Reputation: 29
Password Protecting A Webpage
Title may be a little misleading but I'll try to explain here. Basically, when I put my website in 'offline mode' I have a section where admins can log in with a password. (They are not logging in with their accounts) The password is 'password' for this example. When a user types in the correct password, it should redirect them to the webpage, howvever it isn't, it's just echoing 'Incorrect password' - when it is in fact correct.
The code is made up by me, as you can probably tell. I expected this not to work because I'm still in the very early stages of learning PHP
HTML:
<div class="backdroplogin">
<h2>Login to your account:</h2>
<form action="/Offline" method="GET">
<input type ="password" name="password_login" size="25" Value="" />
<input type="submit" name="login" value="Login" />
</div>
</form>
PHP:
//ADMIN LOGIN
$password = "AbCd0987connekt£*^%";
if (isset($_GET["password_login"])) {
$password_login = $_GET["password_login"];
if ($password_login == $password) {
header("Location:/Admin/Panel");
} else {
echo "Incorrect password";
}
}
Thanks for any help.
Upvotes: 0
Views: 123
Answers (3)
Reputation: 513
Like Svetlio said.. It is a bad habit to send passwords using the get method. So instead use method="post" in your html form and $_POST["password_login"] in your php.
In your text you say you use "password" as the password for this tool, while in your php you check if the sent password is equal to "AbCd0987connekt£*^%", so if you put in your password you should use "AbCd0987connekt£*^%"... or did you mean you use "$password"
Just another tip: for readability ability of your code try to indent :)
Upvotes: 1
Reputation: 454
I agree with comment. But just to answer your question:
Everything is working all right in your script, but I think you have a confusion when says "The password is 'password' for this example, instead the password is exactly: AbCd0987connekt£*^% as you wrote it in your code. I copied your code in my platform (changed action) and it's working as you want.
Upvotes: 0
Reputation: 59
You could verify that the password is correct and put a flag into a session variable. Then on the admin page do a check to see if that session flag is correct to access.
if($_SESSION['IsAdmin'] === true {
//load/redirect to page
} else {
die("You aren't an admin.");
}
Also, like others said - don't use GET for passwords, and definitely don't pass them as plaintext.
Upvotes: 0
Related Questions
- Full password protected website
- php password protected website
- PHP Page password protection
- Multiple passwords for simple password protected page
- Password protecting a webpage with PHP
- Password protecting just one page
- How can I secure certain HTML pages with a password?
- Password protected part of website / custom log in page
- Protecting webpage via authentication
- Password protect a simple web site