How to create a simple password form / script with redirection? (a tiny bit of security needed also)
HTML form with method post and href to 'auth.php';
<form action="/auth.php" method="POST"><input type="text" name="password"><input type="submit" value="Submit"></form>
source of auth.php:
<?php
if(!empty($_POST['password'])) {
if(md5('blah@#$'.sha1('3NhNj8&'.$_POST['password']) ) =='MD5 value of your password' ) {
header("Location: http://www.nextpage.com"); /* Redirect here if the password is correct */
}
else {
header("Location: http://www.pagewheretheformis.com"); /* Return here if the password ain't correct */
}
}
else {
header("Location: http://www.pagewheretheformis.com"); /* Return here if the field is empty */
}
?>
So you just need to run one time:
<?php echo md5('blah@#$'.sha1('3NhNj8&'."yourpassword")); ?>
and insert it into code above :)
Juuso Palander
Updated on June 14, 2022Comments
-
Juuso Palander almost 2 years
I'd like to create a simple password form or script that redirects the visitor to another page after the correct password has been entered.
The only security requirement is some sort of password scrambling / hashing (if the password is visible in source code).
The password ain't protecting anything valuable but it would be used in a web-based competition, and that's why it's important to minimize the obvious cheating options :)
I cannot code much myself (beyond HTML/CSS) so any help is greatly appreciated. I think this kind of script would be useful for other coding newbies also.
If you have any further questions, fire away!
-
sarnold over 12 yearsDoes it need to be a script? Apache's authentication and authorization support is already written and debugged.
-
Juuso Palander over 12 years@sarnold, any working solution is ok. I've no idea how to use Apache auth
-
-
Juuso Palander over 12 yearsThanks for the fast answer pomaxa! How do I run that md5 thingy?
-
jedwards over 12 yearsIn case you're confused about the first line, something like:
<form action="auth.php" method="POST"><input type="text" name="password"><input type="submit" value="Log In"></form>
should work. -
jedwards over 12 years@Juuso, you can just put
echo md5('blah@#$'.sha1('3NhNj8&'."yourpassword")
in some .php file, replace "yourpassword" with your password (quoted), and load the file in your webbrowser. It'll display some gibberish like t5av093sz -- copy that and then insert that into your auth.php where it says 'YOU NEED TO CHANGE IT' -
Juuso Palander over 12 years@jedwards, ok now I get it. Thanks for the translation! I'll report back to you guys when I've tested it.
-
Juuso Palander over 12 years@jedwards, I created a .php file that had that "echo..." wrapped in <?php ... ?> tags but it doesn't show anything in a browser (tried FF and Chrome) What I'm doing wrong now? :)
-
jedwards over 12 years@juuso -- its not your browser so don't worry about that. Both the answer and my comment missed the second closing parens. Try:
<?php echo md5('blah@#$'.sha1('3NhNj8&'."yourpassword")); ?>
-
Juuso Palander over 12 years@jedwards, still the same result unfortunately. Can you get it work on your computer?
-
Juuso Palander over 12 yearsMy bad, the browser didn't work but it seems that the codepad.org can run it smoothly :)
-
jedwards over 12 yearsI can (the output is:
32b61427cbbf26a8584a89b33f637e11
when the pw is "yourpassword") -- do any errors appear? if you put anecho "[";
before the md5 line and anecho "]";
after, do you see the square brackets? both? -
Juuso Palander over 12 yearsSo now I've got the md5 value placed in that .php file that @pomaxa posted, and the form placed and configured at a page. When I try to enter the password, it returns this error: "HTTP Error 500 (Internal Server Error): An unexpected condition was encountered while the server was attempting to fulfill the request."
-
pomaxa over 12 yearswhat action url do you type in html form?
-
pomaxa over 12 yearsif there is your auth.php file. And you can update your auth.php file, with little fixes i've made in this post. just to echo errrors.
-
Juuso Palander over 12 yearsWhat kind of CHMOD rights auth.php file needs? I gave it full rights (777) and now it doesn't print any errors, but the redirect doesn't seem to work. It returns 404 with correct and incorrect passwords.
-
Juuso Palander over 12 yearsCodepad gave this kind of error for the PHP-script (if it helps): "Fatal error: Can't use function return value in write context on line 3" codepad.org/eZDcXJh0
-
pomaxa over 12 yearsif(md5('blah@#$'.sha1('3NhNj8&'.$_POST['password']) ) =='9091f8bb97d5520c45987eff9412b799' )
-
Juuso Palander over 12 yearsNow the code works, but the "Fill in your password" line returned error about unexpected T_ELSE. Thanks for your help guys :) I love StackOverflow!
-
Brock Adams over 12 years@Juuso Palander, Since this code now works for you, please mark this answer as accepted.
-
Juuso Palander over 12 years@BrockAdams, it works to this point but still misses one critical step. If the field is left empty the user goes to blank auth.php file and that's not desired action.
-
Juuso Palander over 12 yearsCould someone help me with the last issue?
-
pomaxa over 12 yearsyou could try to put in the end of file something like : header("Location: yoursite.com");
-
Juuso Palander over 12 yearsYeah solved it already, thanks! You, pomaxa, and the other contributors saved my day :)