I have a page I want to password-protect. I've tried the code below, but I am unable to put logout to the page. Any other quick (and easy) way to do this? Thanks!
How I can add logout to this password protected page as described below
$username = "the_username_here";
$password = "the_password_here";
$nonsense = "supercalifragilisticexpialidocious";
if (isset($_COOKIE['PrivatePageLogin'])) {
if ($_COOKIE['PrivatePageLogin'] == md5($password.$nonsense)) {
LOGGED IN CONTENT HERE
exit;
} else {
echo "Bad Cookie.";
exit;
}
}
if (isset($_GET['p']) && $_GET['p'] == "login") {
if ($_POST['user'] != $username) {
echo "Sorry, that username does not match.";
exit;
} else if ($_POST['keypass'] != $password) {
echo "Sorry, that password does not match.";
exit;
} else if ($_POST['user'] == $username && $_POST['keypass'] == $password) {
setcookie('PrivatePageLogin', md5($_POST['keypass'].$nonsense));
header("Location: $_SERVER[PHP_SELF]");
} else {
echo "Sorry, you could not be logged in at this time.";
}
}
And the login form on the page...
<form action="<?php echo $_SERVER['PHP_SELF']; ?>?p=login" method="post">
<label><input type="text" name="user" id="user" /> Name</label><br />
<label><input type="password" name="keypass" id="keypass" /> Password</label><br />
<input type="submit" id="submit" value="Login" />
</form>
Any clue on how to get this solved ?
On any page
<?php if(isset($_COOKIE['PrivatePageLogin'])):?>
<a href="logout.php">Logout</a>
<?php endif?>
logout.php
if(isset($_COOKIE['PrivatePageLogin'])){
// delete cookie
setcookie('PrivatePageLogin', null, time() - 1);
// if you use sessions delete session variables as well
}
header('Location: index.php');
Simply provide a link to a page which clears the cookie you've set.
As a side note, saving the password in md5
alone in the client side is not secure whatsoever.
This doesn't answer the question of user1561466. With this answer I show you how one could use the password protected feature of WP with a logout button (without plugins):
logout.php:
<?php
if (isset($_SERVER['HTTP_COOKIE'])) {
$cookies = explode(';', $_SERVER['HTTP_COOKIE']);
foreach($cookies as $cookie) {
$parts = explode('=', $cookie);
$name = trim($parts[0]);
setcookie($name, '', time()-1000);
setcookie($name, '', time()-1000, '/');
}
}
header('Location: index.php');
?>
Perhaps you could only delete only one cookie, but this is how I can independently of WP delete the cookie.
In page.php
I have this:
<?php if (have_posts()) : while (have_posts()) : the_post(); ?>
<?php
if (!empty($post->post_password)) { // if there's a password
if (isset($_COOKIE['wp-postpass_' . COOKIEHASH]) && wp_check_password( $post->post_password, $_COOKIE['wp-postpass_' . COOKIEHASH])) {
echo '<a href="/logout.php">Logout</a><br /><br />';
}
}
?>
Sources: how to delete all cookies of my website in php , http://wordpress.org/support/topic/check-in-the-loop-if-a-post-is-password-protected
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.