Zubrag.com
January 24, 2018, 01:35:44 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
 
   Home   Help Search Login Register  
Pages: [1]
  Print  
Author Topic: Password Protect-unwanted loop  (Read 16327 times)
damonlee
Newbie
*
Posts: 4


« on: December 25, 2006, 02:56:18 PM »

Hello,

The page i'm trying to protect is a file upload page.  The user name and password works, however, once the user goes to the upload pages, chooses a file and hits "upload", the script causes the Login page to appear again.

It does this with all the links on the upload page.  Any help would be appreciated

Logged
damonlee
Newbie
*
Posts: 4


« Reply #1 on: December 25, 2006, 03:14:51 PM »

It seems the problem has to do with the page refreshing...It doesn't return me to the login page after i click choose file, just when i hit "upload"(also, the file is not uploaded).

There is also a portion of the upload page which shows the file that was uploaded.  There is an option to delete the file.  If i choose this, it then again returns to the login page.  Very frustrating...

I could just provide a direct link to password_protect, but then the upload page would be vulnerable to a direct url access...
Logged
zubrag
Administrator
Hero Member
*****
Posts: 785


WWW
« Reply #2 on: December 26, 2006, 06:18:34 AM »

Please describe in details how many php files involved in the process. Have you included protection string at the top of each file?

As I understand user opens upload.php, enters password, then clicks "upload" link. Is upload link pointing directly to file for downloaded (like 123.zip)?

Are cookies enabled in your browser? Protector will ask password on each page if cookies are disabled.

Alternatively you could provide us with url and login/password, so we could look at it.
Logged
damonlee
Newbie
*
Posts: 4


« Reply #3 on: December 26, 2006, 05:40:38 PM »

Ok,

There is only on php involved: fileUpload2.php.  It refreshes upon file upload to show which file has been uploaded (a feature I want to keep)

I wanted to keep the page intact and not split up the code across multiple pages.  I've tried wrapping the upload part of the code in a function..but i'm not a seasoned php programmer so i had problems.

It seems my challenge is get the trigger scirpt <?/...../pasword_protect.php?> to only execute upon the inital entry of the upload page.

here is the url:
http://www.digitalsun.us/uploadScript/fileUpload2.php
user:jane
pass:root

I would also like to keep the url from showing up in the address box.

I Appreciate your help.. Cool

Logged
zubrag
Administrator
Hero Member
*****
Posts: 785


WWW
« Reply #4 on: December 27, 2006, 04:48:33 AM »

Seems like there are some characters before the protection string in the fileUpload2.php.
Protection string must be the first line in the file, and no spaces/tabs/line breaks, or any other characters allowed before it.

So fileUpload2.php must start with <?php include("/usr/local/psa/home/vhosts/digitalsun.us/httpdocs/uploadScript/password_protect.php"); ?>
and than your code. If that does not help please email me your fileUpload2.php to look at this issue.

Also it should only request password once. When password is entered first time, script saves it in cookies and does not request password further.

Sample password protection.
Logged
damonlee
Newbie
*
Posts: 4


« Reply #5 on: December 27, 2006, 06:02:51 PM »

That worked! Thank you!

Now i'm going to convert the login screen so the user can login directly from the flash site itself.

I understand your provding a script of your own freetime and will, so again, I appreciate your help.
Logged
Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC