rlm@3: <?php
rlm@3: 
rlm@3: ###############################################################
rlm@3: #
rlm@3: # Page Password Protect 2.13
rlm@3: # MODIFIED FOR INCORPORATION WITH e2 Photo Gallery
rlm@3: # Name of cookie set has been changed from original script writers default to a specific name of e2verify
rlm@3: # Some instructions and notifications on this page have been altered to make things more clear
rlm@3: # Authors original login form has been altered to match original e2 login form
rlm@3: #
rlm@3: ###############################################################
rlm@3: # Visit http://www.zubrag.com/scripts/ for original unmodified script and updates
rlm@3: ############################################################### 
rlm@3: # Usage:
rlm@3: # Set usernames / passwords below between SETTINGS START and SETTINGS END.
rlm@3: # Place Script inside e2 Photos gallery uploader folder
rlm@3: # Add include of this script to all files being protected on VERY FIRST LINE ON PAGE 
rlm@3: #    Example: include ('password_protect.php);
rlm@3: #
rlm@3: # Add following HTML code to your page where you want to have logout link
rlm@3: # <a href="http://www.example.com/path/to/protected/page.php?logout=1">Logout</a>
rlm@3: #
rlm@3: ###############################################################
rlm@3: 
rlm@3: /*
rlm@3: -------------------------------------------------------------------
rlm@3: SAMPLE if you only want to request login and password on login form.
rlm@3: Each row represents different user.
rlm@3: Each row requires a comma in the end of it execpt the last
rlm@3: 
rlm@3: $LOGIN_INFORMATION = array(
rlm@3:   'zubrag' => 'root',
rlm@3:   'test' => 'testpass',
rlm@3:   'admin' => 'passwd'
rlm@3: );
rlm@3: 
rlm@3: --------------------------------------------------------------------
rlm@3: SAMPLE if you only want to request only password on login form so only passwords are listed and required to login
rlm@3: Note: You will have to modify line 59 of this code to read false, and replace lines 52-56 with the sample array below 
rlm@3: 
rlm@3: $LOGIN_INFORMATION = array(
rlm@3:   'root',
rlm@3:   'testpass',
rlm@3:   'passwd'
rlm@3: );
rlm@3: 
rlm@3: --------------------------------------------------------------------
rlm@3: */
rlm@3: 
rlm@3: ///////////////////////////////////////////////////////
rlm@3: // do not change code below
rlm@3: ///////////////////////////////////////////////////////
rlm@3: 
rlm@3: // show usage example
rlm@3: if(isset($_GET['help'])) {
rlm@3:   die('Include following code into every page you would like to protect, at the very beginning (first line):<br>&lt;?php include("' . str_replace('\\','\\\\',__FILE__) . '"); ?&gt;');
rlm@3: }
rlm@3: 
rlm@3: // timeout in seconds
rlm@3: $timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60);
rlm@3: 
rlm@3: // logout?
rlm@3: if(isset($_GET['logout'])) {
rlm@3:   setcookie("e2verify", '', $timeout, '/'); // clear password;
rlm@3:   header('Location: ' . LOGOUT_URL);
rlm@3:   exit();
rlm@3: }
rlm@3: 
rlm@3: if(!function_exists('showLoginPasswordProtect')) {
rlm@3: 
rlm@3: // show login form
rlm@3: function showLoginPasswordProtect($error_msg) {
rlm@3: ?>
rlm@3: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
rlm@3: <html xmlns="http://www.w3.org/1999/xhtml">
rlm@3: 
rlm@3: <head profile="http://gmpg.org/xfn/11">
rlm@3: <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
rlm@3:   <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
rlm@3:   <META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
rlm@3: <title>(E)2 Gallery Pro Log In</title> 
rlm@3: <link href="rsrc/style.css" rel="stylesheet" type="text/css">
rlm@3: <style type="text/css">
rlm@3: <!--
rlm@3: body{
rlm@3: 	font:16px "Trebuchet MS", Verdana, Arial, sans-serif;
rlm@3: 	background: #F1F1F1 url(images/bodybg.png) repeat-x top center;
rlm@3: }
rlm@3: #login #header {
rlm@3: 	background-image: url(images/loginheader.png);
rlm@3: 	background-repeat: no-repeat;
rlm@3: 	background-position: center top;
rlm@3: 	height: 72px;
rlm@3: 	width: 260px;
rlm@3: }
rlm@3: #login {
rlm@3: 	width: 260px;
rlm@3: 	margin: 25px auto;
rlm@3: }
rlm@3: #login #loginform {
rlm@3: 	margin: 0px auto;
rlm@3: 	padding: 9px;
rlm@3: 	width: 220px;
rlm@3: 	background: #E1E1E1;
rlm@3: 	border-left: solid 1px #CCC;
rlm@3: 	border-right: solid 1px #CCC;
rlm@3: 	border-bottom: solid 1px #CCC;
rlm@3: 	-moz-border-radius: 0 0 10px 10px;
rlm@3: 	-webkit-border-bottom-left-radius: 10px;
rlm@3: 	-webkit-border-bottom-right-radius: 10px;
rlm@3: 	-khtml-border-bottom-left-radius: 10px;
rlm@3: 	-khtml-border-bottom-right-radius: 10px;
rlm@3: 	border-bottom-left-radius: 10px;
rlm@3: 	border-bottom-right-radius: 10px;
rlm@3: }
rlm@3: input{
rlm@3: 	width:98%;
rlm@3: 	font:16px "Trebuchet MS", Verdana, Arial, sans-serif;
rlm@3: }
rlm@3: #login #loginform h2 {
rlm@3: 	margin: 0px;
rlm@3: 	padding: 0px;
rlm@3: }
rlm@3: -->
rlm@3: </style>
rlm@3: </head> 
rlm@3: <body> 
rlm@3: <div id="login">
rlm@3: 	<div id="header"></div>
rlm@3:     <div id="loginform">
rlm@3:     <h2>Login</h2>
rlm@3:         <font color="red"><?php echo $error_msg; ?></font><br />
rlm@3:             <form name="form1" method="post" action="<?php echo $_SERVER['PHP_SELF'] ;?>"> 
rlm@3:         	<?php if (USE_USERNAME) echo '<label id="username"><strong>Username</strong></label><br /><input type="text" name="access_login"><br /><br />'; ?> 
rlm@3:               <label id="password"><strong>Password</strong></label><br />
rlm@3:                 <input type="password" name="access_password"><br /><br /> 
rlm@3:                 <input type="submit" name="submit" value="Login"> 
rlm@3:             </form>
rlm@3:      </div>
rlm@3: </div>
rlm@3: </body> 
rlm@3: </html> 
rlm@3: 
rlm@3: <?php
rlm@3:   // stop at this point
rlm@3:   die();
rlm@3: }
rlm@3: }
rlm@3: 
rlm@3: // user provided password
rlm@3: if (isset($_POST['access_password'])) {
rlm@3: 
rlm@3:   $login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
rlm@3:   $pass = $_POST['access_password'];
rlm@3:   if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION)
rlm@3:   || (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass ) ) 
rlm@3:   ) {
rlm@3:     showLoginPasswordProtect("Incorrect login information.");
rlm@3:   }
rlm@3:   else {
rlm@3:     // set cookie if password was validated
rlm@3:     setcookie("e2verify", md5($login.'%'.$pass), $timeout, '/');
rlm@3:     
rlm@3:     // Some programs (like Form1 Bilder) check $_POST array to see if parameters passed
rlm@3:     // So need to clear password protector variables
rlm@3:     unset($_POST['access_login']);
rlm@3:     unset($_POST['access_password']);
rlm@3:     unset($_POST['Submit']);
rlm@3:   }
rlm@3: 
rlm@3: }
rlm@3: 
rlm@3: else {
rlm@3: 
rlm@3:   // check if password cookie is set
rlm@3:   if (!isset($_COOKIE['e2verify'])) {
rlm@3:     showLoginPasswordProtect("");
rlm@3:   }
rlm@3: 
rlm@3:   // check if cookie is good
rlm@3:   $found = false;
rlm@3:   foreach($LOGIN_INFORMATION as $key=>$val) {
rlm@3:     $lp = (USE_USERNAME ? $key : '') .'%'.$val;
rlm@3:     if ($_COOKIE['e2verify'] == md5($lp)) {
rlm@3:       $found = true;
rlm@3:       // prolong timeout
rlm@3:       if (TIMEOUT_CHECK_ACTIVITY) {
rlm@3:         setcookie("e2verify", md5($lp), $timeout, '/');
rlm@3:       }
rlm@3:       break;
rlm@3:     }
rlm@3:   }
rlm@3:   if (!$found) {
rlm@3:     showLoginPasswordProtect("");
rlm@3:   }
rlm@3: 
rlm@3: }
rlm@3: 
rlm@3: ?>