How to create a simple password form / script with redirection? (a tiny bit of security needed also)

php html forms passwords

12,841

HTML form with method post and href to 'auth.php';

<form action="/auth.php" method="POST"><input type="text" name="password"><input type="submit" value="Submit"></form>

source of auth.php:

<?php
if(!empty($_POST['password'])) { 
    if(md5('blah@#$'.sha1('3NhNj8&'.$_POST['password']) ) =='MD5 value of your password' ) {
    header("Location: http://www.nextpage.com"); /* Redirect here if the password is correct */
    }
    else {
        header("Location: http://www.pagewheretheformis.com"); /* Return here if the password ain't correct */
    }   
}
else {
    header("Location: http://www.pagewheretheformis.com"); /* Return here if the field is empty */
}
?>

So you just need to run one time:

<?php echo md5('blah@#$'.sha1('3NhNj8&'."yourpassword")); ?>

and insert it into code above :)

12,841

Author by

Juuso Palander

Updated on June 14, 2022

Comments

Juuso Palander almost 2 years

I'd like to create a simple password form or script that redirects the visitor to another page after the correct password has been entered.

The only security requirement is some sort of password scrambling / hashing (if the password is visible in source code).

The password ain't protecting anything valuable but it would be used in a web-based competition, and that's why it's important to minimize the obvious cheating options :)

I cannot code much myself (beyond HTML/CSS) so any help is greatly appreciated. I think this kind of script would be useful for other coding newbies also.

If you have any further questions, fire away!
- sarnold over 12 years
  
  Does it need to be a script? Apache's authentication and authorization support is already written and debugged.
- Juuso Palander over 12 years
  
  @sarnold, any working solution is ok. I've no idea how to use Apache auth
Juuso Palander over 12 years

Thanks for the fast answer pomaxa! How do I run that md5 thingy?
jedwards over 12 years

In case you're confused about the first line, something like: <form action="auth.php" method="POST"><input type="text" name="password"><input type="submit" value="Log In"></form> should work.
jedwards over 12 years

@Juuso, you can just put echo md5('blah@#$'.sha1('3NhNj8&'."yourpassword") in some .php file, replace "yourpassword" with your password (quoted), and load the file in your webbrowser. It'll display some gibberish like t5av093sz -- copy that and then insert that into your auth.php where it says 'YOU NEED TO CHANGE IT'
Juuso Palander over 12 years

@jedwards, ok now I get it. Thanks for the translation! I'll report back to you guys when I've tested it.
Juuso Palander over 12 years

@jedwards, I created a .php file that had that "echo..." wrapped in <?php ... ?> tags but it doesn't show anything in a browser (tried FF and Chrome) What I'm doing wrong now? :)
jedwards over 12 years

@juuso -- its not your browser so don't worry about that. Both the answer and my comment missed the second closing parens. Try: <?php echo md5('blah@#$'.sha1('3NhNj8&'."yourpassword")); ?>
Juuso Palander over 12 years

@jedwards, still the same result unfortunately. Can you get it work on your computer?
Juuso Palander over 12 years

My bad, the browser didn't work but it seems that the codepad.org can run it smoothly :)
jedwards over 12 years

I can (the output is: 32b61427cbbf26a8584a89b33f637e11 when the pw is "yourpassword") -- do any errors appear? if you put an echo "["; before the md5 line and an echo "]"; after, do you see the square brackets? both?
Juuso Palander over 12 years

So now I've got the md5 value placed in that .php file that @pomaxa posted, and the form placed and configured at a page. When I try to enter the password, it returns this error: "HTTP Error 500 (Internal Server Error): An unexpected condition was encountered while the server was attempting to fulfill the request."
pomaxa over 12 years

what action url do you type in html form?
pomaxa over 12 years

if there is your auth.php file. And you can update your auth.php file, with little fixes i've made in this post. just to echo errrors.
Juuso Palander over 12 years

What kind of CHMOD rights auth.php file needs? I gave it full rights (777) and now it doesn't print any errors, but the redirect doesn't seem to work. It returns 404 with correct and incorrect passwords.
Juuso Palander over 12 years

Codepad gave this kind of error for the PHP-script (if it helps): "Fatal error: Can't use function return value in write context on line 3" codepad.org/eZDcXJh0
pomaxa over 12 years

if(md5('blah@#$'.sha1('3NhNj8&'.$_POST['password']) ) =='9091f8bb97d5520c45987eff9412b799' )
Juuso Palander over 12 years

Now the code works, but the "Fill in your password" line returned error about unexpected T_ELSE. Thanks for your help guys :) I love StackOverflow!
Brock Adams over 12 years

@Juuso Palander, Since this code now works for you, please mark this answer as accepted.
Juuso Palander over 12 years

@BrockAdams, it works to this point but still misses one critical step. If the field is left empty the user goes to blank auth.php file and that's not desired action.
Juuso Palander over 12 years

Could someone help me with the last issue?
pomaxa over 12 years

you could try to put in the end of file something like : header("Location: yoursite.com");
Juuso Palander over 12 years

Yeah solved it already, thanks! You, pomaxa, and the other contributors saved my day :)