annotate e2gallerypro/e2upload/password_protect.php @ 26:c8377029b338 judyates

fixes.
author Robert McIntyre <rlm@mit.edu>
date Sat, 18 Apr 2015 21:22:59 -0700
parents 3f6b44aa6b35
children
rev   line source
rlm@3 1 <?php
rlm@3 2
rlm@3 3 ###############################################################
rlm@3 4 #
rlm@3 5 # Page Password Protect 2.13
rlm@3 6 # MODIFIED FOR INCORPORATION WITH e2 Photo Gallery
rlm@3 7 # Name of cookie set has been changed from original script writers default to a specific name of e2verify
rlm@3 8 # Some instructions and notifications on this page have been altered to make things more clear
rlm@3 9 # Authors original login form has been altered to match original e2 login form
rlm@3 10 #
rlm@3 11 ###############################################################
rlm@3 12 # Visit http://www.zubrag.com/scripts/ for original unmodified script and updates
rlm@3 13 ###############################################################
rlm@3 14 # Usage:
rlm@3 15 # Set usernames / passwords below between SETTINGS START and SETTINGS END.
rlm@3 16 # Place Script inside e2 Photos gallery uploader folder
rlm@3 17 # Add include of this script to all files being protected on VERY FIRST LINE ON PAGE
rlm@3 18 # Example: include ('password_protect.php);
rlm@3 19 #
rlm@3 20 # Add following HTML code to your page where you want to have logout link
rlm@3 21 # <a href="http://www.example.com/path/to/protected/page.php?logout=1">Logout</a>
rlm@3 22 #
rlm@3 23 ###############################################################
rlm@3 24
rlm@3 25 /*
rlm@3 26 -------------------------------------------------------------------
rlm@3 27 SAMPLE if you only want to request login and password on login form.
rlm@3 28 Each row represents different user.
rlm@3 29 Each row requires a comma in the end of it execpt the last
rlm@3 30
rlm@3 31 $LOGIN_INFORMATION = array(
rlm@3 32 'zubrag' => 'root',
rlm@3 33 'test' => 'testpass',
rlm@3 34 'admin' => 'passwd'
rlm@3 35 );
rlm@3 36
rlm@3 37 --------------------------------------------------------------------
rlm@3 38 SAMPLE if you only want to request only password on login form so only passwords are listed and required to login
rlm@3 39 Note: You will have to modify line 59 of this code to read false, and replace lines 52-56 with the sample array below
rlm@3 40
rlm@3 41 $LOGIN_INFORMATION = array(
rlm@3 42 'root',
rlm@3 43 'testpass',
rlm@3 44 'passwd'
rlm@3 45 );
rlm@3 46
rlm@3 47 --------------------------------------------------------------------
rlm@3 48 */
rlm@3 49
rlm@3 50 ///////////////////////////////////////////////////////
rlm@3 51 // do not change code below
rlm@3 52 ///////////////////////////////////////////////////////
rlm@3 53
rlm@3 54 // show usage example
rlm@3 55 if(isset($_GET['help'])) {
rlm@3 56 die('Include following code into every page you would like to protect, at the very beginning (first line):<br>&lt;?php include("' . str_replace('\\','\\\\',__FILE__) . '"); ?&gt;');
rlm@3 57 }
rlm@3 58
rlm@3 59 // timeout in seconds
rlm@3 60 $timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60);
rlm@3 61
rlm@3 62 // logout?
rlm@3 63 if(isset($_GET['logout'])) {
rlm@3 64 setcookie("e2verify", '', $timeout, '/'); // clear password;
rlm@3 65 header('Location: ' . LOGOUT_URL);
rlm@3 66 exit();
rlm@3 67 }
rlm@3 68
rlm@3 69 if(!function_exists('showLoginPasswordProtect')) {
rlm@3 70
rlm@3 71 // show login form
rlm@3 72 function showLoginPasswordProtect($error_msg) {
rlm@3 73 ?>
rlm@3 74 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
rlm@3 75 <html xmlns="http://www.w3.org/1999/xhtml">
rlm@3 76
rlm@3 77 <head profile="http://gmpg.org/xfn/11">
rlm@3 78 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
rlm@3 79 <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
rlm@3 80 <META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
rlm@3 81 <title>(E)2 Gallery Pro Log In</title>
rlm@3 82 <link href="rsrc/style.css" rel="stylesheet" type="text/css">
rlm@3 83 <style type="text/css">
rlm@3 84 <!--
rlm@3 85 body{
rlm@3 86 font:16px "Trebuchet MS", Verdana, Arial, sans-serif;
rlm@3 87 background: #F1F1F1 url(images/bodybg.png) repeat-x top center;
rlm@3 88 }
rlm@3 89 #login #header {
rlm@3 90 background-image: url(images/loginheader.png);
rlm@3 91 background-repeat: no-repeat;
rlm@3 92 background-position: center top;
rlm@3 93 height: 72px;
rlm@3 94 width: 260px;
rlm@3 95 }
rlm@3 96 #login {
rlm@3 97 width: 260px;
rlm@3 98 margin: 25px auto;
rlm@3 99 }
rlm@3 100 #login #loginform {
rlm@3 101 margin: 0px auto;
rlm@3 102 padding: 9px;
rlm@3 103 width: 220px;
rlm@3 104 background: #E1E1E1;
rlm@3 105 border-left: solid 1px #CCC;
rlm@3 106 border-right: solid 1px #CCC;
rlm@3 107 border-bottom: solid 1px #CCC;
rlm@3 108 -moz-border-radius: 0 0 10px 10px;
rlm@3 109 -webkit-border-bottom-left-radius: 10px;
rlm@3 110 -webkit-border-bottom-right-radius: 10px;
rlm@3 111 -khtml-border-bottom-left-radius: 10px;
rlm@3 112 -khtml-border-bottom-right-radius: 10px;
rlm@3 113 border-bottom-left-radius: 10px;
rlm@3 114 border-bottom-right-radius: 10px;
rlm@3 115 }
rlm@3 116 input{
rlm@3 117 width:98%;
rlm@3 118 font:16px "Trebuchet MS", Verdana, Arial, sans-serif;
rlm@3 119 }
rlm@3 120 #login #loginform h2 {
rlm@3 121 margin: 0px;
rlm@3 122 padding: 0px;
rlm@3 123 }
rlm@3 124 -->
rlm@3 125 </style>
rlm@3 126 </head>
rlm@3 127 <body>
rlm@3 128 <div id="login">
rlm@3 129 <div id="header"></div>
rlm@3 130 <div id="loginform">
rlm@3 131 <h2>Login</h2>
rlm@3 132 <font color="red"><?php echo $error_msg; ?></font><br />
rlm@3 133 <form name="form1" method="post" action="<?php echo $_SERVER['PHP_SELF'] ;?>">
rlm@3 134 <?php if (USE_USERNAME) echo '<label id="username"><strong>Username</strong></label><br /><input type="text" name="access_login"><br /><br />'; ?>
rlm@3 135 <label id="password"><strong>Password</strong></label><br />
rlm@3 136 <input type="password" name="access_password"><br /><br />
rlm@3 137 <input type="submit" name="submit" value="Login">
rlm@3 138 </form>
rlm@3 139 </div>
rlm@3 140 </div>
rlm@3 141 </body>
rlm@3 142 </html>
rlm@3 143
rlm@3 144 <?php
rlm@3 145 // stop at this point
rlm@3 146 die();
rlm@3 147 }
rlm@3 148 }
rlm@3 149
rlm@3 150 // user provided password
rlm@3 151 if (isset($_POST['access_password'])) {
rlm@3 152
rlm@3 153 $login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
rlm@3 154 $pass = $_POST['access_password'];
rlm@3 155 if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION)
rlm@3 156 || (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass ) )
rlm@3 157 ) {
rlm@3 158 showLoginPasswordProtect("Incorrect login information.");
rlm@3 159 }
rlm@3 160 else {
rlm@3 161 // set cookie if password was validated
rlm@3 162 setcookie("e2verify", md5($login.'%'.$pass), $timeout, '/');
rlm@3 163
rlm@3 164 // Some programs (like Form1 Bilder) check $_POST array to see if parameters passed
rlm@3 165 // So need to clear password protector variables
rlm@3 166 unset($_POST['access_login']);
rlm@3 167 unset($_POST['access_password']);
rlm@3 168 unset($_POST['Submit']);
rlm@3 169 }
rlm@3 170
rlm@3 171 }
rlm@3 172
rlm@3 173 else {
rlm@3 174
rlm@3 175 // check if password cookie is set
rlm@3 176 if (!isset($_COOKIE['e2verify'])) {
rlm@3 177 showLoginPasswordProtect("");
rlm@3 178 }
rlm@3 179
rlm@3 180 // check if cookie is good
rlm@3 181 $found = false;
rlm@3 182 foreach($LOGIN_INFORMATION as $key=>$val) {
rlm@3 183 $lp = (USE_USERNAME ? $key : '') .'%'.$val;
rlm@3 184 if ($_COOKIE['e2verify'] == md5($lp)) {
rlm@3 185 $found = true;
rlm@3 186 // prolong timeout
rlm@3 187 if (TIMEOUT_CHECK_ACTIVITY) {
rlm@3 188 setcookie("e2verify", md5($lp), $timeout, '/');
rlm@3 189 }
rlm@3 190 break;
rlm@3 191 }
rlm@3 192 }
rlm@3 193 if (!$found) {
rlm@3 194 showLoginPasswordProtect("");
rlm@3 195 }
rlm@3 196
rlm@3 197 }
rlm@3 198
rlm@3 199 ?>