incorrect password?

forcer

i have a small 'private' place on my server where i store some things. but it cannot be accessed till u enter a password.

the password form code is:
<form name="form1" method="post" action="index1.php">
<p align="left">
<?php if ($error) echo '<p><font size="2" face="Courier New, Courier, mono"><strong>Password Incorrect</strong></font></p>'; ?>
Password:
<input name="pass" type="password" id="pass">
</p>
<p>
<input name="Enter" type="submit" id="Enter" value="Submit">
</p>
</form>

this takes u to index1.php

at the top of index1.php it has:

<?php if ($pass == "l3g3nd") { ?>

and at the bottom it has:

<?php } else header('Location: index.php?error=1'); ?>

and of course has that on every other page.

but my problem is its asking for the password to be entered on everypage. so are my only choices removing the password protection or entering the password for EVERY page i want to access? or is there a way it can store the session so it only asks once maybe? i dont know😕 i'm a bit of a noob any help appreciated

Zack

you can set a cookie or do sessions... i prefer sessions...

after your code:

<? if ($pass == your pass) {

insert cookie code... then have everypage look for the cookie (isset). if the cookie is set, then you can see the page... else error...

forcer

how advanced is the cookie code, never worked with em b4

kevinsequeira

try using sessions, if you are not sure how to use sessions read the manual at
http://www.php.net/manual/en/function.session-register.php

and follow the links on the left nav bar

reg
kevin

Zack

not very...

off the top of my head, it looks something like this:

<?php



/* cookie for user login */
setcookie("cookiename","cookievalue",(time() + (3600 * 24 * 365 * 1)),"/");
header("Location: user_index.php");



/* checks for cookie and prints diferent text depending */
if (isset($cookiename))
  {
     print "Welcome back $userFirstName!"
  }
else
  {
     print "Welcome to our site. Please login or register an account."
  }



?>

m_tt

You could do something similar to this... untested just spitting stuff out

session_start();
if (session_is_registered("auth_user"))   {
   # User is logged in...
} else {
   # User is not logged in.. show form
   # Verify form here... after user/pass is verified
   # Register the auth_user session with
   session_register("auth_user");
   # Then refresh the page...
   header("Location: " . $_SERVER['PHP_SELF']);
}

m_tt

For Zacks idea, you should probably use $_COOKIE['cookiename'] because of register_globals.. if they are off $cookiename will not be found.

Zack

thanks for the correction... i, too was just spitting it out...

forcer

thanx for the help