Simple Password Protection on DW page

I spoke too soon.  I had my husband type in the URL directly (the volunteers only page that is to be password protected) and the browser loaded the page.

I do have the following code at the very beginning of the page:

<?php  session_start() ?>

<?php

if (!isset($_SESSION['username']) && !isset($_SESSION['password'])) {

header("Location: http://www.soarraptors.org/passtest.php");

}

if (isset($_SESSION['username'])) {

unset($_SESSION['username']);

session_destroy();

}

if (isset($_SESSION['password'])) {

unset($_SESSION['password']);

session_destroy();

}

?>

What do I look for, what isn't right?  Would appreciate your help!

Linette

redtail_SOAR wrote: I spoke too soon.  I had my husband type in the URL directly (the volunteers only page that is to be password protected) and the browser loaded the page. I do have the following code at the very beginning of the page: <?php  session_start() ?> <?php if (!isset($_SESSION['username']) && !isset($_SESSION['password'])) { header("Location: http://www.soarraptors.org/passtest.php"); } if (isset($_SESSION['username'])) { unset($_SESSION['username']); session_destroy(); } if (isset($_SESSION['password'])) { unset($_SESSION['password']); session_destroy(); } ?> What do I look for, what isn't right?  Would appreciate your help! Linette

Did your husband sign in - get taken to the protected page - then type the protected pages url in the browser?

The session would still be live until the browser is completely closed down and rebooted.

I've just done a dummy test in a 'fresh' browser and get taken to your login page.

HINT: You also want to change the usernames and passwords (which I'm sure you were going to do in good time) right?

He doesn't think so...

So, it sounds like you got the page to behave as it should.  I had tested the page in Chrome... so I closed Chrome and relaunched.  I typed in the volunteer's URL directly and could see the page... I did not get redirected to the sign-in screen.

I just launched IE (which I don't use unless I have to) and typed the VolunteersOnly URL and it went directly to the page.

Husband just got done working... I opened IE on his computer and typed the VolunteersOnly URL and it went directly to the page.

Why, when we use a fresh / different browser we do not get rerouted to the login page?

Thanks for your help.  I'm going to unload step away from technology for a bit and let the 0s and 1s dribble out my ears.

Linette

Something is not right at the top of your 'protected' page.

Try just inserting the below first. It must be right at the top before any other code on the page and no spaces between the lines.

<?php  session_start() ?>

<?php

if (!isset($_SESSION['username']) && !isset($_SESSION['password'])) {

header("Location: http://www.soarraptors.org/passtest.php");

}

?>

Duh.......your protected page is not a php page it's an html page. It has to be a .php page. Just change the .html to .php and update any links to it then try gaining access directly again.

(php code won't work in an .html page)

I just changed the file type and uploaded... and closed out Chrome and

tried the direct URL and it went there, not to the login. Could it be that

I've not restarted the entire computer? Husband was across the hall...

we're using the same internet connection...

Shutting down and will look at this later. Thanks again.

AFAIK, Chrome does not clear session cookies on close unless you explicitly set it this way in advanced settings. IE probably does too. I believe this behavior was added to allow you to resume where you left off if your browser crashes.

So, make sure you keep your session timeout to a minimum.

>Could it be that I've not restarted the entire computer?

no

I had shut down the computer and just fired up again.  I opened Chrome and cleared data for the last four weeks... and entered the page URL that should be password protected and the page loaded... I did not clear data on Firefox... but hadn't used that browser to check this issue... and the page loaded...

<sigh>

redtail_SOAR wrote: I had shut down the computer and just fired up again.  I opened Chrome and cleared data for the last four weeks... and entered the page URL that should be password protected and the page loaded... I did not clear data on Firefox... but hadn't used that browser to check this issue... and the page loaded... <sigh>

It can get pretty confusing when testing because once you login the session is set. What you are most concerned about is 'external' people - those who won't have been able to login so the session will never be set.

I don't see anything wrong with the  'redirect' code that takes you to the login page IF the username  and password session variables have NOT been set. I tested the code in Firefox and Safari and it works for me. I haven't tested in Chrome but it would be no different - all browsers will treat this block of php code the same.

Regarding the landing page (VolunteersOnly)... I simply renamed the file

from a *.html to *.php in the My Documents area as opposed to going into DW

and doing a Save As. Is that okay to do it that way?

Thanks again for everyone's help. It's times like this that I realize that

I don't know what I don't know...

L.

redtail_SOAR wrote: Regarding the landing page (VolunteersOnly)... I simply renamed the file from a *.html to *.php in the My Documents area as opposed to going into DW and doing a Save As.  Is that okay to do it that way?

Yes that's fine.

What's happened to your login page - have you disabled it?

http://www.soarraptors.org/passtest.php

Oh my... help, please.

Now that I'm ready to add the Volunteer Login button to my DW template and upload... now I can no longer see the signin page...

In the DW template for my site... I added a button to the bottom of the vertical menu and linked that button to passtest.php  I also changed the password in the passtest.php page from the example 'elephant.'

I saved the template and applied to all my pages, but only uploaded one page of the site with the updated menu.  I uploaded to the server the password.php page.

I click on the Volunteers Only menu button and the browser takes me directly to VolunteersOnly.php and by-passed the login page.

Here is the code copy/pasted from the password.php page.  I'm about to scream... Is there something wrong with the code now?

When I type the direct url for the login page in Chrome... the error message says "the webpage has a redirect loop"  Please help me find that.

Thank you, thank you!

<?php  session_start() ?>

<?php

if (!isset($_SESSION['username']) && !isset($_SESSION['password'])) {

header("Location: http://www.soarraptors.org/passtest.php");

}

?>

if (isset($_SESSION['username'])) {

unset($_SESSION['username']);

session_destroy();

}

if (isset($_SESSION['password'])) {

unset($_SESSION['password']);

session_destroy();

}

?>

<?php  session_start() ?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />

<title>SOAR Login</title>

<?php

if (array_key_exists('ewTest' , $_POST)) {

$username = trim($_POST['username']);

$password = trim($_POST['password']);

if (($username == "SOAR_Volunteer") && ($password == "6bc_ieDw"))

{

$response = "Thank you! <a href='VolunteersOnly.php'>Enter Here</a>";

}

else {

$response = "Sorry, you do not have permission to access this webpage!";

}

}

?>

<style type="text/css">

#wrapper {

width: 250px;

padding: 40px;

margin: 40px auto;

background-color:#EADCAE;

font-family: verdana, arial, helvetica, sans-serif;

font-size: 12px;

}

#wrapper p {

margin: 0 0 0 0;

padding: 0;

text-align: center;

}

input {

width: 250px;

}

input#submit {

width: 100px;

margin: 15px 0 0 0;

}

</style>

</head>

<body>

<div id="wrapper">

  <h3><img src="Images/SOARAvatar_PP.jpg" width="100" height="100" hspace="75" vspace="10" />

  </h3>

  <h2>Please enter your Username & Password below. (Case sensitive)  </h2>

  <form id="form1" name="form1" method="post" action="passtest.php">

<label>Username</label><br />

<input type="text" name="username" id="username" value=""/><br />

<label>Password</label><br />

<input type="text" name="password" id="password" value=""/><br />

<input type="submit" name="ewTest" id="submit" value="Submit" />

</form>

<p style="margin-top: 10px;">

<?php if(isset($response)) echo $response;?>

</p>

</div>

</body>

</html>

We'd need to see the code on the page:  http://www.soarraptors.org/passtest.php

If the code you posted is from that page, then there's your answer. You are redirecting to the page that contains the redirect, causing a loop.

Please show me where I'm redirecting back to that page... I am incredibly naive with php...

<?php

if (!isset($_SESSION['username']) && !isset($_SESSION['password'])) {

header("Location: http://www.soarraptors.org/passtest.php");

}

?>

There's the redirection.

Okay... I removed this chunk of code from the top of passtest.php:

<?php  session_start() ?>

<?php

if (!isset($_SESSION['username']) && !isset($_SESSION['password'])) {

header("Location: http://www.soarraptors.org/passtest.php");

}

if (isset($_SESSION['username'])) {

unset($_SESSION['username']);

session_destroy();

}

if (isset($_SESSION['password'])) {

unset($_SESSION['password']);

session_destroy();

}

?>

Now I see the screen prompt for username and password. I enter the correct username and password and get the "please enter" but when I click on the link I am not redirected to the VolunteersOnly.php (protected) page but am sent back to the login.  The code above IS at the top of VolunteersOnly.php.

If type the protect page's url in directly... I get the login page (passtest.php)

Now there must be code missing on the protected page or the passtest.php?

Thank you!

Well... thank you... I re-read a post from osgood from December 2011 on page 1 of this thread and compared to my passtest.php and I had two lines of code missing.  I added those, refreshed, saved, and uploaded.

It seems to work...

Cross your fingers.

Thanks again... I so appreciate all the help!

Linette

Hello, I have inserted the script that is at the top of this forum into my Dreamweaver html page. Question: Where exactly do I put the password that I want within the script? I am new to this and need a little hand-holding. Are you able to show me through a sample password where it should go within the script? Please help. Thank you.

Hello,

--------- my answer was not needed, so I deleted it ---------

Hans-Günter

I copied and pasted the entire code and replaced the url in line $response = "Youre welcome! <a href='http://www.bbc.co.uk'>Enter Here</a>"; with mine http://www.tri-pirates.com/pirates_only.html and after typing the user name and password all I get is a white screen with the message 'No input file specified'. What am I doing wrong?

Any suggestions?

julioys wrote: I copied and pasted the entire code and replaced the url in line $response = "Youre welcome! <a href='http://www.bbc.co.uk'>Enter Here</a>"; with mine http://www.tri-pirates.com/pirates_only.html and after typing the user name and password all I get is a white screen with the message 'No input file specified'. What am I doing wrong? Any suggestions?

Did you paste the entire code into a php page and save that page as passtest.php ? This is a php script and will only run if you have php either running on your remote server or your local server.

Also anyone using this php password page script should use the revised version below: Note the addition of <?php  session_start() ?> at the top of the script and $_SESSION['username'] = $username; and $_SESSION['password'] = $password; in the script. (scroll to end of script to reason of additions)

Also you need to save the login page as passtest.php as the form submits to itself.

<?php  session_start() ?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />

<title>Untitled Document</title>

<?php

if (array_key_exists('ewTest' , $_POST)) {

$username = trim($_POST['username']);

$_SESSION['username'] = $username;

$password = trim($_POST['password']);

$_SESSION['password'] = $password;

if (($username == "Pink") && ($password == "Elephant"))

{

$response = "Youre welcome! <a href='http://www.bbc.co.uk'>Enter Here</a>";

}

else {

$response = "Sorry, you do not have permission to access this webpage!";

}

}

?>

<style type="text/css">

#wrapper {

width: 250px;

padding: 20px;

margin: 20px auto;

background-color:#CCC;

font-family: verdana, arial, helvetica, sans-serif;

font-size: 11px;

}

#wrapper p {

margin: 0 0 0 0;

padding: 0;

text-align: center;

}

input {

width: 250px;

}

input#submit {

width: 100px;

margin: 15px 0 0 0;

}

</style>

</head>

<body>

<div id="wrapper">

<p style="margin-bottom: 10px;">Please enter your Username & Password below. (Case sensitive)</p>

<form id="form1" name="form1" method="post" action="passtest.php">

<label>Username</label><br />

<input type="text" name="username" id="username" value=""/><br />

<label>Password</label><br />

<input type="text" name="password" id="password" value=""/><br />

<input type="submit" name="ewTest" id="submit" value="Submit" />

</form>

<p style="margin-top: 10px;">

<?php if(isset($response)) echo $response;?>

</p>

</div>

</body>

</html>

Reason for additional code:

If anyone guesses the url of your protected php page and goes directly to it, without the additional code., they will be able to access the information.

At the very top of the page you are trying to protect insert the below. If the pasword and username has not been set in the login page then you will be returned to the login page - passtest.php. (just change the url below to YOUR domain name and where you keep the passtest.php page

<?php  session_start() ?>

<?php

if (!isset($_SESSION['username']) && !isset($_SESSION['password'])) {

header("Location: http://www.yourDomainName.com/passtest.php");

}

if (isset($_SESSION['username'])) {

unset($_SESSION['username']);

session_destroy();

}

if (isset($_SESSION['password'])) {

unset($_SESSION['password']);

session_destroy();

}

?>

Hi osgood,

Would this work for a Mobile app? I am creating an app for IOS and android. I am trying to password protect just one page of the app. Do you know if PHP is supported by IOS and android? I am using dreamweaver JQuery Mobile and phone gap to build my app. Please let me know.

Thank you so much!!

Do you know if PHP is supported by IOS and android?

PHP is a server side language - there is no dependence on user agent type.