Mercurial > judyates
view e2gallerypro/e2upload/password_protect.php @ 26:c8377029b338 judyates
fixes.
author | Robert McIntyre <rlm@mit.edu> |
---|---|
date | Sat, 18 Apr 2015 21:22:59 -0700 |
parents | 3f6b44aa6b35 |
children |
line wrap: on
line source
1 <?php3 ###############################################################4 #5 # Page Password Protect 2.136 # MODIFIED FOR INCORPORATION WITH e2 Photo Gallery7 # Name of cookie set has been changed from original script writers default to a specific name of e2verify8 # Some instructions and notifications on this page have been altered to make things more clear9 # Authors original login form has been altered to match original e2 login form10 #11 ###############################################################12 # Visit http://www.zubrag.com/scripts/ for original unmodified script and updates13 ###############################################################14 # Usage:15 # Set usernames / passwords below between SETTINGS START and SETTINGS END.16 # Place Script inside e2 Photos gallery uploader folder17 # Add include of this script to all files being protected on VERY FIRST LINE ON PAGE18 # Example: include ('password_protect.php);19 #20 # Add following HTML code to your page where you want to have logout link21 # <a href="http://www.example.com/path/to/protected/page.php?logout=1">Logout</a>22 #23 ###############################################################25 /*26 -------------------------------------------------------------------27 SAMPLE if you only want to request login and password on login form.28 Each row represents different user.29 Each row requires a comma in the end of it execpt the last31 $LOGIN_INFORMATION = array(32 'zubrag' => 'root',33 'test' => 'testpass',34 'admin' => 'passwd'35 );37 --------------------------------------------------------------------38 SAMPLE if you only want to request only password on login form so only passwords are listed and required to login39 Note: You will have to modify line 59 of this code to read false, and replace lines 52-56 with the sample array below41 $LOGIN_INFORMATION = array(42 'root',43 'testpass',44 'passwd'45 );47 --------------------------------------------------------------------48 */50 ///////////////////////////////////////////////////////51 // do not change code below52 ///////////////////////////////////////////////////////54 // show usage example55 if(isset($_GET['help'])) {56 die('Include following code into every page you would like to protect, at the very beginning (first line):<br><?php include("' . str_replace('\\','\\\\',__FILE__) . '"); ?>');57 }59 // timeout in seconds60 $timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60);62 // logout?63 if(isset($_GET['logout'])) {64 setcookie("e2verify", '', $timeout, '/'); // clear password;65 header('Location: ' . LOGOUT_URL);66 exit();67 }69 if(!function_exists('showLoginPasswordProtect')) {71 // show login form72 function showLoginPasswordProtect($error_msg) {73 ?>74 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">75 <html xmlns="http://www.w3.org/1999/xhtml">77 <head profile="http://gmpg.org/xfn/11">78 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />79 <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">80 <META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">81 <title>(E)2 Gallery Pro Log In</title>82 <link href="rsrc/style.css" rel="stylesheet" type="text/css">83 <style type="text/css">84 <!--85 body{86 font:16px "Trebuchet MS", Verdana, Arial, sans-serif;87 background: #F1F1F1 url(images/bodybg.png) repeat-x top center;88 }89 #login #header {90 background-image: url(images/loginheader.png);91 background-repeat: no-repeat;92 background-position: center top;93 height: 72px;94 width: 260px;95 }96 #login {97 width: 260px;98 margin: 25px auto;99 }100 #login #loginform {101 margin: 0px auto;102 padding: 9px;103 width: 220px;104 background: #E1E1E1;105 border-left: solid 1px #CCC;106 border-right: solid 1px #CCC;107 border-bottom: solid 1px #CCC;108 -moz-border-radius: 0 0 10px 10px;109 -webkit-border-bottom-left-radius: 10px;110 -webkit-border-bottom-right-radius: 10px;111 -khtml-border-bottom-left-radius: 10px;112 -khtml-border-bottom-right-radius: 10px;113 border-bottom-left-radius: 10px;114 border-bottom-right-radius: 10px;115 }116 input{117 width:98%;118 font:16px "Trebuchet MS", Verdana, Arial, sans-serif;119 }120 #login #loginform h2 {121 margin: 0px;122 padding: 0px;123 }124 -->125 </style>126 </head>127 <body>128 <div id="login">129 <div id="header"></div>130 <div id="loginform">131 <h2>Login</h2>132 <font color="red"><?php echo $error_msg; ?></font><br />133 <form name="form1" method="post" action="<?php echo $_SERVER['PHP_SELF'] ;?>">134 <?php if (USE_USERNAME) echo '<label id="username"><strong>Username</strong></label><br /><input type="text" name="access_login"><br /><br />'; ?>135 <label id="password"><strong>Password</strong></label><br />136 <input type="password" name="access_password"><br /><br />137 <input type="submit" name="submit" value="Login">138 </form>139 </div>140 </div>141 </body>142 </html>144 <?php145 // stop at this point146 die();147 }148 }150 // user provided password151 if (isset($_POST['access_password'])) {153 $login = isset($_POST['access_login']) ? $_POST['access_login'] : '';154 $pass = $_POST['access_password'];155 if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION)156 || (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass ) )157 ) {158 showLoginPasswordProtect("Incorrect login information.");159 }160 else {161 // set cookie if password was validated162 setcookie("e2verify", md5($login.'%'.$pass), $timeout, '/');164 // Some programs (like Form1 Bilder) check $_POST array to see if parameters passed165 // So need to clear password protector variables166 unset($_POST['access_login']);167 unset($_POST['access_password']);168 unset($_POST['Submit']);169 }171 }173 else {175 // check if password cookie is set176 if (!isset($_COOKIE['e2verify'])) {177 showLoginPasswordProtect("");178 }180 // check if cookie is good181 $found = false;182 foreach($LOGIN_INFORMATION as $key=>$val) {183 $lp = (USE_USERNAME ? $key : '') .'%'.$val;184 if ($_COOKIE['e2verify'] == md5($lp)) {185 $found = true;186 // prolong timeout187 if (TIMEOUT_CHECK_ACTIVITY) {188 setcookie("e2verify", md5($lp), $timeout, '/');189 }190 break;191 }192 }193 if (!$found) {194 showLoginPasswordProtect("");195 }197 }199 ?>