0

I have this script

<?php
$username = "namey";
$password = "passy";
$salted = "salty";

if (isset($_COOKIE['Cookiename'])) {if ($_COOKIE['Cookiename'] == sha1($password.$salted)) {
?>
<body>
<span>
it works
</span></body>


<?php
      exit;} 
      else {
      echo "cookie error";
      exit;}}

if (isset($_GET['auth']) && $_GET['auth'] == "login") {
   if ($_POST['user'] != $username) {
      echo "username error";
      exit;}
      else if ($_POST['keypass'] != $password) {
      echo "password error";
      exit;}
      else if ($_POST['user'] == $username && $_POST['keypass'] == $password) {
      setcookie('Cookiename', sha1($_POST['keypass'].$salted));
      header("Location: $_SERVER[PHP_SELF]");}
      else {
      echo "server error";}}
?>
<div>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>?auth=login" method="post">
<label>Username<input type="text" name="user" id="user" /></label><br/>
<label>Password<input type="password" name="keypass" id="keypass" /></label><br/>
<input type="submit" id="submit" value="Login"/>
</div>
</form>

& basically i need every link on the site to come though here & look if the user is logged in before letting him access the requested page.

qqqqwwerrrttyy
  • 3
  • 3
  • Well, in PHP at the top of your page, you could add an instruction to validate if the user is logged in ( `isset($_SESSION['userdata'])`) if they are not, use `header('localtion : ' + url + 'login.php')` to redirect them to the login. – Nicolas Feb 24 '17 at 13:40
  • you need to include this script in all your pages and make it run first before the real page can be rendered, and check that the login is OK. If you already have a header script just include it in that, and it will then automatically be included in other pages. Be sure you have not rendered _anything_ to the output before this runs, otherwise the "Location" header cannot work. – ADyson Feb 24 '17 at 13:51

2 Answers2

1

You can create a main php file and add a check to look if the user is logged-in.

And include the main php file at the top of every script you want to protect.

so if you create a file called check.php

//add this to the created file check.php
if (!isset($_COOKIE['loggedin']) && !$_COOKIE['loggedin']){
  header('Location: YOUR URL')
  die();
}

and add this setcookie('loggedin', true));

under setcookie('Cookiename', sha1($_POST['keypass'].$salted));

and include check.php at the top of your scripts.

hope this helps :)

Andrew Osenga
  • 36
  • 3
0

If you want every page to validate the login, you'd want to include this file at the top of every other script you need to authenticate.

Another way is to use PHP's auto_prepend_file to well... prepend it to every file in your web, or to the subdirectories you want.

My answer

Anyway, i'd rather create a cookie to store if the user has been logged, and check that in every page, if the user is not logged, redirect him to the script you posted.

Something like this:

// cookies() is a function to validate your cookies..
if (!cookies()) {
    header('Location: YOUR_URL', true, 303;
    die();
}

Check this link regarding safe redirection in PHP.

Another option is to add the redirection code inside cookies(), so you would just include the file where cookies() is, and call it at the top of your scripts.

Community
  • 1
  • 1
Condorcho
  • 493
  • 4
  • 11
  • What has a vps do with my answer? – Condorcho Feb 28 '17 at 13:07
  • Well, you can use `.htaccess` to prepend files using: `php_value auto_prepend_file "C:/path/to/your/file.php"` – Condorcho Feb 28 '17 at 13:14
  • You should contact support and ask for it. It's a lot easier to use one directive to include the files you want rather than adding code to every script, that eventually you'd change, bit messy if it's a mid-big project. – Condorcho Feb 28 '17 at 14:28