Jump to content

Password protect switch case pages

pcw

By pcw
in PHP Coding Help

 Share

Recommended Posts

pcw Regular Member

pcw

Posted
Posted

Hi, I have the following code:

 

<?php

$cmd = $_GET['cmd'];

if($cmd=="") { $cmd = "adminlogin";}

// This creates the header for each of the installation pages


switch($cmd)
{

// This is the installation agreement page

case "adminlogin":
print <<<LOGIN

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Member Site Maker 1.0</title>
<link rel="stylesheet" href="style.css" type="text/css" />
</head>
<body>
<div id="head" align="center">
  <h1 id="siteName">Member Site Maker </h1>
  <br />
<table align="center" border="0" bgcolor="#CCCCCC">
<tr>
<td align="center"><span class=style1><b>ADMIN LOGIN</b></span></td>
</tr>
<tr>
<td>
<form action=admin.php?cmd=manage method=POST>
Password: <input type=text name=password1>
</td>
</tr>
<tr>
<td>
<input type=submit name=submit value=Submit>
</td>
</tr>
</table>
</form>

LOGIN;

break;


// Managing Users

case "manage":

include_once("header.html");

include_once("data/password.php");

$password1 = $_POST['password1'];
$password2 = base64_decode($password);

if ($password1 != $password2) {

print <<<BADLOGIN

<table width=953 border=1 align=center bgcolor=#00CCFF>
  <tr>
    <td><span class=style1><b><center>Failed Login</center></b></span></td>
  </tr>
  <tr>
    <td><span class=style2>Your passwords do not match. Please go back and correct this error</td>
</tr>
</table>

BADLOGIN;

} else {

echo <<<MANAGE

<!--end navBar2 div -->
<div id="navBar2">

<div id="sectionLinks">
  <ul>
      <li><a href="admin.php?cmd=manage&password1=$password1">Manage</a></li>
      <li><a href="admin.php?cmd=dashboard&password1=$password1">Dashboard</a></li>
      <li><a href="admin.php?cmd=approval&password1=$password1">Approval</a></li>
      <li><a href="admin.php?cmd=msgcentre&password1=$password1">Message Center</a></li>
      <li><a href="admin.php?cmd=logins&password1=$password1">Logins</a></li>
    </ul>
</div>
</div>
<!--end navBar2 div -->
<div id="content">
  <div class="story">
    <table width="100%" border="0">
      <tr>
        <td bgcolor="#99FF66"><div align="center"><span class="style3">Login</span></div></td>
        <td bgcolor="#99FF66"><div align="center"><span class="style3">Name</span></div></td>
        <td bgcolor="#99FF66"><div align="center"><span class="style3">Last Visited </span></div></td>
        <td bgcolor="#99FF66"><div align="center"><span class="style3">Registration Date </span></div></td>
        <td bgcolor="#99FF66"><div align="center"><span class="style3">Reset Password </span></div></td>
        <td bgcolor="#99FF66"><div align="center"><span class="style3">Delete</span></div></td>
      </tr>
      <tr>
        <td> </td>
        <td> </td>
        <td> </td>
        <td> </td>
        <td> </td>
        <td> </td>
      </tr>
    </table>
    <h3> </h3>
  </div>
  
</div>
<!--end content -->

MANAGE;

}
break;

case "dashboard":


break;

case "approval":


break;

 

This works fine for when viewing the admin.php, I am asked for a password and then it compares the password against the encoded password before displaying the manage page.

 

However this does not stop someone typing http://www.mysite.com/folder/admin.php?cmd=dashboard

 

If they do that, it skips the password form and password check, and they can then go ahead and do whatever in the admin.php file.

 

How can I prevent this, so that a password check is automatically done before allowing somebody to view the page? I have tried adding the code I used in the manage section, but it doesnt work again.

 

Any help will be greatly appreciated, I been trying to work it out all day and run out of ideas.

 

Many Thanks

Link to comment
Share on other sites
pcw Regular Member

pcw

Posted
  • Author
Posted

Wow, that was quick lol

 

I did try with sessions but couldnt seem to get it to work. I am a bit new to all this, and it is just a challenge I have set myself, but im having trouble.

 

It is only admin that will have access to the admin.php script and the only thing that is identifying them to the script is the password. If you could explain how I could use the session to check password authentification for each case in the script it would be very helpful.

 

Many Thanks

 

Paul

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.