Home page password protect

More
1 month 3 weeks ago - 1 month 3 weeks ago #196180 by Andrewsss
Hi, I need protect my home page with a password, and I try use this code
<?php
 
###############################################################
# Page Password Protect 2.13
###############################################################
# Visit http://www.zubrag.com/scripts/ for updates
############################################################### 
#
# Usage:
# Set usernames / passwords below between SETTINGS START and SETTINGS END.
# Open it in browser with "help" parameter to get the code
# to add to all files being protected. 
#    Example: password_protect.php?help
# Include protection string which it gave you into every file that needs to be protected
#
# Add following HTML code to your page where you want to have logout link
# <a href="http://www.example.com/path/to/protected/page.php?logout=1">Logout</a>
#
###############################################################
 
/*
-------------------------------------------------------------------
SAMPLE if you only want to request login and password on login form.
Each row represents different user.
 
$LOGIN_INFORMATION = array(
  'zubrag' => 'root',
  'test' => 'testpass',
  'admin' => 'passwd'
);
 
--------------------------------------------------------------------
SAMPLE if you only want to request only password on login form.
Note: only passwords are listed
 
$LOGIN_INFORMATION = array(
  'root',
  'testpass',
  'passwd'
);
 
--------------------------------------------------------------------
*/
 
##################################################################
#  SETTINGS START
##################################################################
 
// Add login/password pairs below, like described above
// NOTE: all rows except last must have comma "," at the end of line
$LOGIN_INFORMATION = array(
  'zubrag' => 'root',
  'admin' => 'adminpass'
);
 
// request login? true - show login and password boxes, false - password box only
define('USE_USERNAME', true);
 
// User will be redirected to this page after logout
define('LOGOUT_URL', 'http://www.example.com/');
 
// time out after NN minutes of inactivity. Set to 0 to not timeout
define('TIMEOUT_MINUTES', 0);
 
// This parameter is only useful when TIMEOUT_MINUTES is not zero
// true - timeout time from last activity, false - timeout time from login
define('TIMEOUT_CHECK_ACTIVITY', true);
 
##################################################################
#  SETTINGS END
##################################################################
 
 
///////////////////////////////////////////////////////
// do not change code below
///////////////////////////////////////////////////////
 
// show usage example
if(isset($_GET['help'])) {
  die('Include following code into every page you would like to protect, at the very beginning (first line):<br>&lt;?php include("' . str_replace('\\','\\\\',__FILE__) . '"); ?&gt;');
}
 
// timeout in seconds
$timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60);
 
// logout?
if(isset($_GET['logout'])) {
  setcookie("verify", '', $timeout, '/'); // clear password;
  header('Location: ' . LOGOUT_URL);
  exit();
}
 
if(!function_exists('showLoginPasswordProtect')) {
 
// show login form
function showLoginPasswordProtect($error_msg) {
?>
<html>
<head>
  <title>Please enter password to access this page</title>
  <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
  <META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
</head>
<body>
  <style>
    input { border: 1px solid black; }
  </style>
  <div style="width:500px; margin-left:auto; margin-right:auto; text-align:center">
  <form method="post">
    <h3>Please enter password to access this page</h3>
    <font color="red"><?php echo $error_msg; ?></font><br />
<?php if (USE_USERNAME) echo 'Login:<br /><input type="input" name="access_login" /><br />Password:<br />'; ?>
    <input type="password" name="access_password" /><p></p><input type="submit" name="Submit" value="Submit" />
  </form>
  <br />
  <a style="font-size:9px; color: #B0B0B0; font-family: Verdana, Arial;" href="http://www.zubrag.com/scripts/password-protect.php" title="Download Password Protector">Powered by Password Protect</a>
  </div>
</body>
</html>
 
<?php
  // stop at this point
  die();
}
}
 
// user provided password
if (isset($_POST['access_password'])) {
 
  $login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
  $pass = $_POST['access_password'];
  if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION)
  || (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass ) ) 
  ) {
    showLoginPasswordProtect("Incorrect password.");
  }
  else {
    // set cookie if password was validated
    setcookie("verify", md5($login.'%'.$pass), $timeout, '/');
 
    // Some programs (like Form1 Bilder) check $_POST array to see if parameters passed
    // So need to clear password protector variables
    unset($_POST['access_login']);
    unset($_POST['access_password']);
    unset($_POST['Submit']);
  }
 
}
 
else {
 
  // check if password cookie is set
  if (!isset($_COOKIE['verify'])) {
    showLoginPasswordProtect("");
  }
 
  // check if cookie is good
  $found = false;
  foreach($LOGIN_INFORMATION as $key=>$val) {
    $lp = (USE_USERNAME ? $key : '') .'%'.$val;
    if ($_COOKIE['verify'] == md5($lp)) {
      $found = true;
      // prolong timeout
      if (TIMEOUT_CHECK_ACTIVITY) {
        setcookie("verify", md5($lp), $timeout, '/');
      }
      break;
    }
  }
  if (!$found) {
    showLoginPasswordProtect("");
  }
 
}
 
?>

Code works fine, I entered credentials but then I get error from limesurvey "400:Error The CSRF can't be verified". and when I reloaded the page with this error only then I see the content in page.

How can I fix that?

Thanks.
Last edit: 1 month 3 weeks ago by Andrewsss.

Please Log in to join the conversation.

LimeSurvey Partners
More
1 month 3 weeks ago - 1 month 3 weeks ago #196211 by bismark
Replied by bismark on topic Home page password protect
that doesnt make sense to me. What homepage do you want to protect?
Limesurveys backend is password protected.

Where you want to include this script?
All you need to do is to replace the opening form tag with
<?php echo CHtml::beginForm(); ?>



and the closing form tag with
<?php echo CHtml::endForm(); ?>



then require your script in index.php before $app->run();
Last edit: 1 month 3 weeks ago by bismark.
The following user(s) said Thank You: Andrewsss

Please Log in to join the conversation.

More
1 month 3 weeks ago #196225 by Andrewsss
I want protect front end home page with survey list.

Please Log in to join the conversation.

More
1 month 3 weeks ago #196229 by Joffm
Replied by Joffm on topic Home page password protect
Why not use the .htaccess and .htpasswd?

Joffm


Volunteers are not paid.
Not because they are worthless, but because they are priceless
The following user(s) said Thank You: Andrewsss

Please Log in to join the conversation.

More
1 month 3 weeks ago #196239 by gabrieljenik
On config settings, there is a place where you can setup path for insecure posts.

Solutions, code and workarounds presented in these forums are given without any warranty, implied or otherwise.

Checkout our Reporting Solutions and our plugin shop at www.encuesta.biz .

The following user(s) said Thank You: Andrewsss

Please Log in to join the conversation.

More
1 month 3 weeks ago #196251 by Andrewsss
I try .htaccess and .htpasswd but when I try to log in I get "Internal Server Error"

Please Log in to join the conversation.

More
1 month 3 weeks ago - 1 month 3 weeks ago #196252 by Andrewsss
Maybe you can tell me more, I can't find...
The best option it was when simple user (not administrator) try to open home page with survey list he must enter hes surveys token and if token valid only then he can see survey list.
Last edit: 1 month 3 weeks ago by Andrewsss.

Please Log in to join the conversation.

Start now!

Just create your account and start using Limesurvey today.

Register now