password protect submit button????

pipereamer

I have a form for adding and deleting favorite links using a flat file. I am trying to add password protection to the delete button.

I found this code, added it to a new php page and added the: include ("./p_protect.php"); to the exisiting php page that had the script for deleteing the link.

Whats happening is the password box appears and when you enter the user and password it just starts over. It never goes to the rest of the code to delete the link. also if you put in the incorrect user and or password it doesnt send the email to my account.

any ideas?

Heres the code for the p_protect.php page. then the code for the drop_link.php page.

//===============================
put the following line in the PHP page you want to protect:include ("./p_protect.php");
//===============================

<?php

$selfSecure = 1;
$shellUser = "demo";
$shellPswd = "demo";

$adminEmail = "admin email here";
$fromEmail = $HTTP_SERVER_VARS["SERVER_ADMIN"];

$Version = "Your details here (for example The Webmaster - webmaster@xxx.com)";
if($selfSecure){
if (($PHP_AUTH_USER!=$shellUser)||($PHP_AUTH_PW!=$shellPswd)) {
Header('WWW-Authenticate: Basic realm="MCE Web ADMIN only!"');
Header('HTTP/1.0 401 Unauthorized');
echo "<html>
<head>
<title>Error - Access Denied</title>
</head>
<h1>Access denied</h1>
A warning message has been sent to the webmaster. Your IP address has also been recorded
<hr>
<em>$Version</em>";
if(isset($PHP_AUTH_USER)){
$warnMsg ="
Somebody tried to access the script on: [url]http://[/url]".$HTTP_SERVER_VARS["HTTP_HOST"]."$PHP_SELF
using the wrong username or password:

Date: ".date("Y-m-d H:i:s")."
IP: ".$HTTP_SERVER_VARS["REMOTE_ADDR"]."
User Agent: ".$HTTP_SERVER_VARS["HTTP_USER_AGENT"]."
username used: $PHP_AUTH_USER
password used: $PHP_AUTH_PW

   ";
      mail($adminEmail,"Unauthorized Access",$warnMsg,
      "From: $fromEmail\nX-Mailer:$Version AutoWarn System");
   }
   exit;
}

}

if(!$oCols)$oCols=$termCols;
if(!$oRows)$oRows=$termRows;

drop page code

<?
include ("./p_protect.php");
import_request_variables("gP");

$message ="Link Not Found";

if($drop_url){

	$links_file = file("links.txt");

	foreach($links_file as $line){

		$bits = explode("\t", $line);

		$bits[2] = rtrim($bits[2]);

		$bits[1] = rtrim($bits[1]);

		if($bits[1] != $drop_url && $bits[2] != $drop_url){

			$new_file[] = $line;

		}

		else{

			$message = "Link Deleted";

		}

	}

	$new_links = fopen("links.txt","w+");

	foreach($new_file as $link){

		fwrite($new_links, $link);

	}

	fclose($new_links);

}

header("Location:index.php?message=$message");

vaaaska

It's easier than that...you could do one of two things to make this alot easier, but they might not apply to what you need...anyways...

1) Why protect the submit button. If you have some kind of user authentication in place why don't you create a permission for that. So if a user has delete=1 from the database then and only then will the Delete button appear on the page.

if ($user['delete'] == '1') {
echo "<input type=button etc...

2) if you don't have an authentication system in place you could so something similar on the submit (but you should probably add a javascript confirm letting people know that they must have the right password for things to work). Some simple like this on your delete query...first of all put the password field(s) on your page...

if ($delete) {
if ($password == 'thepassword') {
mysql ("DELETE...etc)
header('location:page.php?msg=Good');
}
header('location:page.php?msg=Bad');
}

If the password isn't right nothing will happen except the page will come back to the same place. You might add something to tell the user it was successful or not as well...

Good luck...v