[RESOLVED] Username problem

strega

Hello, ( yes I'm a newbie )

I've this weird problem.
I got from the internet a script wich secures webpages.
( In my case /protected.php )
On the secured page I wrote this

$login

That stands for the username that has been used.
When you just log in , you can see the username, but when you go another directory on that page ( e.g. /protected.php?example ) you can't see the username anymore.
Here are the scripts, they might clear up my problem :o

<?php

###############################################################
# Page Password Protect 2.13
###############################################################
# Visit http://www.zubrag.com/scripts/ for updates
############################################################### 
#
# Usage:
# Set usernames / passwords below between SETTINGS START and SETTINGS END.
# Open it in browser with "help" parameter to get the code
# to add to all files being protected. 
#    Example: password_protect.php?help
# Include protection string which it gave you into every file that needs to be protected
#
# Add following HTML code to your page where you want to have logout link
# <a href="http://www.example.com/path/to/protected/page.php?logout=1">Logout</a>
#
###############################################################

/*
-------------------------------------------------------------------
SAMPLE if you only want to request login and password on login form.
Each row represents different user.

$LOGIN_INFORMATION = array(
  'zubrag' => 'root',
  'test' => 'testpass',
  'admin' => 'passwd'
);

--------------------------------------------------------------------
SAMPLE if you only want to request only password on login form.
Note: only passwords are listed

$LOGIN_INFORMATION = array(
  'root',
  'testpass',
  'passwd'
);

--------------------------------------------------------------------
*/

##################################################################
#  SETTINGS START
##################################################################

// Add login/password pairs below, like described above
// NOTE: all rows except last must have comma "," at the end of line
$LOGIN_INFORMATION = array(
  'strega' => 'somepass'

);

// request login? true - show login and password boxes, false - password box only
define('USE_USERNAME', true);

// User will be redirected to this page after logout
define('LOGOUT_URL', 'http://www.eod.ycn-hosting.com/');

// time out after NN minutes of inactivity. Set to 0 to not timeout
define('TIMEOUT_MINUTES', 0);

// This parameter is only useful when TIMEOUT_MINUTES is not zero
// true - timeout time from last activity, false - timeout time from login
define('TIMEOUT_CHECK_ACTIVITY', true);

##################################################################
#  SETTINGS END
##################################################################


///////////////////////////////////////////////////////
// do not change code below
///////////////////////////////////////////////////////

// show usage example
if(isset($_GET['help'])) {
  die('Include following code into every page you would like to protect, at the very beginning (first line):<br>&lt;?php include("' . str_replace('\\','\\\\',__FILE__) . '"); ?&gt;');
}


// timeout in seconds
$timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60);

// logout?
if(isset($_GET['logout'])) {
  setcookie("verify", '', $timeout, '/'); // clear password;
  header('Location: ' . LOGOUT_URL);
  exit();
}

if(!function_exists('showLoginPasswordProtect')) {

// show login form
function showLoginPasswordProtect($error_msg) {
?>
<html>
<head>
  <title>Please enter password to access this page.</title>
  <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
  <META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<style type='text/css'>
a {
text-decoration:none; 
} 

a:link {
color: white; 
} 

a:visited {
color: white;
} 

a:hover {
color: orange;
} 

a:active {
color: orange;
}
</style>
</head>
<body text="white" bgcolor="1e1e1e">
<center>
<a href='protected.php?news'>News!</a> <font color='red'>|</font> <a href='protected.php?rekening'>Rekening!</a> <font color='red'>|</font> <a href='protected.php?voorstellen'>Voorstellen!</a>
<p>
<hr width='100%' size='1px'>
<p>
<center>
  <style>
    input { border: 1px solid white; background-color: transparent; color: white; }
  </style>
  <div style="width:500px; margin-left:auto; margin-right:auto; text-align:center">
  <form method="post">
    <h3>Please enter password to access this page</h3>
    <font color="red"><?php echo $error_msg; ?></font><br />
<?php if (USE_USERNAME) echo 'Login:<br /><input type="input" name="access_login" /><br />Password:<br />'; ?>
    <input type="password" name="access_password" /><p></p><input type="submit" name="Submit" value="Submit" />
  </form>
  <br />
  </div>
<hr size="1px">
</center>
</body>
</html>

<?php
  // stop at this point
  die();
}
}

// user provided password
if (isset($_POST['access_password'])) {

  $login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
  $pass = $_POST['access_password'];
  if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION)
  || (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass ) ) 
  ) {
    showLoginPasswordProtect("Incorrect password.");
  }
  else {
    // set cookie if password was validated
    setcookie("verify", md5($login.'%'.$pass), $timeout, '/');

// Some programs (like Form1 Bilder) check $_POST array to see if parameters passed
// So need to clear password protector variables
unset($_POST['access_login']);
unset($_POST['access_password']);
unset($_POST['Submit']);
  }

}

else {

  // check if password cookie is set
  if (!isset($_COOKIE['verify'])) {
    showLoginPasswordProtect("");
  }

  // check if cookie is good
  $found = false;
  foreach($LOGIN_INFORMATION as $key=>$val) {
    $lp = (USE_USERNAME ? $key : '') .'%'.$val;
    if ($_COOKIE['verify'] == md5($lp)) {
      $found = true;
      // prolong timeout
      if (TIMEOUT_CHECK_ACTIVITY) {
        setcookie("verify", md5($lp), $timeout, '/');
      }
      break;
    }
  }
  if (!$found) {
    showLoginPasswordProtect("");
  }

}

?>

This was the script to protect pages.

<?php include("/gsadmin/var/websites/eod.ycn-hosting.com/betalingen/protected/password_protect.php"); ?>
<?php
echo "
<html>
<head>
<title>Protected Pages!</title>
<style type='text/css'>
a {
text-decoration:none; 
} 

a:link {
color: white; 
} 

a:visited {
color: white;
} 

a:hover {
color: orange;
} 

a:active {
color: orange;
}
</style>
</head>
<body bgcolor='1e1e1e' text='white'>
<center>
<a href='protected.php?news'>News!</a> <font color='red'>|</font> <a href='protected.php?rekening'>Rekening!</a> <font color='red'>|</font> <a href='protected.php?voorstellen'>Voorstellen!</a> <font color='red'>|</font> <a href='protected.php?logout=1'>Logout $login</a>
<p>
<hr width='100%' size='1px'>
<p>
</center>
";
?>
<?php
if(isset($_GET['rekening'])) 
{
  die('
<center>
<h1>Rekening!</h1>
</center>
some text
<hr size="1px">
</body>
</html>
');
}
if(isset($_GET['news'])) 
{
  die('
  <center>
<h1>News!</h1>
</center>
More text<hr size="1px">
');
}
if(isset($_GET['voorstellen'])) 
{
  die("
  <center>
<h1>Voorstellen!</h1>
</center>
Type hier welke mappen je op de server zou willen hebben.
<table>
<tr>
<td valign='top'>
    <FORM METHOD=POST ACTION='shoutbox.php'> 
    <TABLE> 
    <TR> 
        <TD>Naam :</TD> 
        <TD><input type='text' name='author' value='$login' readonly='yes'>
    </TR> 
    <TR> 
        <TD>Bericht :</TD> 
        <TD><textarea NAME='message' cols='20' rows='5' wrap='hard'></textarea></TD> 
    </TR> 
    <TR> 
        <TD></TD> 
        <TD><INPUT TYPE='submit' name='submit' value='Post'><input type='reset' value='Reset' /></TD> 
    </TR> 
    </TABLE> 
    </FORM>
	</td>
	<td>
<img src='reddot.png' height='500px' width='1px'><IFRAME src='shoutbox.php' width='300' height='500' frameborder='0' scroll='auto'></IFRAME></td>
	</tr>
</table>
<hr size='1px'>
");
}
?>
<?php
echo "<center>Kies een pagina</center><br><hr size='1px'>"
?>

This was the script of the protected page.
The 2 $login words in the second script are the problem.

Plz help 🙂 Thx,
Regards

djjjozsi

Hello,

if you would like to modify the program despite this

///////////////////////////////////////////////////////
// do not change code below
///////////////////////////////////////////////////////

read this, to reach the username's value from other pages:

in your login script this $login variable is alive when you post your username and password Only,
after you select the news, it disappeared.

You have to add into a $_COOKIE['login'] variable the username value, after this line:

    setcookie("verify", md5($login.'%'.$pass), $timeout, '/');

like this:

  	setcookie("login", $login, $timeout, '/');

And on other pages after including this protector .php file,
lets create the username's value from the stored COOKIE

$login= $_COOKIE["login"];

strega

Thank you verry much ! 😃
That really did help me a lot 🙂

Regards

strega

Another question,

Is it also possible to put something on the page wich shows who is online.
E.g. when there are 3 people online, to see the 3 used usernames.
Is that possible ?

Regards

djjjozsi

strega;10896811 wrote:
Another question,

Is it also possible to put something on the page wich shows who is online.
E.g. when there are 3 people online, to see the 3 used usernames.
Is that possible ?

Regards

Yes, its possible 🙂

lets see this
http://phptool.extra.hu/784.rar

Hy,jjozsi