newbie help needed (password protect)

Anon

I have put together a very basic password protection script. Its not very
secure , but it works ..well, sort of works 😉
It doesnt use a database, but a password file, i was going to htpasswd
protect somewhere...
My problem is ... what code can i enter on the hidden page, that will
prevent this from being accessed directly from a browser instead of
accessing through my login page?
I need to put some code on the page to not allow entry directly, but will
send the user back to login.php!

e.g. The login page is login.php . The page that is accessed once a valid
password is entered is secure_area.htm. What code can i put on
secure_area.htm that will send the user back to login.php if they try and
enter h**p://mydomain.com/secure_area.htm ??

Please forgive me if this is an ignorant question, i am a new newbie...just
looking for help!
Love PHP but could do with a hand here!

many thanks.
(plz excuse my bad english!)

Anon

One way to do it would be to use sessions. All you have to do is add this to the login page when they are authenticated:

session_start();
session_register("loggedin");
$loggedin="yes";

And add the following to the very top of all the pages that you want secured:

session_start();
if ($loggedin != "yes")
header("Location: login.php");

You would of course have to rename secured_area.htm to .php to have it parsed also.

Anon

Excellent! many thanks my friend, i will give it a go!

🙂

Anon

put this at the top of secure_area.htm

<?php

$ref = ("login.php"); //this is the page that you want users to come from

$headerref = getenv("HTTP_REFERER"); //http_referer will obtain the url of where user came from

//compare the two urls

if ( $headerref != $ref )

{

Anon

correction
put this at the top of secure_area.htm

<?php

$ref = ("login.php"); //this is the page that you want users to come from

$headerref = getenv("HTTP_REFERER"); //http_referer will obtain the url of where user came from

//compare the two urls

if ( $headerref != $ref )

{
?>

Anon

O`h man, I love you guys! I love this forum! I love PHP!
many thanks!!
(so many options now, i must get it to work!)

B-)

Anon

Richie, I just tried this and it nearly worked! 🙂
It redirects me back to the login.php everytime ... not just when correctly logged in though.

Anon

use an ELSE statement to tell it what to do when correctly logged in.

Anon

Richie, can i mail you what i have? (zip file 3.57 K😎
I think the problem is where my login page is just a form to the validation part of the script (secure.php)
TIA

Anon

I get these erroes when using this code:

Warning: Cannot send session cookie - headers already sent by (output started at /usr42/home/daveroon/public_html/test/php/siteadmin/editmain.php:5) in /usr42/home/daveroon/public_html/test/php/siteadmin/editmain.php on line 6

Warning: Cannot send session cache limiter - headers already sent (output started at /usr42/home/daveroon/public_html/test/php/siteadmin/editmain.php:5) in /usr42/home/daveroon/public_html/test/php/siteadmin/editmain.php on line 6

Warning: Cannot add header information - headers already sent by (output started at /usr42/home/daveroon/public_html/test/php/siteadmin/editmain.php:5) in /usr42/home/daveroon/public_html/test/php/siteadmin/editmain.php on line 8

Can anyone help??

Thanks
Dave

Anon

I need some help here, I have the same problem, my code is as follows ...

pages:
login.htm //contains login form
authenticate.php // contains security script
secure.php // my secure area

<form method="POST" action="authenticate.php">
username:<br>
<input type="text" name="username" size="20">
<br>
password:<br>
<input type="password" name="password" size="20"><br>
<input type="submit" value="Submit" name="submit">
</form>

authenticate.php:

<?php
$ref=("login.htm");
$headerref=getenv("HTTP_REFERER");
if($headerer != $ref) {
?>
<script language="javascript">
window.location="login.htm"
</script>
<?php
}
else
{
if($username == "USERNAME" && $password == "PASSWORD") {
$fp=fopen("http://mydomain.com/secure.php","r");
$data="";
while($data=fgets($fp,4096))
{
echo $data;
}
fclose($fp);
}
else
{
echo "ACCESS DENIED";
}
}
?>

My problem is in the beginning of authenticate.php ... the script will detect if I manually type in http://mydomain.com/authenticate.php ... however ... if I type in http://mydomain.com/login.htm ... successfully log in ... it still redirects me to the login.htm page.

where is my problem?

thanks for any help