Multi password protect for a single PHP Page
Question
I have this Page Fundstransfer.php where I input data in a form, Then send the data to process.php using
<form action="<?php echo WEB_ROOT; ?>view/process.php?action=transfer" method="post" >
Then process.php collects the data, processes them and redirects to OTP.php where I input a code generated by process.php to complete requested transaction, and everything works just fine.
But what I want is a way to password the OTP.php page with four different passwords before it's contents display.
The OTP.php code is:
<?php
$errorMessage = (isset($_GET['msg']) && $_GET['msg'] != '') ? $_GET['msg'] : ' ';
$msgMessage = (isset($_GET['success']) && $_GET['success'] != '') ? $_GET['success'] : ' ';
?>
<h2>Transaction Authorization Code</h2>
<p>Funds transfer is a process of transfering funds from your account to other account in same Bank.<br/>Please make sure that you have enough funds available in your account to transfer. Also don't forgot to validate receiver's account number.</p>
<link href="<?php echo WEB_ROOT; ?>library/spry/textfieldvalidation/SpryValidationTextField.css" rel="stylesheet" type="text/css" />
<script src="<?php echo WEB_ROOT; ?>library/spry/textfieldvalidation/SpryValidationTextField.js" type="text/javascript"></script>
<span id="errorCls" style="color:#FF0000 !important;"><?php echo $errorMessage; ?></span>
<span style="color:#99FF00 !important;font-size:14px;"><?php echo $msgMessage; ?></span>
<p>The token code has been sent to your email : <span style="color:#0066CC;font-weight:bold;"><?php echo $_SESSION['hlbank_user']['email']; ?></span></p>
<p>You have <span id="defaultCountdown"></span> minutes remaining to insert valid OTP. System will automatically redirect to 'Fund Transfer' page to initiate fund transfer again.</p>
<form action="<?php echo WEB_ROOT; ?>view/process.php?action=token" method="post">
<table width="550" border="0" cellpadding="5" cellspacing="1" class="entryTable">
<tr id="listTableHeader">
<th colspan="2">Transfer Funds</th>
</tr>
<tr>
<td width="260" height="30" class="label"><strong>Transaction Authorization Code</strong></td>
<td height="30" class="content">
<span id="sprytf_token">
<input name="token" id="token" type="text" class="frmInputs" size="15" maxlength="15" />
<br/>
<span class="textfieldRequiredMsg">Transaction Authorization Code is required.</span>
<span class="textfieldInvalidFormatMsg">Transaction Authorization Code must be Integer.</span>
<span class="textfieldMinCharsMsg">Transaction Authorization Code must specify at least 6 characters.</span>
<span class="textfieldMaxCharsMsg">Transaction Authorization Code must specify at max 8 characters.</span>
</span>
</td>
</tr>
<tr>
<td height="30" colspan="2">
<div align="center">
<input name="submitButton" type="submit" class="frmButton" id="submitButton" value="Validate TAC" />
</div></td>
</tr>
</table>
</form>
<script type="text/javascript">
<!--
var sprytf_token = new Spry.Widget.ValidationTextField("sprytf_token", 'integer', {minChars: 6, maxChars: 8, validateOn: ["blur", "change"]});
//-->
</script>
<script src="<?php echo WEB_ROOT; ?>library/jquery.min.js"></script>
<script src="<?php echo WEB_ROOT; ?>library/jquery.plugin.min.js"></script>
<script src="<?php echo WEB_ROOT; ?>library/jquery.countdown.min.js"></script>
<script>
$(document).ready(function () {
function timerdone() {
var webRoot = '<?php echo WEB_ROOT; ?>' + 'view/?v=Transfer';
window.location.href = webRoot;
}
$('#defaultCountdown').countdown({
until: +60,
compact: true,
onExpiry: timerdone,
format: 'MS'
});
})
</script>
<style>
#defaultCountdown {font-family:Verdana;font-size:18px;padding:0 5px ;color:#990000;border:1px solid #993300;background-color:#FFFFCC;}
</style>
I have this below code
<?php
session_start();
$error = false;
if (!isset($_SESSION['login'])) {
$stage = (isset($_SESSION['stage'])) ? $_SESSION['stage'] : 0;
$stage_labels = array(
'First',
'Second',
'Third',
'Final'
);
$passwords = array(
'111',
'222',
'333',
'444'
);
if (isset($_POST['password']) && $_POST['password'] == $passwords[$stage]) {
if ($stage == 3) {
// if the final password matches, create a session variable for login
$_SESSION['login'] = 'loggedin';
header('location: ' . $_SERVER['PHP_SELF']);
exit();
} else {
// if password matches the respective stage, increase the value of stage by 1 to move on to next stage
$_SESSION['stage'] = $stage + 1;
header('location: ' . $_SERVER['PHP_SELF']);
exit();
}
} elseif (isset($_POST['password'])) {
$error = true;
// if form submitted with mismatch password, stage will restart from 0 again
print '<p align="center"><font color="red"><b>Incorrect Code entered</b><br>Please enter the correct code or contact Administrator</font></p>';
$_SESSION['stage'] = 0;
}
if (!$error) {
print '<p>Please enter your ' . $stage_labels[$stage] . ' password</p>';
}
print '<form method="post"><p align="center"><h2>Please enter code to intiate transfer</h2><br>';
print '<input name="password" type="password" maxlength="10"><input value="Authenticate" type="submit"></p></form>';
} else {
echo 'You have logged in';
}
?>
But can't find a way to incorporate it into OTP.php
Any assistance or pointer in the right direction would be greatly appreciated.
1 answers
solution1
0 ACCPTED 2018-04-05 21:21:07
I have gotten it right. What i did was place the protection code at the top of the page i wanted to protect and then removing echo and covering the php tag as seen Below
<?php
session_start();
$error = false;
if (!isset($_SESSION['login'])) {
$stage = (isset($_SESSION['stage'])) ? $_SESSION['stage'] : 0;
$stage_labels = array(
'First',
'Second',
'Third',
'Final'
);
$passwords = array(
'111',
'222',
'333',
'444'
);
if (isset($_POST['password']) && $_POST['password'] == $passwords[$stage]) {
if ($stage == 3) {
// if the final password matches, create a session variable for login
$_SESSION['login'] = 'loggedin';
header('location: ' . $_SERVER['PHP_SELF']);
exit();
} else {
// if password matches the respective stage, increase the value of stage by 1 to move on to next stage
$_SESSION['stage'] = $stage + 1;
header('location: ' . $_SERVER['PHP_SELF']);
exit();
}
} elseif (isset($_POST['password'])) {
$error = true;
// if form submitted with mismatch password, stage will restart from 0 again
print '<p align="center"><font color="red"><b>Incorrect Code entered</b><br>Please enter the correct code or contact Administrator</font></p>';
$_SESSION['stage'] = 0;
}
if (!$error) {
print '<p>Please enter your ' . $stage_labels[$stage] . ' password</p>';
}
print '<form method="post"><p align="center"><h2>Please enter code to intiate transfer</h2><br>';
print '<input name="password" type="password" maxlength="10"><input value="Authenticate" type="submit"></p></form>';
} else { ?>
Then placed the content i want to protect here, php codes and html all works fine here. then after the protected content, i added php tag to cover the parentheses i opned
<?php
}
?>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Password protect a page without db access with php
Easy way to password-protect php page
How to protect a single php page with htaccess?
Want to password protect a Wordpress page and have a PHP function validate the password
Password Protect PHP File
basic php password protect
protect files with password in PHP
Password Protect Php Page that sets user for next page and still checks password
How to password protect a page with Laravel?
add logout to password protect page
Related Tags