Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 8 of 8
  1. #1
    Regular Coder
    Join Date
    May 2009
    Posts
    813
    Thanks
    123
    Thanked 24 Times in 24 Posts

    Form needed newbie

    I have not done any php but I am making a website that needs a username and password form on one or two pages. This would be the same username and password for all, so I would not need a database even if I could do one.

    How would I start to make this form? I have a form script but I dont think it will work, as the form bit is confusing.

    I do not want the form to time out if not used. I know there must be an easier way to do this form, it is for a charity and I am not getting paid. If anyone can help or direct me to some login scripts, much appreciated.

    Code:
    <?php
    // Add login/password pairs below, like described above
    // NOTE: all rows except last must have comma "," at the end of line
    $LOGIN_INFORMATION = array(
      'editor' => 'lee261',
    );
    
    // request login? true - show login and password boxes, false - password box only
    define('USE_USERNAME', true);
    
    // User will be redirected to this page after logout
    define('LOGOUT_URL', 'http://www.example.com/');
    
    // time out after NN minutes of inactivity. Set to 0 to not timeout
    define('TIMEOUT_MINUTES', 0);
    
    // This parameter is only useful when TIMEOUT_MINUTES is not zero
    // true - timeout time from last activity, false - timeout time from login
    define('TIMEOUT_CHECK_ACTIVITY', true);
    
    if(isset($_GET['help'])) {
      die('Include following code into every page you would like to protect, at the very beginning (first line):<br>&lt;?php include("' . str_replace('\\','\\\\',__FILE__) . '"); ?&gt;');
    }
    
    $timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60);
    
    // logout?
    if(isset($_GET['logout'])) {
      setcookie("verify", '', $timeout, '/'); // clear password;
      header('Location: ' . LOGOUT_URL);
      exit();
    }
    
    if(!function_exists('showLoginPasswordProtect')) {
    
    // show login form
    function showLoginPasswordProtect($error_msg) {
    ?>
    <html>
    <head>
    <title>Please enter password to access this page</title>
    <meta http-equiv="cache-control" content="no cache">
    <meta http-equiv="pragma" content="no-cache">
    </head>
    <body>
    <div id="login_form">
    <form method="post">
    <h3>Please enter username and password to access the admin area</h3>
    
    <?php echo $error_msg; ?><br>
    
    <?php if (USE_USERNAME) echo 'Login:<br />
    
    <input type="username" name="access_login" /><br />Username:'; ?><br>
    <input type="password" name="access_password">
    <input type="submit" name="Submit" value="Submit">
    </form>
    <br>
    <a href="http://www.zubrag.com/scripts/password-protect.php" title="Download Password Protector">Powered by Password Protect</a>
    </div>
    </body>
    </html>
    <?php
      // stop at this point
      die();
    }
    }
    // user provided password
    if (isset($_POST['access_password'])) {
      $login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
      $pass = $_POST['access_password'];
      if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION)
      || (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass ) ) 
      ) {
        showLoginPasswordProtect("Incorrect password.");
      }
      else {
        // set cookie if password was validated
        setcookie("verify", md5($login.'%'.$pass), $timeout, '/');
    // Some programs (like Form1 Bilder) check $_POST array to see if parameters passed
    // So need to clear password protector variables
        unset($_POST['access_login']);
        unset($_POST['access_password']);
        unset($_POST['Submit']);
      }
    }
    
    else {
      // check if password cookie is set
      if (!isset($_COOKIE['verify'])) {
        showLoginPasswordProtect("");
      }
      // check if cookie is good
      $found = false;
      foreach($LOGIN_INFORMATION as $key=>$val) {
        $lp = (USE_USERNAME ? $key : '') .'%'.$val;
        if ($_COOKIE['verify'] == md5($lp)) {
          $found = true;
          // prolong timeout
          if (TIMEOUT_CHECK_ACTIVITY) {
            setcookie("verify", md5($lp), $timeout, '/');
          }
          break;
        }
      }
      if (!$found) {
        showLoginPasswordProtect("");
      }
    
    }
    
    ?>


    This form is now scraped
    Last edited by quartzy; 12-07-2010 at 12:14 PM. Reason: Cancel

  • #2
    UE Antagonizer Fumigator's Avatar
    Join Date
    Dec 2005
    Location
    Utah, USA, Northwestern hemisphere, Earth, Solar System, Milky Way Galaxy, Alpha Quadrant
    Posts
    7,691
    Thanks
    42
    Thanked 637 Times in 625 Posts
    The easiest and quickest way to password protect a webpage is with HTTP Authentication.

    http://php.net/manual/en/features.http-auth.php

  • #3
    Regular Coder
    Join Date
    May 2009
    Posts
    813
    Thanks
    123
    Thanked 24 Times in 24 Posts

    re

    The link you gave sounds just what I need, but the link you gave does not tell me how to set it up. Any ideas? I just want one username and one password, a pop up on the page would be good.

  • #4
    UE Antagonizer Fumigator's Avatar
    Join Date
    Dec 2005
    Location
    Utah, USA, Northwestern hemisphere, Earth, Solar System, Milky Way Galaxy, Alpha Quadrant
    Posts
    7,691
    Thanks
    42
    Thanked 637 Times in 625 Posts
    Google "php http authentication tutorial", you'll find something.

    Here's one I googled up that steps you through it:

    http://forums.tizag.com/showthread.php?t=994

  • #5
    Regular Coder
    Join Date
    May 2009
    Posts
    813
    Thanks
    123
    Thanked 24 Times in 24 Posts

    re

    Thanks for that, I will try with the one you suggested, but I dont know where to put the php. Is this right?
    Code:
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    
    <?php
    
    $user = 'editor';
    $pass = 'lee261';
    
    function httpauth(){
       header('WWW-Authenticate: Basic realm="Lee Oasis"');
       header('HTTP/1.0 401 Unauthorized');
       echo 'Not recognised, please try again';
       exit;
    }
    
    while($_SERVER['PHP_AUTH_USER'] != $user && $_SERVER['PHP_AUTH_PW'] != $pass){
    httpauth();
    }
    ?>
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
    <title>Images</title>
    </head>
    <body>
    </body>
    </html>
    That the php is placed just after the html, if the correct user and pass is entered, would the login box disappear to reveal the page of images? If so that would be brilliant.

  • #6
    UE Antagonizer Fumigator's Avatar
    Join Date
    Dec 2005
    Location
    Utah, USA, Northwestern hemisphere, Earth, Solar System, Milky Way Galaxy, Alpha Quadrant
    Posts
    7,691
    Thanks
    42
    Thanked 637 Times in 625 Posts
    The PHP code goes up top, before any HTML is output.

  • #7
    Regular Coder
    Join Date
    May 2009
    Posts
    813
    Thanks
    123
    Thanked 24 Times in 24 Posts

    re

    Thanks, the script is sort of working now, I am not getting an 500 message. But there is something else that is wrong as a notice comes up on the page for line 13 which is this:
    Code:
    while($_SERVER['PHP_AUTH_USER'] != $user && $_SERVER['PHP_AUTH_PW'] != $pass)
    {
    httpauth();
    }
    The webpage is saying undefined index for both the password and username. So I wonder what path should I put it in? At the moment it is just with all of my other webpages. Should I add it outside of the root folder for instance? Really appreciate your help.
    Last edited by quartzy; 12-08-2010 at 03:45 PM.

  • #8
    Regular Coder
    Join Date
    May 2009
    Posts
    813
    Thanks
    123
    Thanked 24 Times in 24 Posts

    re

    I have just found out that this code will not work on an Windows IIS server, so back to the drawing board.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •