Now there is suppose to be a way to login and it will automatically direct the teacher to their specific page based on the login. However, when I try to login as one of them, the page returns blank. There's a lot of code and I appreciate anyone's help.


This is the secure.php file...the configuration.

Code: Select all

<?php
/**************************************************************/
/*              phpSecurePages version 0.27 beta              */
/*           Written by Paul Kruyt - phpSP@xs4all.nl          */

/****** Installation ******/
$cfgProgDir =  '/aaohs/phpSecurePages/';
  // location of phpSecurePages calculated from the root of the server
  // Example: if you installed phpSecurePages on http://www.mydomain.com/phpSecurePages/
  // the value would be $cfgProgDir = '/phpSecurePages/'
$cfgIndexpage = '/index.php';
  // page to go to, if login is cancelled
  // Example: if your main page is http://www.mydomain.com/index.php
  // the value would be $cfgIndexpage = '/index.php'
$admEmail = '';
  // E-mail adres of the site administrator
  // (This is being showed to the users on an error, so you can be notified by the users)
$noDetailedMessages = true;
  // Show detailed error messages (false) or give one single message for all errors (true).
  // If set to 'false', the error messages shown to the user describe what went wrong.
  // This is more user-friendly, but less secure, because it could allow someone to probe
  // the system for existing users.
//$passwordEncryptedWithMD5 = false;		// Set this to true if the passwords are encrypted with the
                                          // MD5 algorithm
                                          // (not yet implanted, expect this in a next release)
$languageFile = 'lng_english.php';        // Choose the language file
$bgImage = 'bg_lock.gif';                 // Choose the background image
$bgRotate = true;                         // Rotate the background image from list
                                          // (This overrides the $bgImage setting)


/****** Lists ******/
// List of backgrounds to rotate through
$backgrounds&#1111;] = 'bg_lock.gif';
$backgrounds&#1111;] = 'bg_lock2.gif';
$backgrounds&#1111;] = 'bg_gun.gif';


/****** Database ******/
$useDatabase = false;                     // choose between using a database or data as input

/* this data is necessary if a database is used */
$cfgServerHost = 'localhost';             // MySQL hostname
$cfgServerPort = '';                      // MySQL port - leave blank for default port
$cfgServerUser = '';                  // MySQL user
$cfgServerPassword = '';                  // MySQL password

$cfgDbDatabase = '';        // MySQL database name containing phpSecurePages table
$cfgDbTableUsers = '';         // MySQL table name containing phpSecurePages user fields
$cfgDbLoginfield = '';                // MySQL field name containing login word
$cfgDbPasswordfield = '';         // MySQL field name containing password
$cfgDbUserLevelfield = '';       // MySQL field name containing user level
  // Choose a number which represents the category of this users authorization level.
  // Leave empty if authorization levels are not used.
  // See readme.txt for more info.
$cfgDbUserIDfield = 'primary_key';        // MySQL field name containing user identification
  // enter a distinct ID if you want to be able to identify the current user
  // Leave empty if no ID is necessary.
  // See readme.txt for more info.


/****** Database - PHP3 ******/
/* information below is only necessary for servers with PHP3 */
$cfgDbTableSessions = 'phpSP_sessions';
  // MySQL table name containing phpSecurePages sessions fields
$cfgDbTableSessionVars = 'phpSP_sessionVars';
  // MySQL table name containing phpSecurePages session variables fields


/****** Data ******/
$useData = true;                          // choose between using a database or data as input

/* this data is necessary if no database is used */
$cfgLogin&#1111;1] = 'Test1';                        // login word
$cfgPassword&#1111;1] = 'test1';                     // password
$cfgUserLevel&#1111;1] = '1';                    // user level
  // Choose a number which represents the category of this users authorization level.
  // Leave empty if authorization levels are not used.
  // See readme.txt for more info.
$cfgUserID&#1111;1] = '001';                       // user identification
  // enter a distinct ID if you want to be able to identify the current user
  // Leave empty if no ID is necessary.
  // See readme.txt for more info.

$cfgLogin&#1111;2] = 'Test2';
$cfgPassword&#1111;2] = 'test2';
$cfgUserLevel&#1111;2] = '2';
$cfgUserID&#1111;2] = '002';

$cfgLogin&#1111;3] = '';
$cfgPassword&#1111;3] = '';
$cfgUserLevel&#1111;3] = '';
$cfgUserID&#1111;3] = '';


/**************************************************************/
/*             End of phpSecurePages Configuration            */
/**************************************************************/


// https support
if (getenv("HTTPS") == 'on') &#123;
	$cfgUrl = 'https://';
&#125; else &#123;
	$cfgUrl = 'http://';
&#125;

// getting other login variables
$cfgHtmlDir = $cfgUrl . getenv("HTTP_HOST") . $cfgProgDir;
$cfgProgDir = getenv("DOCUMENT_ROOT") . $cfgProgDir;
if ($message) $messageOld = $message;
$message = false;

// Create a constant that can be checked inside the files to be included.
// This gives an indication if secure.php has been loaded correctly.
define("LOADED_PROPERLY", true);

// include functions and variables
function admEmail() &#123;
	// create administrators email link
	global $admEmail;
	return("<A HREF='mailto:$admEmail'>$admEmail</A>");
&#125;

include($cfgProgDir . "lng/" . $languageFile);
include($cfgProgDir . "session.php");


// choose between login or logout
if ($logout && !($HTTP_GET_VARS&#1111;"logout"] || $HTTP_POST_VARS&#1111;"logout"])) &#123;
	// logout
	include($cfgProgDir . "logout.php");
&#125; else &#123;
	// loading login check
	include($cfgProgDir . "checklogin.php");
&#125;
?>

This the interface page, where the teachers would login.

Code: Select all

<?PHP
//  ------ create table variable ------
// variables for Netscape Navigator 3 & 4 are +4 for compensation of render errors
$Browser_Type  =  strtok($HTTP_USER_AGENT,  "/");
if ( ereg( "MSIE", $HTTP_USER_AGENT) || ereg( "Mozilla/5.0", $HTTP_USER_AGENT) || ereg ("Opera/5.11", $HTTP_USER_AGENT) ) &#123;
	$theTable = 'WIDTH="400" HEIGHT="245"';
&#125; else &#123;
	$theTable = 'WIDTH="404" HEIGHT="249"';
&#125;

// ------ create document-location variable ------
if ( ereg("php\.exe", $PHP_SELF) || ereg("php3\.cgi", $PHP_SELF) || ereg("phpts\.exe", $PHP_SELF) ) &#123;
	// $documentLocation = $HTTP_ENV_VARS&#1111;"PATH_INFO"];
	$documentLocation = getenv("PATH_INFO");
&#125; else &#123;
	$documentLocation = $PHP_SELF;
&#125;
if ( getenv("QUERY_STRING") ) &#123;
	$documentLocation .= "?" . getenv("QUERY_STRING");
&#125;

?>
<html><head>
	<meta name="author" content="Paul Kruyt">
	<meta name="reply-to" content="kruyt@email.com">
	<meta name="description" content="<?PHP echo $strLoginInterface; ?>">
	<meta name="keywords" content="<?PHP echo $strLogin; ?>">
	<title><?PHP echo $strLoginInterface; ?></title>
	
<SCRIPT LANGUAGE="JavaScript">
<!--
//  ------ check form ------
function checkData() &#123;
	var f1 = document.forms&#1111;0];
	var wm = "<?PHP echo $strJSHello; ?>\n\r\n";
	var noerror = 1;

	// --- entered_login ---
	var t1 = f1.entered_login;
	if (t1.value == "" || t1.value == " ") &#123;
		wm += "<?PHP echo $strLogin; ?>\r\n";
		noerror = 0;
	&#125;

	// --- entered_password ---
	var t1 = f1.entered_password;
	if (t1.value == "" || t1.value == " ") &#123;
		wm += "<?PHP echo $strPassword; ?>\r\n";
		noerror = 0;
	&#125;

	// --- check if errors occurred ---
	if (noerror == 0) &#123;
		alert(wm);
		return false;
	&#125;
	else return true;
&#125;
//-->
</SCRIPT>

<style type="text/css">
<!-- 
A:hover.link &#123;
	background-color: #E9E9E9;
&#125;
//-->
</style>
</head>

<body bgcolor="White" TEXT="Black"><center>
<form action='<?PHP echo $documentLocation; ?>' METHOD="post" onSubmit="return checkData()">
<TABLE WIDTH="100%" HEIGHT="100%" CELLPADDING="0" CELLSPACING="0"><TR><TD ALIGN="center" VALIGN="middle">

	<!-- Place your logo here -->

	<TABLE <?PHP echo $theTable; ?> CELLPADDING="0" CELLSPACING="0" BACKGROUND="<?PHP echo $cfgHtmlDir; ?>images/<?PHP echo $bgImage; ?>"><TR><TD ALIGN="center" VALIGN="middle">
		<TABLE CELLPADDING="4" WIDTH="100%" HEIGHT="100%" BACKGROUND="">
		<TR><TD ALIGN="center" COLSPAN="2"><h1><?PHP echo $strLoginInterface; ?></h1></TD></TR>
		<TR><TD ALIGN="center" COLSPAN="2">
			<B><I><NOBR><?PHP
			// check for error messages
			if ($message) &#123;
				echo $message;
			&#125; ?></NOBR></I></B>
		</TD></TR>
		<tr><TD VALIGN="bottom"><A HREF="<?PHP echo $cfgUrl . getenv("HTTP_HOST") . $cfgIndexpage; ?>" TABINDEX="2">
			<IMG SRC="<?PHP echo $cfgHtmlDir; ?>images/cancel.gif" ALIGN="left" WIDTH="22" HEIGHT="23" ALT="<?PHP echo $strCancel; ?>" BORDER=0 hspace=10 vspace=4></A>
		</TD>
		<td ALIGN="right" VALIGN="bottom">
			<table cellpadding=4 cellspacing=1 BACKGROUND="">
			<tr><td><B><FONT FACE="Arial,Helvetica,sans-serif" SIZE="-1"><?PHP echo $strLogin; ?>: </FONT></B></td>
			<td> <INPUT TYPE="text" NAME="entered_login" STYLE="font-size: 9pt;" TABINDEX="1"></td></tr>
			<tr><td><B><FONT FACE="Arial,Helvetica,sans-serif" SIZE="-1"><?PHP echo $strPassword; ?>: </FONT></B></td>
			<td> <INPUT TYPE="password" NAME="entered_password" STYLE="font-size: 9pt;" TABINDEX="1"></td></tr>
			</table>
			<INPUT TYPE=image src="<?PHP echo $cfgHtmlDir; ?>images/enter.gif" WIDTH="26" HEIGHT="23" border=0 hspace=7 vspace=4 alt="<?PHP echo $strEnter; ?>   >>>" TABINDEX="1">
		</td></tr></table>
	</TD></TR></TABLE>
	<!-- ------ Copyright line starts here ------
	(if this software is used for free (not allowed for commercial use)
	this line may NOT be removed or altered in such a way that it becomes
	less (or un-) readable). -->
	<FONT FACE="Verdana,Geneva,Arial,Helvetica,sans-serif" SIZE="-2"><?PHP echo $strPoweredBy; ?> <B><A HREF="http://www.phpSecurePages.f2s.com/" TITLE="phpSecurePages <?PHP echo $strInfo; ?>" TARGET="_blank" CLASS="link">phpSecurePages</A></B></FONT>
	<!-- ------ Copyright line ends here ------ -->
</TD></TR></TABLE>
</form>
</center>

<SCRIPT LANGUAGE="JavaScript">
<!--
document.forms&#1111;0].entered_login.select();
document.forms&#1111;0].entered_login.focus();
//-->
</SCRIPT>
</body></html>
This is the code I am placing on the teacher's pages to tell the configuration file who is allowed where.

Code: Select all

<?PHP $requiredUserLevel = array(1); include("aaohs/phpSecurePages/secure.php"); ?>
And the important parts of the readme file:
------- installation ------
- Extract the files in the directory 'phpSecurePages' on your server.
- Make sure that all .php files are handled by the server through the PHP parser.
- Edit the configuration in the file 'secure.php' --> (see section 'configuration').
- Put the required lines of code on your HTML pages --> (see section 'workings').
- If you use a database (required for PHP3) then create the required tables. --> (see section 'MySQL').


------- configuration ------
Edit the file 'secure.php' to change the configuration. Make sure you read the comments added on each row.
- First provide the required information about the installation of this program.
- Then choose if you want to use a database, or just put the login data in this configuration file (this can be used for PHP3 and for PHP4, PHP3 however still needs two tables for handeling session-data). If both are set to 'true', then the database is used. Note that it is possible to use more then 3 accounts of data in the configuration file. Just add more blocks of variables, while incrementing the indexnumber of the array.
- Enter the required information for your chosen method.
- The usage of user levels is optional. Just leave it empty if you decide not to use it.
- The same is true for user ID, they are also optional. Just leave it empty if you decide not to use it.
- Do not change the information below 'End of phpSecurePages Configuration' or in the other PHP files, unless you know what you're doing.

After that, add the required code to your HTML pages as described in the section 'workings' below.


------ workings ------
For examples of the described workings, look into the code of the provided test files. These are not necessary for the working of this application, and can safely be deleted if you might want too.

To make a page safe, without the use of user levels, simply add the following line as the very first line of every page:
<?PHP include("phpSecurePages/secure.php"); ?>

Above line is only correct with a default installation of course. If you installed the program elsewhere on the server, make sure you change the address accordingly, so that it points to the configuration file. When someone now tries to view this page, he/she is first asked to login, before the page is showed.


--- workings: user levels ---
If you want to use different user levels, then you must first group your users in different groups and give a number to each group (don't use 0). Then decide which group is allowed to view each page. Instead of the above line, add the following line (in which you put the allowed user groups) at the top of each page:
<?PHP $requiredUserLevel = array(1); include("phpSecurePages/secure.php"); ?>

Example: If you have 4 user groups and group 1 and 3 are allowed to view a certain page, then the code would be as followed:
<?PHP $requiredUserLevel = array(1, 3); include("phpSecurePages/secure.php"); ?>

Furthermore, since version 0.19 it is also possible to supply a minimal required user level. If the user has a higher level than the supplied number, he is also allowed access. To accomplish that all users of level 5 and higher are allowed, the following code should be used:
<?PHP $minUserLevel = 5; include("phpSecurePages/secure.php"); ?>

Both methods can be used simulationously, for instance the following code gives access to the users of level 2, 4 & 6 and higher:
<?PHP $requiredUserLevel = array(2, 4); $minUserLevel=6; include("phpSecurePages/secure.php"); ?>
Sorry if this is a bother for anyone, but I'm a newbie to this and these teachers were really hoping to be able to update their lesson plans and such through the 'net. Thank you to anyone who helps with this. Have a wonderful day!