Linking password protection

[Ubernoober]

Hello again, everybody.
Got another quandary.....Is there a way to password protect a link on a page, so that if, for example, I have a website that deals with some of my art, I can leave open the links for the art pages, but password protect a "Family Photos" link, so that not just anyone anywhere can see my family photos?......I've looked around a bit, but I'm still relatively new to this. Any help would be appreciated, and thanks!

[Twey]

That depends.
Which webserver are you running? Do you have any server-side languages? Do you have full access to the webserver and its settings?

[Ubernoober]

Well, you are talking a bit over my head, but here are some specs-

Red Hat Linux 7.2, Apache
Multiple OC3 & OC12 Connections, Tier 1 Provider
FrontPage, SSI, PHP, CGI, mod-perl, Apache ASP, SSL, Web statistics, Apache ErrorDocs

I have 1gb of webspace, and 24.7gb transfer per month.

I use Plesk 7.0.4 to login and edit my website, and I have pretty much full access to everything having to do with it. If I need to change something in the actual server, I can contact my hoster, I've done some work for him in the past, so we are on good terms, he hosts me for free. I was just hoping there would be a way I could link it to a password popup thing, and if you don't type in the right password, you get booted back to the homepage.

[Twey]

You can, but it's not a good idea. Javascript password protection is very insecure, and when you have PHP available anyway, it's better to use that.

PHP Code:

<?php
# security.inc.php (in the same directory as your pages)

$mypass = "yourPassGoesHere";

$prompt = <<<END

<html>
<head>
<title>Please enter password</title>
</head>
<body>
<form action="
END;

$prompt .= $_SERVER['HTTP_REFERER'];

$prompt .= <<<END
" method="post">
<input type="password" name="password"/>
<input type="submit" value="OK"/>
</form>
</body>
</html>
END;

session_start();
if(isset($_POST['password'])) {
if($_POST['password'] != $mypass) {
die(
$prompt);
} else {
session_register("password");
if($_POST['password'] == $mypass) $_SESSION['password'] = $_POST['password'];
}
} else if(!$_SESSION['password']) {
die($prompt);
}
?>

Edit as needed.

Then include it at the top of your protected .php page like so:
<?php include("security.inc.php"); ?>

Note that this way, when the user enters the password once, s/he won't have to enter it again to use any page that includes security.inc.php if s/he has cookies enabled. If you want another login for other pages, you must create another include page, and change every instance of "password" to something else.

[QuizToon]

Hi Twey

Just searched and found this thread. This is what I want but when i followed your instrction i got a parse error as follows.

Parse error: parse error, unexpected T_SL in /home/sites/patdoran.co.uk/public_html/news/security.inc.php on line 6


any ideas on whats the problem here

[Twey]

Works fine here... what version of PHP are you running?

[QuizToon]

Works fine here... what version of PHP are you running?

It is PHP 4.3.11

I just tried it again in case i copied it incorrectly but got the same error

[Twey]

Hm... try this.

Code:

<?php
# security.inc.php (in the same directory as your pages)

$mypass = "yourPassGoesHere";

function prompt() {
?>
<html>
<head>
<title>Please enter password</title>
</head>
<body>
<form action="<?php echo($_SERVER['HTTP_REFERER']); ?>" method="post">
<input type="password" name="password"/>
<input type="submit" value="OK"/>
</form>
</body>
</html>
<?php
  return "";
}

session_start();
if(isset($_POST['password'])) {
if($_POST['password'] != $mypass) {
die(
$prompt);
} else {
session_register("password");
if($_POST['password'] == $mypass) $_SESSION['password'] = $_POST['password'];
}
} else if(!$_SESSION['password']) {
die(prompt());
}
?>

[QuizToon]

yup that got

thanks very much

Can always rely on you to help me out

[Twey]

Anyone know when here-document was introduced into PHP?