view e2gallerypro/e2upload/password_protect.php @ 26:c8377029b338 judyates

fixes.
author Robert McIntyre <rlm@mit.edu>
date Sat, 18 Apr 2015 21:22:59 -0700
parents 3f6b44aa6b35
children
line wrap: on
line source
1 <?php
3 ###############################################################
4 #
5 # Page Password Protect 2.13
6 # MODIFIED FOR INCORPORATION WITH e2 Photo Gallery
7 # Name of cookie set has been changed from original script writers default to a specific name of e2verify
8 # Some instructions and notifications on this page have been altered to make things more clear
9 # Authors original login form has been altered to match original e2 login form
10 #
11 ###############################################################
12 # Visit http://www.zubrag.com/scripts/ for original unmodified script and updates
13 ###############################################################
14 # Usage:
15 # Set usernames / passwords below between SETTINGS START and SETTINGS END.
16 # Place Script inside e2 Photos gallery uploader folder
17 # Add include of this script to all files being protected on VERY FIRST LINE ON PAGE
18 # Example: include ('password_protect.php);
19 #
20 # Add following HTML code to your page where you want to have logout link
21 # <a href="http://www.example.com/path/to/protected/page.php?logout=1">Logout</a>
22 #
23 ###############################################################
25 /*
26 -------------------------------------------------------------------
27 SAMPLE if you only want to request login and password on login form.
28 Each row represents different user.
29 Each row requires a comma in the end of it execpt the last
31 $LOGIN_INFORMATION = array(
32 'zubrag' => 'root',
33 'test' => 'testpass',
34 'admin' => 'passwd'
35 );
37 --------------------------------------------------------------------
38 SAMPLE if you only want to request only password on login form so only passwords are listed and required to login
39 Note: You will have to modify line 59 of this code to read false, and replace lines 52-56 with the sample array below
41 $LOGIN_INFORMATION = array(
42 'root',
43 'testpass',
44 'passwd'
45 );
47 --------------------------------------------------------------------
48 */
50 ///////////////////////////////////////////////////////
51 // do not change code below
52 ///////////////////////////////////////////////////////
54 // show usage example
55 if(isset($_GET['help'])) {
56 die('Include following code into every page you would like to protect, at the very beginning (first line):<br>&lt;?php include("' . str_replace('\\','\\\\',__FILE__) . '"); ?&gt;');
57 }
59 // timeout in seconds
60 $timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60);
62 // logout?
63 if(isset($_GET['logout'])) {
64 setcookie("e2verify", '', $timeout, '/'); // clear password;
65 header('Location: ' . LOGOUT_URL);
66 exit();
67 }
69 if(!function_exists('showLoginPasswordProtect')) {
71 // show login form
72 function showLoginPasswordProtect($error_msg) {
73 ?>
74 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
75 <html xmlns="http://www.w3.org/1999/xhtml">
77 <head profile="http://gmpg.org/xfn/11">
78 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
79 <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
80 <META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
81 <title>(E)2 Gallery Pro Log In</title>
82 <link href="rsrc/style.css" rel="stylesheet" type="text/css">
83 <style type="text/css">
84 <!--
85 body{
86 font:16px "Trebuchet MS", Verdana, Arial, sans-serif;
87 background: #F1F1F1 url(images/bodybg.png) repeat-x top center;
88 }
89 #login #header {
90 background-image: url(images/loginheader.png);
91 background-repeat: no-repeat;
92 background-position: center top;
93 height: 72px;
94 width: 260px;
95 }
96 #login {
97 width: 260px;
98 margin: 25px auto;
99 }
100 #login #loginform {
101 margin: 0px auto;
102 padding: 9px;
103 width: 220px;
104 background: #E1E1E1;
105 border-left: solid 1px #CCC;
106 border-right: solid 1px #CCC;
107 border-bottom: solid 1px #CCC;
108 -moz-border-radius: 0 0 10px 10px;
109 -webkit-border-bottom-left-radius: 10px;
110 -webkit-border-bottom-right-radius: 10px;
111 -khtml-border-bottom-left-radius: 10px;
112 -khtml-border-bottom-right-radius: 10px;
113 border-bottom-left-radius: 10px;
114 border-bottom-right-radius: 10px;
115 }
116 input{
117 width:98%;
118 font:16px "Trebuchet MS", Verdana, Arial, sans-serif;
119 }
120 #login #loginform h2 {
121 margin: 0px;
122 padding: 0px;
123 }
124 -->
125 </style>
126 </head>
127 <body>
128 <div id="login">
129 <div id="header"></div>
130 <div id="loginform">
131 <h2>Login</h2>
132 <font color="red"><?php echo $error_msg; ?></font><br />
133 <form name="form1" method="post" action="<?php echo $_SERVER['PHP_SELF'] ;?>">
134 <?php if (USE_USERNAME) echo '<label id="username"><strong>Username</strong></label><br /><input type="text" name="access_login"><br /><br />'; ?>
135 <label id="password"><strong>Password</strong></label><br />
136 <input type="password" name="access_password"><br /><br />
137 <input type="submit" name="submit" value="Login">
138 </form>
139 </div>
140 </div>
141 </body>
142 </html>
144 <?php
145 // stop at this point
146 die();
147 }
148 }
150 // user provided password
151 if (isset($_POST['access_password'])) {
153 $login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
154 $pass = $_POST['access_password'];
155 if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION)
156 || (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass ) )
157 ) {
158 showLoginPasswordProtect("Incorrect login information.");
159 }
160 else {
161 // set cookie if password was validated
162 setcookie("e2verify", md5($login.'%'.$pass), $timeout, '/');
164 // Some programs (like Form1 Bilder) check $_POST array to see if parameters passed
165 // So need to clear password protector variables
166 unset($_POST['access_login']);
167 unset($_POST['access_password']);
168 unset($_POST['Submit']);
169 }
171 }
173 else {
175 // check if password cookie is set
176 if (!isset($_COOKIE['e2verify'])) {
177 showLoginPasswordProtect("");
178 }
180 // check if cookie is good
181 $found = false;
182 foreach($LOGIN_INFORMATION as $key=>$val) {
183 $lp = (USE_USERNAME ? $key : '') .'%'.$val;
184 if ($_COOKIE['e2verify'] == md5($lp)) {
185 $found = true;
186 // prolong timeout
187 if (TIMEOUT_CHECK_ACTIVITY) {
188 setcookie("e2verify", md5($lp), $timeout, '/');
189 }
190 break;
191 }
192 }
193 if (!$found) {
194 showLoginPasswordProtect("");
195 }
197 }
199 ?>