Need help with basic password-protect page

Hi,

I need assistance getting a password-protect page to work for my portfolio site. Currently, the password protect page allows users to go through even if they enter the wrong password. Can anyone assist? I don’t have previous experience with PHP, this is modified code I found online.

The live site: https://www.starchevsky.com/pwo.php
(code pasted below)

Thanks!

   <?php


$password = "";

if(isset($_POST['submit'])) {


$password = $_POST['password'];
header('location: http://www.starchevsky.com/pwo.html');

if($password != "design6020") {

$error['password'] = "Please re-enter the password.";

}

}

?>

<!DOCTYPE html>

<html>

<head>
      
	<meta name="robots" content="noindex">
    <meta charset="utf-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
	<meta name="description" content="Product Designer with 13 years of experience leading projects for clients large and small, including Google, Bank of America, and Chick-fil-A."/>
    <title>Tatiana Starchevsky</title>
	<link href="https://fonts.googleapis.com/css2?family=Montserrat&family=Prata&display=swap" rel="stylesheet">
	<link rel="shortcut icon" href="img/favicon.ico" />    
    <link rel="stylesheet" href="lib/css/foundation.css" />
    <link rel="stylesheet" href="lib/css/style.css" />
	<link rel="stylesheet" href="lib/css/app.css" />
    
    <style>
 
      input[type=text] {
        border: 2px solid #ccc;
        border-radius: 4px;
        border-style:solid;
        -webkit-appearance: none;
        box-shadow: inset 0px 0px 0px 0px red;
      }
        
      input[type=button],
      input[type=submit] {
        background-color: #d50634;
        border: none;
        color: #fff;
        padding: 15px 30px;
        text-decoration: none;
        margin: 4px 2px;
        border-radius: 4px;
        cursor: pointer;
      } 
	  
		input:hover[type="submit"] 
		{
			background: #000;
		}
      
    </style>
 	</head>

<body>

<em><?php if($password == "design6020") { 

    header('location: http://www.starchevsky.com/pwo.html');
?></em>
	

<!-- PROTECTED INFORMATION GOES HERE -->

<?php } else { ?>

   <section id="headernav"> 
      <div class="grid-x">
          <div class="cell small-6 name">
            <a href="index.html">Tatiana Starchevsky</a>
          </div>
          <div class="cell small-6">
            <ul class="menu align-right">
              <li><a ref="index.html">Projects</a></li>
              <li><a href="mailto:[email protected]">Contact</a></li>
            </ul>
          </div>
      </div>
    </section> 
	
    <section>
        <div class="grid-x align-center align-middle">
          <div class="large-6 small-6 cell">              
              
              <br><br><br><br>
              <h3>Password Protected</h3>
              <br>                
              <p>At the client's request, this project is password protected.</p>
              <small>Please <a href="mailto:[email protected]">email me</a> if you need access.</small>
              <br><br>

              
<?php foreach($error as $errors) {

echo "<p style='color: red;'>".$errors."</p>";

}

?>

<form name="login" action="pwo.php" method="post">


<p>


<input type="text" id="password" class="password" name="password" placeholder="Password" value="<?php if(isset($password)) { echo $password; } ?>"> <input type="submit" name="submit" value="Submit">
    
</p>

<?php } ?>

</form> 

          
</div>

</section> 

     

    <script src="js/vendor/jquery.js"></script>
    <script src="js/vendor/what-input.js"></script>
    <script src="js/vendor/foundation.js"></script>
    <script src="js/app.js"></script>


</body>

</html>

Well you are doing nothing if it is the wrong password.

You have the HTML content outside of the PHP password checking snippet…

Move that to an else{} statemnt on your current if() statement…

OR just exit the page after the password is found to be false.

If the password is false, it lets the user proceed anyway. Since I’m not sure I’ll do it correctly, would you mind pasting the modified code here?

What is this line supposed to be for:

header(‘location: http://www.starchevsky.com/pwo.html’);

You ave this line right after assigning the submitted password?

And then again further down in the code?

Outside of that oddity…

What should be happening here?

You only seem to check against this ‘password’:

design6020

If they put that in… then you are redirecting them somewhere else…

if they dont put that password in… then you tell them it is ‘wrong’…

before code is giving… EXPLAIN what it is you want done here…

As I mentioned, I am brand new to PHP and this is code I found online and modified by putting my info in. I don’t understand PHP so if you can, please write the correct code. I need it to display the content on starchevsky.com/pwo.html for users who enter the right password, and block wrong password attempts.

Web servers are stateless. They don’t know anything outside of the current http request they are servicing. When you authenticate a user, you must remember who the logged in user is. The simplest way of doing this is to store the user’s id in a session variable. You would then test for the existence of this session variable on each page request to control what the visitor can see and do on any page. This requires that the protected page be a .php page.

Even if you dont know code, you should be able to explain what you want to happen.

So if someone enters in a password… you want to redirect them to your chic-fil-a menu?

Perhaps this will work for you:

<?

$password = "";

if(isset($_POST['submit'])) {
	$password = $_POST['password'];
	
	//if passwordis correct (redirect)
	if($password == "design6020") { 
		//redirect (cant have output anything to page for it to work)
		header('location: http://www.starchevsky.com/pwo.html');

	//if($password != "design6020") {
	}else{
		//set error message and display form again
		$error['password'] = "Please re-enter the password.";
	}

}

?>

<!DOCTYPE html>

<html>

	<head>
		  
		
		<meta name="robots" content="noindex">
		<meta charset="utf-8" />
		<meta name="viewport" content="width=device-width, initial-scale=1.0" />
		<meta name="description" content="Product Designer with 13 years of experience leading projects for clients large and small, including Google, Bank of America, and Chick-fil-A."/>
		<title>Tatiana Starchevsky</title>
		<link href="https://fonts.googleapis.com/css2?family=Montserrat&family=Prata&display=swap" rel="stylesheet">
		<link rel="shortcut icon" href="img/favicon.ico" />    
		<link rel="stylesheet" href="lib/css/foundation.css" />
		<link rel="stylesheet" href="lib/css/style.css" />
		<link rel="stylesheet" href="lib/css/app.css" />
		
		
		<style>
	 
		  input[type=text] {
			border: 2px solid #ccc;
			border-radius: 4px;
			border-style:solid;
			-webkit-appearance: none;
			box-shadow: inset 0px 0px 0px 0px red;
		  }
			
		  input[type=button],
		  input[type=submit] {
			background-color: #d50634;
			border: none;
			color: #fff;
			padding: 15px 30px;
			text-decoration: none;
			margin: 4px 2px;
			border-radius: 4px;
			cursor: pointer;
		  } 
		  
			input:hover[type="submit"] 
			{
				background: #000;
			}
		  
		</style>
	</head>

	<body>

		<section id="headernav"> 
			<div class="grid-x">
				<div class="cell small-6 name">
					<a href="index.html">Tatiana Starchevsky</a>
				</div>
				<div class="cell small-6">
					<ul class="menu align-right">
						<li><a ref="index.html">Projects</a></li>
						<li><a href="mailto:[email protected]">Contact</a></li>
					</ul>
				</div>
			</div>
		</section> 
		
		<section>
			<div class="grid-x align-center align-middle">
				<div class="large-6 small-6 cell">              
				  
					<br><br><br><br>
					<h3>Password Protected</h3>
					<br>                
					<p>At the client's request, this project is password protected.</p>
					<small>Please <a href="mailto:[email protected]">email me</a> if you need access.</small>
					<br><br>

				  
					<?
					if($error['password'] != ''){
						
						foreach($error as $errors) {
							echo "<p style='color: red;'>".$errors."</p>";
						}
					}

					?>

					<form name="login" action="<?=$_SERVER['PHP_SELF']?>?mode=submit" method="post">
						<p>
							<input type="password" id="password" class="password" name="password" placeholder="Password" value="<?php if(isset($password)) { echo $password; } ?>"> 
							<br>
							
							<input type="submit" name="submit" value="Submit">
						</p>

	
					</form> 

			  
				</div>

			</section> 

		 
		
		<script src="js/vendor/jquery.js"></script>
		<script src="js/vendor/what-input.js"></script>
		<script src="js/vendor/foundation.js"></script>
		<script src="js/app.js"></script>
		


	</body>

</html>

Yes, I want the menu page to be accessible only to users who have entered the correct password. The code you provided seems to work - thank you for your help!

Sponsor our Newsletter | Privacy Policy | Terms of Service