Password protected page

5 posts by 2 authors in: Forums > CMS Builder
Last Post: November 1, 2010   (RSS)

By fleff - October 28, 2010

A real estate site: my client wants to have a password protected page for his agents only where they can download pdf files of deeds, field cards, etc. for each listing. I have set up a second details page (land_info.php) for this and it works fine from a link on the first (public) details page to the second (agents) one, passing along all the fields for that listing. My problem occurs when I add password code to the second page. The code I am using lops off the record number of the listing from its URL and the page goes to the first record instead. Is there some way of forcing the inclusion of the record number in the URL of the listing details page, such as "land_info.php?Array-17"? The password code is:

<?php


$Password = 'demo'; // Set your password here


if (isset($_POST['submit_pwd'])){
$pass = isset($_POST['passwd']) ? $_POST['passwd'] : '';

if ($pass != $Password) {
showForm("Wrong password");
exit();
}
} else {
showForm();
exit();
}

function showForm($error="LOGIN"){
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Micro Protector</title>
<link href="style/style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="main">
<div class="caption"><?php echo $error; ?></div>
<div id="icon">&nbsp;</div>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="pwd">
Password:
<table>
<tr><td><input class="text" name="passwd" type="password"/></td></tr>
<tr><td align="center"><br/>
<input class="text" type="submit" name="submit_pwd" value="Login"/>
</td></tr>
</table>
</form>
</div>
</body>

<?php
}
?>

* * * * *

Here is the code of the page generated by the password php script above for the user to enter the password and go to the second listing details page:

<div id="main">
<div class="caption">LOGIN</div>
<div id="icon">&nbsp;</div>

<form action="/land_info.php" method="post" name="pwd">
Password:
<table>
<tr><td><input class="text" name="passwd" type="password"/></td></tr>
<tr><td align="center"><br/>
<input class="text" type="submit" name="submit_pwd" value="Login"/>
</td></tr>
</table>
</form>
</div>

* * * * *

I tried to use htaccess but didn't get it to work.

Thanks,

Farnham

Re: [Jason] Password protected page

By fleff - October 30, 2010

Thanks, Jason. I agree with you that the problem lies with the line you cite. That is the line where I want to add the record number of the listing I am looking at.

On my land_details.php page there is a link to the page land_info.php that is to be password protected . That link, which works if no password requirement, looks like this:

<div align="center">
<?php if($record['field_card']):?>
<a href="land_info.php?<?php echo $record['field_card'] . '-'. $record['num']; ?>" border="0" class="agents_12b">(o)</a><br />
<?php endif ?>
</div>

At the very top of the land_info.php page I add this line of code to require a password before that page opens:

<?php require_once('microProtector.php'); ?>

It calls the Micro Protector script that I show at the top of this forum question that generates the password form that I would like to have take the user to the page land_info.php plus the record number for that listing.

The php code in the Micro Protector:
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="pwd">

only picks up the URL as far as the .php extension and leaves off the record number that I need there for that particular listing. Otherwise it goes to the first record.

I tried adding the record number this way, but it didn't work.
<form action="<?php echo $_SERVER['PHP_SELF'] . '-'. $record['num']; ?>" method="post" name="pwd">

I am new to php and am hoping there is some way to get this to work. Or is there a better way?

Farnham


Re: [fleff] Password protected page

By Jason - November 1, 2010

Hi Farnham,

$_SERVER['PHP_SELF'] will give you the file that you're executing, but it won't append the query string.

Try this line instead:
<form action="<?php echo $_SERVER['PHP_SELF']."?".$_SERVER['QUERY_STRING']; ?>" method="post" name="pwd">

Hope this helps.
---------------------------------------------------
Jason Sauchuk - Project Manager
interactivetools.com

Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/

Re: [Jason] Password protected page

By fleff - November 1, 2010

That did it, Jason! Thanks again for your great support.

Farnham