...

View Full Version : Form needed newbie



quartzy
12-07-2010, 12:43 PM
I have not done any php but I am making a website that needs a username and password form on one or two pages. This would be the same username and password for all, so I would not need a database even if I could do one.

How would I start to make this form? I have a form script but I dont think it will work, as the form bit is confusing.

I do not want the form to time out if not used. I know there must be an easier way to do this form, it is for a charity and I am not getting paid. If anyone can help or direct me to some login scripts, much appreciated.



<?php
// Add login/password pairs below, like described above
// NOTE: all rows except last must have comma "," at the end of line
$LOGIN_INFORMATION = array(
'editor' => 'lee261',
);

// request login? true - show login and password boxes, false - password box only
define('USE_USERNAME', true);

// User will be redirected to this page after logout
define('LOGOUT_URL', 'http://www.example.com/');

// time out after NN minutes of inactivity. Set to 0 to not timeout
define('TIMEOUT_MINUTES', 0);

// This parameter is only useful when TIMEOUT_MINUTES is not zero
// true - timeout time from last activity, false - timeout time from login
define('TIMEOUT_CHECK_ACTIVITY', true);

if(isset($_GET['help'])) {
die('Include following code into every page you would like to protect, at the very beginning (first line):<br>&lt;?php include("' . str_replace('\\','\\\\',__FILE__) . '"); ?&gt;');
}

$timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60);

// logout?
if(isset($_GET['logout'])) {
setcookie("verify", '', $timeout, '/'); // clear password;
header('Location: ' . LOGOUT_URL);
exit();
}

if(!function_exists('showLoginPasswordProtect')) {

// show login form
function showLoginPasswordProtect($error_msg) {
?>
<html>
<head>
<title>Please enter password to access this page</title>
<meta http-equiv="cache-control" content="no cache">
<meta http-equiv="pragma" content="no-cache">
</head>
<body>
<div id="login_form">
<form method="post">
<h3>Please enter username and password to access the admin area</h3>

<?php echo $error_msg; ?><br>

<?php if (USE_USERNAME) echo 'Login:<br />

<input type="username" name="access_login" /><br />Username:'; ?><br>
<input type="password" name="access_password">
<input type="submit" name="Submit" value="Submit">
</form>
<br>
<a href="http://www.zubrag.com/scripts/password-protect.php" title="Download Password Protector">Powered by Password Protect</a>
</div>
</body>
</html>
<?php
// stop at this point
die();
}
}
// user provided password
if (isset($_POST['access_password'])) {
$login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
$pass = $_POST['access_password'];
if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION)
|| (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass ) )
) {
showLoginPasswordProtect("Incorrect password.");
}
else {
// set cookie if password was validated
setcookie("verify", md5($login.'%'.$pass), $timeout, '/');
// Some programs (like Form1 Bilder) check $_POST array to see if parameters passed
// So need to clear password protector variables
unset($_POST['access_login']);
unset($_POST['access_password']);
unset($_POST['Submit']);
}
}

else {
// check if password cookie is set
if (!isset($_COOKIE['verify'])) {
showLoginPasswordProtect("");
}
// check if cookie is good
$found = false;
foreach($LOGIN_INFORMATION as $key=>$val) {
$lp = (USE_USERNAME ? $key : '') .'%'.$val;
if ($_COOKIE['verify'] == md5($lp)) {
$found = true;
// prolong timeout
if (TIMEOUT_CHECK_ACTIVITY) {
setcookie("verify", md5($lp), $timeout, '/');
}
break;
}
}
if (!$found) {
showLoginPasswordProtect("");
}

}

?>



This form is now scraped

Fumigator
12-07-2010, 06:06 PM
The easiest and quickest way to password protect a webpage is with HTTP Authentication.

http://php.net/manual/en/features.http-auth.php

quartzy
12-07-2010, 10:57 PM
The link you gave sounds just what I need, but the link you gave does not tell me how to set it up. Any ideas? I just want one username and one password, a pop up on the page would be good.

Fumigator
12-08-2010, 07:22 AM
Google "php http authentication tutorial", you'll find something.

Here's one I googled up that steps you through it:

http://forums.tizag.com/showthread.php?t=994

quartzy
12-08-2010, 01:31 PM
Thanks for that, I will try with the one you suggested, but I dont know where to put the php. Is this right?


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<?php

$user = 'editor';
$pass = 'lee261';

function httpauth(){
header('WWW-Authenticate: Basic realm="Lee Oasis"');
header('HTTP/1.0 401 Unauthorized');
echo 'Not recognised, please try again';
exit;
}

while($_SERVER['PHP_AUTH_USER'] != $user && $_SERVER['PHP_AUTH_PW'] != $pass){
httpauth();
}
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>Images</title>
</head>
<body>
</body>
</html>

That the php is placed just after the html, if the correct user and pass is entered, would the login box disappear to reveal the page of images? If so that would be brilliant.

Fumigator
12-08-2010, 04:10 PM
The PHP code goes up top, before any HTML is output.

quartzy
12-08-2010, 04:34 PM
Thanks, the script is sort of working now, I am not getting an 500 message. But there is something else that is wrong as a notice comes up on the page for line 13 which is this:

while($_SERVER['PHP_AUTH_USER'] != $user && $_SERVER['PHP_AUTH_PW'] != $pass)
{
httpauth();
}


The webpage is saying undefined index for both the password and username. So I wonder what path should I put it in? At the moment it is just with all of my other webpages. Should I add it outside of the root folder for instance? Really appreciate your help.

quartzy
12-08-2010, 05:50 PM
I have just found out that this code will not work on an Windows IIS server, so back to the drawing board.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum