Need help with basic password-protect page

#1

Hi,

I need assistance getting a password-protect page to work for my portfolio site. Currently, the password protect page allows users to go through even if they enter the wrong password. Can anyone assist? I don’t have previous experience with PHP, this is modified code I found online.

The live site: https://www.starchevsky.com/pwo.php
(code pasted below)

Thanks!

   <?php


$password = "";

if(isset($_POST['submit'])) {


$password = $_POST['password'];
header('location: http://www.starchevsky.com/pwo.html');

if($password != "design6020") {

$error['password'] = "Please re-enter the password.";

}

}

?>

<!DOCTYPE html>

<html>

<head>
      
	<meta name="robots" content="noindex">
    <meta charset="utf-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
	<meta name="description" content="Product Designer with 13 years of experience leading projects for clients large and small, including Google, Bank of America, and Chick-fil-A."/>
    <title>Tatiana Starchevsky</title>
	<link href="https://fonts.googleapis.com/css2?family=Montserrat&family=Prata&display=swap" rel="stylesheet">
	<link rel="shortcut icon" href="img/favicon.ico" />    
    <link rel="stylesheet" href="lib/css/foundation.css" />
    <link rel="stylesheet" href="lib/css/style.css" />
	<link rel="stylesheet" href="lib/css/app.css" />
    
    <style>
 
      input[type=text] {
        border: 2px solid #ccc;
        border-radius: 4px;
        border-style:solid;
        -webkit-appearance: none;
        box-shadow: inset 0px 0px 0px 0px red;
      }
        
      input[type=button],
      input[type=submit] {
        background-color: #d50634;
        border: none;
        color: #fff;
        padding: 15px 30px;
        text-decoration: none;
        margin: 4px 2px;
        border-radius: 4px;
        cursor: pointer;
      } 
	  
		input:hover[type="submit"] 
		{
			background: #000;
		}
      
    </style>
 	</head>

<body>

<em><?php if($password == "design6020") { 

    header('location: http://www.starchevsky.com/pwo.html');
?></em>
	

<!-- PROTECTED INFORMATION GOES HERE -->

<?php } else { ?>

   <section id="headernav"> 
      <div class="grid-x">
          <div class="cell small-6 name">
            <a href="index.html">Tatiana Starchevsky</a>
          </div>
          <div class="cell small-6">
            <ul class="menu align-right">
              <li><a ref="index.html">Projects</a></li>
              <li><a href="mailto:[email protected]">Contact</a></li>
            </ul>
          </div>
      </div>
    </section> 
	
    <section>
        <div class="grid-x align-center align-middle">
          <div class="large-6 small-6 cell">              
              
              <br><br><br><br>
              <h3>Password Protected</h3>
              <br>                
              <p>At the client's request, this project is password protected.</p>
              <small>Please <a href="mailto:[email protected]">email me</a> if you need access.</small>
              <br><br>

              
<?php foreach($error as $errors) {

echo "<p style='color: red;'>".$errors."</p>";

}

?>

<form name="login" action="pwo.php" method="post">


<p>


<input type="text" id="password" class="password" name="password" placeholder="Password" value="<?php if(isset($password)) { echo $password; } ?>"> <input type="submit" name="submit" value="Submit">
    
</p>

<?php } ?>

</form> 

          
</div>

</section> 

     

    <script src="js/vendor/jquery.js"></script>
    <script src="js/vendor/what-input.js"></script>
    <script src="js/vendor/foundation.js"></script>
    <script src="js/app.js"></script>


</body>

</html>
#2

Well you are doing nothing if it is the wrong password.

You have the HTML content outside of the PHP password checking snippet…

Move that to an else{} statemnt on your current if() statement…

OR just exit the page after the password is found to be false.

#4

What is this line supposed to be for:

header(‘location: http://www.starchevsky.com/pwo.html’);

You ave this line right after assigning the submitted password?

And then again further down in the code?

Outside of that oddity…

What should be happening here?

You only seem to check against this ‘password’:

design6020

If they put that in… then you are redirecting them somewhere else…

if they dont put that password in… then you tell them it is ‘wrong’…

before code is giving… EXPLAIN what it is you want done here…

#6

Web servers are stateless. They don’t know anything outside of the current http request they are servicing. When you authenticate a user, you must remember who the logged in user is. The simplest way of doing this is to store the user’s id in a session variable. You would then test for the existence of this session variable on each page request to control what the visitor can see and do on any page. This requires that the protected page be a .php page.

#7

Even if you dont know code, you should be able to explain what you want to happen.

So if someone enters in a password… you want to redirect them to your chic-fil-a menu?

Perhaps this will work for you:

<?

$password = "";

if(isset($_POST['submit'])) {
	$password = $_POST['password'];
	
	//if passwordis correct (redirect)
	if($password == "design6020") { 
		//redirect (cant have output anything to page for it to work)
		header('location: http://www.starchevsky.com/pwo.html');

	//if($password != "design6020") {
	}else{
		//set error message and display form again
		$error['password'] = "Please re-enter the password.";
	}

}

?>

<!DOCTYPE html>

<html>

	<head>
		  
		
		<meta name="robots" content="noindex">
		<meta charset="utf-8" />
		<meta name="viewport" content="width=device-width, initial-scale=1.0" />
		<meta name="description" content="Product Designer with 13 years of experience leading projects for clients large and small, including Google, Bank of America, and Chick-fil-A."/>
		<title>Tatiana Starchevsky</title>
		<link href="https://fonts.googleapis.com/css2?family=Montserrat&family=Prata&display=swap" rel="stylesheet">
		<link rel="shortcut icon" href="img/favicon.ico" />    
		<link rel="stylesheet" href="lib/css/foundation.css" />
		<link rel="stylesheet" href="lib/css/style.css" />
		<link rel="stylesheet" href="lib/css/app.css" />
		
		
		<style>
	 
		  input[type=text] {
			border: 2px solid #ccc;
			border-radius: 4px;
			border-style:solid;
			-webkit-appearance: none;
			box-shadow: inset 0px 0px 0px 0px red;
		  }
			
		  input[type=button],
		  input[type=submit] {
			background-color: #d50634;
			border: none;
			color: #fff;
			padding: 15px 30px;
			text-decoration: none;
			margin: 4px 2px;
			border-radius: 4px;
			cursor: pointer;
		  } 
		  
			input:hover[type="submit"] 
			{
				background: #000;
			}
		  
		</style>
	</head>

	<body>

		<section id="headernav"> 
			<div class="grid-x">
				<div class="cell small-6 name">
					<a href="index.html">Tatiana Starchevsky</a>
				</div>
				<div class="cell small-6">
					<ul class="menu align-right">
						<li><a ref="index.html">Projects</a></li>
						<li><a href="mailto:[email protected]">Contact</a></li>
					</ul>
				</div>
			</div>
		</section> 
		
		<section>
			<div class="grid-x align-center align-middle">
				<div class="large-6 small-6 cell">              
				  
					<br><br><br><br>
					<h3>Password Protected</h3>
					<br>                
					<p>At the client's request, this project is password protected.</p>
					<small>Please <a href="mailto:[email protected]">email me</a> if you need access.</small>
					<br><br>

				  
					<?
					if($error['password'] != ''){
						
						foreach($error as $errors) {
							echo "<p style='color: red;'>".$errors."</p>";
						}
					}

					?>

					<form name="login" action="<?=$_SERVER['PHP_SELF']?>?mode=submit" method="post">
						<p>
							<input type="password" id="password" class="password" name="password" placeholder="Password" value="<?php if(isset($password)) { echo $password; } ?>"> 
							<br>
							
							<input type="submit" name="submit" value="Submit">
						</p>

	
					</form> 

			  
				</div>

			</section> 

		 
		
		<script src="js/vendor/jquery.js"></script>
		<script src="js/vendor/what-input.js"></script>
		<script src="js/vendor/foundation.js"></script>
		<script src="js/app.js"></script>
		


	</body>

</html>
Sponsor our Newsletter | Privacy Policy | Terms of Service