I had created a simple password protection page for a PHP webpage by searching online. below is the code.
protect.php:
<?php
namespace Protect;
function with($form, $password, $scope=null) {
if( !$scope ) $scope = current_url();
$session_key = 'password_protect_'.preg_replace('/\W+/', '_', $scope);
session_start();
if( $_POST['password'] == $password ) {
$_SESSION[$session_key] = true;
redirect(current_url());
}
if( $_SESSION[$session_key] ) return;
require $form;
exit;
}
function current_url($script_only=false) {
$protocol = 'http';
$port = ':'.$_SERVER["SERVER_PORT"];
if($_SERVER["HTTPS"] === 'on') $protocol .= 's';
if($protocol === 'http' && $port === ':80') $port = '';
if($protocol === 'https' && $port === ':443') $port = '';
$path = $script_only ? $_SERVER['SCRIPT_NAME'] : $_SERVER['REQUEST_URI'];
return $protocol."://".$_SERVER[SERVER_NAME].$port.$path;
}
function redirect($url) {
header("Location: ".$url);
exit;
}
Form.php:
<html>
<body>
<form method="POST">
<?php
if( $_SERVER['REQUEST_METHOD'] === 'POST' ) {
?>
Invalid password
<?php
}
?>
<p>Enter password for access:</p>
<input type="password" name="password">
<button type="submit">Submit</button>
</form>
</body>
</html>
At the top of the php webpage which is to be protected with security password:
<?php
require_once('protect.php');
Protect\with('form.php', 'demo'); // demo is the password
?>
It's working fine but I am getting an error as
Undefined index: password in C:\\xampp\\htdocs\\iv\\admin\\protect.php on line 9 and session start() is already defined.
(On top of the php page which is to be protected).
When I tried to make any changes its completely not working.
Anybody, please help and guide me where exactly the error.
You have to check first if the password has been submitted in your with
function.
// this has to be checked first
// added isset to check if its existing
if( isset($_SESSION[$session_key]) && $_SESSION[$session_key] ) return;
^-------------------------------^
if( isset($_POST['password']) && $_POST['password'] == $password ) {
^--------------------------^
...
}
As noted by @Martin in several comments, your two issues can be easily solved by reading the linked questions/answers.
The first issue, which is the session already started error, can be easily solved by bringing out the session_start()
from your function altogether and put it only once in the very top level php file.
The second issue is resolved by using empty()
or isset()
.
function with($form, $password, $scope=null)
{
if(empty($scope))
$scope = current_url();
$session_key = 'password_protect_'.preg_replace('/\W+/', '_', $scope);
if(isset($_POST['password']) && ($_POST['password'] == $password)) {
$_SESSION[$session_key] = true;
redirect(current_url());
}
if(!empty($_SESSION[$session_key]))
return false;
require($form);
exit;
}
To set session:
<?php
# Just add by default, don't use an "if" clause
session_start();
# Do the rest of your script
require_once('protect.php');
Protect\with('form.php', 'demo');
One final note; make sure your indenting correlates to hierarchy otherwise the script can get hard to read.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.