Zubrag.com
December 14, 2018, 06:53:19 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
 
   Home   Help Search Login Register  
Pages: [1]
  Print  
Author Topic: redirecting from one protected page to another  (Read 9598 times)
ilke
Newbie
*
Posts: 12


« on: August 02, 2007, 06:25:26 AM »

I've been using Password Protect for several sites now and it works great -- Thanks! But now I would like to do something and I can't work out how to. The situation is this:

A number of Editors are allowed to upload files, but only to their own folders. I have written an upload page for each one of them, which uploads their files to the appropriate directory (e.g. uploadcalendar.php uploads files to /includes/calendar while uploadmerchandise.php uploads files to includes/merchandise). However, to protect these pages so that only the Calendar Editor can get to uploadcalendar.php and only the Merchandise Editor can get to uploadmerchandise.php I would have to write a separate login page (and therefore password_protect.php file) for each one of them, wouldn't I? However, I would like to have one general login page for all editors.

So what I would like is the following:

Have a page (uploadlogin.php) which is protected by a password_protect.php file, with the passwords and usernames of all the editors -- this then redirects each editor to his or her own upload page. Each of these  should have a shortened version of the protection script, as all it would need to do is check whether the username/password that this person logged in with are the right one for this particular page. Using the same password_protect.php file wouldn't work, as it would let any of the editors. What I want to prevent is that an editor logs in to the general page, then manually types the URL of another editor's upload page in the address bar.

Sorry if this sounds a bit messy, do say if anything isn't clear  Undecided

Hope someone can help....

Logged
zubrag
Administrator
Hero Member
*****
Posts: 788


WWW
« Reply #1 on: August 02, 2007, 09:29:47 AM »

It can be accomplished like this.

1. copy password_protect.php to ppmerchandise.php. Update it with passwords allowed for merchandise users only.
Protect uploadmerchandise.php using ppmerchandise.php (i.e. include path to ppmerchandise.php)
Lets say users list will be user1,user2.

2. copy password_protect.php to ppcalendar.php. Update it with passwords allowed for calendar users only.
Protect uploadcalendar.php using ppcalendar.php (i.e. include path to ppcalendar.php)
Lets say users list will be user3,user4.

3. copy password_protect.php to uploadlogin.php. Update it with passwords allowed for calendar and merchandise users.
Users list will be user1,user2,user3,user4.   Include redirection code for each user in order to redirect to corresponding upload page after login. Add following:

$REDIRECTS = array(
  'user1' => 'url/to/uploadmerchandise.php',
  'user2' => 'url/to/uploadmerchandise.php,
  'user3' => 'url/to/uploadcalendar.php',
  'user4' => 'url/to/uploadcalendar.php'
);

Than add following at the very bottom of the script, just before the ?> line
header('Location: http://www.example.com/'.$REDIRECTS[$login]); exit;
 

Now users can use uploadlogin.php to login. It will set cookie indicating user is logged in, and will redirect to user's upload page. uploadmerchandise.php and uploadcalendar.php will not ask password once again if they find login cookie.
Logged
ilke
Newbie
*
Posts: 12


« Reply #2 on: August 02, 2007, 10:13:44 AM »

Thank you so much -- that is exactly what I was looking for! I'll try it immediately.
Logged
ilke
Newbie
*
Posts: 12


« Reply #3 on: August 02, 2007, 10:29:41 AM »

Oh -- one question about your reply, and one I forgot to ask in the first place  Embarrassed

In your reply there seem to be three protected pages (uploadcalendar.php, uploadmerchandise.php, and uploadlogin.php) with different settings, but only two password-protect files (ppmerchandise.php and ppcalendar.php) -- I'm not sure I understand "copy password_protect.php to uploadlogin.php" : do you mean copy the <?php include etc ?> line to it? In that case, shouldn't there be a Password-protect file to protect this one, e.g. pplogin.php?

For the moment I'll assume that there is a pplogin.php protecting loginupload.php. Now my other question is:
the line used for redirecting gives an absolute path, i.e. http://www.mysite.co.uk/ and then the bit put in per user. Is it possible to use relative paths here, and if so, relative to what?

That is to say, suppose loginupload.php is in the main directory (i.e. its URL is http://www.mysite.co.uk/loginupload.php),the file protecting it pplogin.php is in a separate folder (i.e. its URL is http://www.mysite.co.uk/ppfiles/pplogin.php), and the files to which users are redirected are in another folder (i.e. their URLs are http://www.mysite.co.uk/upload/uploadmerchandise.php and http://www.mysite.co.uk/upload/uploadcalendar.php)

Do I calculate from pplogin.php and make the last line of pplogin.php read:
header('Location: ../upload/'.$REDIRECTS[$login]); exit
that is, up one directory, then down into another
or do I calculate from loginupload.php:
header('Location: ../upload/'.$REDIRECTS[$login]); exit;
that is, down one directory

or is it impossible altogether...?
Logged
zubrag
Administrator
Hero Member
*****
Posts: 788


WWW
« Reply #4 on: August 02, 2007, 11:23:01 AM »

Unfortunately redirects are only working with absolute paths. To minimize - put everything that repeats in the header, everything else - per user.

$REDIRECTS = array(
  'user1' => 'uploadmerchandise.php',
  'user2' => 'uploadmerchandise.php,
  'user3' => 'uploadcalendar.php',
  'user4' => 'uploadcalendar.php'
);

...

header('Location: http://www.mysite.co.uk/upload/'.$REDIRECTS[$login]); exit;

your reply there seem to be three protected pages
- ppmerchandise.php will protect uploadmerchandise.php
- ppcalendar.php will protect uploadcalendar.php
- uploadlogin.php just for login and redirect (entry point for all). If copied from password_protect.php - it will show login form. Updated with $REDIRECTS it will redirect after login.

Process: all users login using uploadlogin.php, and than get redirected to their page (uploadmerchandise.php, uploadcalendar.php).
Logged
allanklar
Newbie
*
Posts: 2


« Reply #5 on: August 14, 2007, 08:22:53 AM »

I tried this and it is giving me an error in this area? I am not a programmer by any means so please forgive me if this is a really ignorant question.


(error)
Warning: in_array(): Wrong datatype for second argument in E:\inetpub\vhosts\satelnorthamerica.com\httpdocs\site\secure\index.php on line 231


line 231:  if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION)
line 232:  || (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass ) )

Logged
zubrag
Administrator
Hero Member
*****
Posts: 788


WWW
« Reply #6 on: August 14, 2007, 10:28:31 AM »

I think something is wrong with $LOGIN_INFORMATION array (username / password list). You have to include "array()" even if you specify only one password. For example: $LOGIN_INFORMATION = array ("my-password");

Please send me $LOGIN_INFORMATION array via private message to look what is wrong.
Logged
allanklar
Newbie
*
Posts: 2


« Reply #7 on: September 05, 2007, 02:48:02 PM »

Zubrag! your Rock! thanks so much everything is working great now!
Logged
Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC