invitezone
12-31-2012, 05:40 PM
This is not a VB question exactly its a php question, but im using it in a weird way on my forum, so im hoping someone will help me out :)
First let me explain what im trying to do.
I want to hide my forum so it looks like there is no forum. The way I want to do this is to make a fake shopping site, with a search box. The search box will be fully functioning, but if the secret passwphrase is entered into the search box, the user will be redirected to the forum and a cookie set so that they don't see the fake shop instead.
The way I am thinking to do this is to use a simple password script to replace the shops search function.
this is the login script I am thinking of using
sas.php
<?php
/* Config Section */
$pass = 'demo'; // Set the password.
$cookiename = 'sascookie'; // Optional change: Give the cookie a name. Default is sascookie
$expirytime = time()+3600; // Optional change: Set an expiry time for the password (in seconds). Default is 1 hour.
$msg = 'Password incorrect.'; // Optional change: Error message displayed when password is incorrect. Default is "Password incorrect".
/* End Config */
/* Logout Stuff - Sept 5, 2005 */
if (isset($_REQUEST['logout'])) {
setcookie($cookiename,'',time() - 3600); // remove cookie/password
if (substr($_SERVER['REQUEST_URI'],-12)=='?logout=true') { // if there is '?logout=true' in the URL
$url=str_replace('?logout=true','',$_SERVER['REQUEST_URI']); // remove the string '?logout=true' from the URL
header('Location: '.$url); // redirect the browser to original URL
}
show_login_page('');
exit();
}
$logout_button='<form action="'.$_SERVER['REQUEST_URI'].'" method="post"><input type="submit" name="logout" value="Logout" /></form>';
$logout_text='<a href="'.$_SERVER['REQUEST_URI'].'?logout=true">Logout</a>';
/* End Logout Stuff */
/* FUNCTIONS */
$encrypt_pass=md5($pass); // encrypt password
function setmycookie() {
global $cookiename,$encrypt_pass,$expirytime;
setcookie($cookiename,$encrypt_pass,$expirytime);
}
function show_login_page($msg) {
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Authorization Required</title>
<style type="text/css">
<!--
.error {color:#A80000}
body {font:90% Verdana, Arial, sans-serif;color:#404040}
#wrapper {width:800px;margin:0 auto;border:1px solid #606060}
#main {text-align:center;padding:15px}
#header {font:bold 130% Verdana, Arial, sans-serif;color:#DDDDDD;width:100%;height:5em;text-align:center;background:#A80000;line-height:5em}
#mid {margin:5em 0 5em 0}
#footer {font-size:75%;text-align:center;width:100%}
input {border:1px solid #606060; background: #DDDDDD}
-->
</style>
</head>
<body>
<div id="wrapper">
<div id="header">Authorization Required</div>
<div id="main">
<div id="mid">
<p>Please enter the password below <em>Use "demo" to login. Use a wrong password to see the error message</em>.</p>
<p>Once logged in, you won't need to re-enter the password for one hour, the expiry time can be customized to your liking by altering the variable $expirytime in the Config Section of sas.php.</p>
<p>You will need to enable cookies for SAS to work as expected.</p>
<form action="" method="POST">
Password: <input type="password" name="password" size="20">
<input type="submit" value="Login">
<input type="hidden" name="sub" value="sub">
</form>
<div class=error><?=$msg?></div>
</div>
</div>
</div>
<div id="footer">Authentication by <a href="http://www.zann-marketing.com/sas/">Simple Authorization Script</a> Copyright © 2005.</div>
</body>
</html>
<? }
/* END FUNCTIONS */
$errormsg='';
if (isset($_POST['sub'])) { // if form has been submitted
$submitted_pass=md5($_POST['password']); // encrypt submitted password
if ($submitted_pass<>$encrypt_pass) { // if password is incorrect
$errormsg=$msg;
show_login_page($errormsg);
exit();
} else { // if password is correct
setmycookie();
}
} else {
if (isset($_COOKIE[$cookiename])) { // if cookie isset
if ($_COOKIE[$cookiename]==$encrypt_pass) { // if cookie is correct
// do nothing
} else { // if cookie is incorrect
show_login_page($errormsg);
exit();
}
} else { // if cookie is not set
show_login_page($errormsg);
exit();
}
}
?>
This script also comes with a demo page incase anyone wishes to run this to see it working, which is as follows.
demo.php
<? require('sas.php'); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Authorization Successful</title>
<style type="text/css">
<!--
.error {color:#A80000}
body {font:90% Verdana, Arial, sans-serif;color:#404040}
#wrapper {width:800px;margin:0 auto;border:1px solid #606060}
#main {text-align:left;padding:15px}
#header {font:bold 130% Verdana, Arial, sans-serif;color:#DDDDDD;width:100%;height:5em;text-align:center;background:#A80000;line-height:5em}
#footer {font-size:75%;text-align:center;width:100%}
input {border:1px solid #606060; background: #DDDDDD}
p {line-height:130%}
-->
</style>
</head>
<body>
<div id="wrapper">
<div id="header">Authorization Successful</div>
<div id="main">
<p>
If you can see this page, then you have successfully entered in the correct password for the Simple Autorization Script demo. We hope this example of the use of SAS meets your expectations.
</p>
<p>
You will be able to access this page without entering in the password for the next hour. After which, you will be required to enter the password again.
</p>
<p>
<strong>** New ** Optional logout feature.</strong> The logout button is an optional feature which you may like to include in your installation of SAS. To see the logout feature at work, please click on the logout button below. The logout button will expire the password (and cookie) and the login page should show up.
</p>
<p>Logout Button:</p> <?=$logout_button?>
<p>Logout Text:</p> <?=$logout_text?>
<p>
For installation instructions, see the <strong>readme.txt</strong> file located in the Simple Authorization Script folder, or view the <a href="http://www.zann-marketing.com/sas/installation.php">online version here</a>.
</p>
<p>
If you found Simple Authorization Script useful, please make a small donation through PayPal.
</p>
<div style="text-align:center">
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_s-xclick" />
<input type="image" src="https://www.paypal.com/en_US/i/btn/x-click-but04.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!" />
<input type="hidden" name="encrypted" value="-----BEGIN PKCS7-----MIIHPwYJKoZIhvcNAQcEoIIHMDCCBywCAQExggEwMIIBLAIBAD CBlDCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYD VQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW 5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2 ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20CAQ AwDQYJKoZIhvcNAQEBBQAEgYAOD1uTKjRp2+r51aImKlBZ6kz1 BmprsfzYboHSEwHurMRQCPq1T3YoztKpUL3Axrb26blKhYMfHW Nsg9NPgmjd+NI38ZhzgPnTO8Le325iyZmg5uNZ17G+333JQcOr P0qDSPdNxIyTFlN00R0OGovB06S0t5rnbZj19WHDrrTb+DELMA kGBSsOAwIaBQAwgbwGCSqGSIb3DQEHATAUBggqhkiG9w0DBwQI ZL04RLFI+WiAgZh6TEP+w4+L8xsuYcvxNWaISWMGNB1u5o6D0c dHt67atrgfdzdEc9AS1XsSOUwcdC+AWL6j21e+O2eJYtqSYwTg w5JvcfZ5gIKE+bt2YQAOCFSftCiQxKjs+wUUoE3DoFdhmWeFhO WpnAnTiNjNICqCBy3ZiJct5fcKxDs/kYnbCE4URaKC5zUo1MM5Zph/pDhTspQssPunPaCCA4cwggODMIIC7KADAgECAgEAMA0GCSqGSI b3DQEBBQUAMIGOMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0Ex FjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC1BheV BhbCBJbmMuMRMwEQYDVQQLFApsaXZlX2NlcnRzMREwDwYDVQQD FAhsaXZlX2FwaTEcMBoGCSqGSIb3DQEJARYNcmVAcGF5cGFsLm NvbTAeFw0wNDAyMTMxMDEzMTVaFw0zNTAyMTMxMDEzMTVaMIGO MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU 1vdW50YWluIFZpZXcxFDASBgNVBAoTC1BheVBhbCBJbmMuMRMw EQYDVQQLFApsaXZlX2NlcnRzMREwDwYDVQQDFAhsaXZlX2FwaT EcMBoGCSqGSIb3DQEJARYNcmVAcGF5cGFsLmNvbTCBnzANBgkq hkiG9w0BAQEFAAOBjQAwgYkCgYEAwUdO3fxEzEtcnI7ZKZL412 XvZPugoni7i7D7prCe0AtaHTc97CYgm7NsAtJyxNLixmhLV8py IEaiHXWAh8fPKW+R017+EmXrr9EaquPmsVvTywAAE1PMNOKqo2 kl4Gxiz9zZqIajOm1fZGWcGS0f5JQ2kBqNbvbg2/Za+GJ/qwUCAwEAAaOB7jCB6zAdBgNVHQ4EFgQUlp98u8ZvF71ZP1LXCh vsENZklGswgbsGA1UdIwSBszCBsIAUlp98u8ZvF71ZP1LXChvs ENZklGuhgZSkgZEwgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEw JDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChML UGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBg NVBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlw YWwuY29tggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQ ADgYEAgV86VpqAWuXvX6Oro4qJ1tYVIT5DgWpE692Ag422H7yR Ir/9j/iKG4Thia/Oflx4TdL+IFJBAyPK9v6zZNZtBgPBynXb048hsP16l2vi0k5Q2 JKiPDsEfBhGI+HnxLXEaUWAcVfCsQFvd2A1sxRr67ip5y2wwBe lUecP3AjJ+YcxggGaMIIBlgIBATCBlDCBjjELMAkGA1UEBhMCV VMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV 3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2Z V9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0 BCQEWDXJlQHBheXBhbC5jb20CAQAwCQYFKw4DAhoFAKBdMBgGC SqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8 XDTA1MDYxNTEwMTYwOFowIwYJKoZIhvcNAQkEMRYEFHhlmkIf0/x2XFyjUH0x4rgfTmDWMA0GCSqGSIb3DQEBAQUABIGAu7m74eh3 WzSL7E9xPENb9ZVQkCUMHOCG6gjx+8Mfvcwbd9MXzkZKLIlDWY HkE/jDeJvCx+DiObS+lbddhzFkE9gOMrO7Y40eijhHSQjATGP845ZR x05d8kk18wtqVDKYMJ7/HGd3A+a7TfGXUIYbKTQ0BL2iCx7DucnnC4LCjto=-----END PKCS7-----" />
</form>
</div>
<p>
Support SAS by linking to us. You can use this information:
</p>
<textarea rows="2" cols="75"><a href="http://www.zann-marketing.com/sas/">Simple Authorization Script</a><br>A simple php script which password protects web pages without a database.</textarea>
</div>
</div>
<div id="footer">Authentication by <a href="http://www.zann-marketing.com/sas/">Simple Authorization Script</a> Copyright © 2005.</div>
</body>
</html>
Now what I am trying to do is replace what happens when an incorrect password is entered into the script. So within sas.php we have the following code...
if ($submitted_pass<>$encrypt_pass) { // if password is incorrect
$errormsg=$msg;
show_login_page($errormsg);
exit();
I am hoping to modify this to use the header redirect() function
something like...
header("Location: http://FakeShopPage.com/search?=$submitted_pass");
This way if someone who didn't know about the forum tried to used the fake shop search function they would enter a search string into the search/password field, hit submit, and the script would see the password was incorrect and pass the submitted password variable into the search string, which would fool the user into thinking they have just searched for something and be none the wiser.
Another issue is that the password encryption in the script uses md5 hash. Being as old as it is now I would like to use something else. I have read that pbkdf2 is a good thing to use. is it possible to use that in this script?
I can use any other login script that you may be able to suggest, I am open to ideas. I want to have only 1 password for all users for this and be able to pass the submitted_pass variable into the search function. My main issue is Iobviously cant have a username involved, so this is the only script I could find.
I am not a coder, I am just trying to piece together info I have found. I did something very similar to this in the past, but cant remember how I did it, and now can't seem to get it to work. I know I am asking for a lot of help here, so I am greatful to anyone who can help me out.
Thanks everyone, reallyt appreciate it :)
First let me explain what im trying to do.
I want to hide my forum so it looks like there is no forum. The way I want to do this is to make a fake shopping site, with a search box. The search box will be fully functioning, but if the secret passwphrase is entered into the search box, the user will be redirected to the forum and a cookie set so that they don't see the fake shop instead.
The way I am thinking to do this is to use a simple password script to replace the shops search function.
this is the login script I am thinking of using
sas.php
<?php
/* Config Section */
$pass = 'demo'; // Set the password.
$cookiename = 'sascookie'; // Optional change: Give the cookie a name. Default is sascookie
$expirytime = time()+3600; // Optional change: Set an expiry time for the password (in seconds). Default is 1 hour.
$msg = 'Password incorrect.'; // Optional change: Error message displayed when password is incorrect. Default is "Password incorrect".
/* End Config */
/* Logout Stuff - Sept 5, 2005 */
if (isset($_REQUEST['logout'])) {
setcookie($cookiename,'',time() - 3600); // remove cookie/password
if (substr($_SERVER['REQUEST_URI'],-12)=='?logout=true') { // if there is '?logout=true' in the URL
$url=str_replace('?logout=true','',$_SERVER['REQUEST_URI']); // remove the string '?logout=true' from the URL
header('Location: '.$url); // redirect the browser to original URL
}
show_login_page('');
exit();
}
$logout_button='<form action="'.$_SERVER['REQUEST_URI'].'" method="post"><input type="submit" name="logout" value="Logout" /></form>';
$logout_text='<a href="'.$_SERVER['REQUEST_URI'].'?logout=true">Logout</a>';
/* End Logout Stuff */
/* FUNCTIONS */
$encrypt_pass=md5($pass); // encrypt password
function setmycookie() {
global $cookiename,$encrypt_pass,$expirytime;
setcookie($cookiename,$encrypt_pass,$expirytime);
}
function show_login_page($msg) {
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Authorization Required</title>
<style type="text/css">
<!--
.error {color:#A80000}
body {font:90% Verdana, Arial, sans-serif;color:#404040}
#wrapper {width:800px;margin:0 auto;border:1px solid #606060}
#main {text-align:center;padding:15px}
#header {font:bold 130% Verdana, Arial, sans-serif;color:#DDDDDD;width:100%;height:5em;text-align:center;background:#A80000;line-height:5em}
#mid {margin:5em 0 5em 0}
#footer {font-size:75%;text-align:center;width:100%}
input {border:1px solid #606060; background: #DDDDDD}
-->
</style>
</head>
<body>
<div id="wrapper">
<div id="header">Authorization Required</div>
<div id="main">
<div id="mid">
<p>Please enter the password below <em>Use "demo" to login. Use a wrong password to see the error message</em>.</p>
<p>Once logged in, you won't need to re-enter the password for one hour, the expiry time can be customized to your liking by altering the variable $expirytime in the Config Section of sas.php.</p>
<p>You will need to enable cookies for SAS to work as expected.</p>
<form action="" method="POST">
Password: <input type="password" name="password" size="20">
<input type="submit" value="Login">
<input type="hidden" name="sub" value="sub">
</form>
<div class=error><?=$msg?></div>
</div>
</div>
</div>
<div id="footer">Authentication by <a href="http://www.zann-marketing.com/sas/">Simple Authorization Script</a> Copyright © 2005.</div>
</body>
</html>
<? }
/* END FUNCTIONS */
$errormsg='';
if (isset($_POST['sub'])) { // if form has been submitted
$submitted_pass=md5($_POST['password']); // encrypt submitted password
if ($submitted_pass<>$encrypt_pass) { // if password is incorrect
$errormsg=$msg;
show_login_page($errormsg);
exit();
} else { // if password is correct
setmycookie();
}
} else {
if (isset($_COOKIE[$cookiename])) { // if cookie isset
if ($_COOKIE[$cookiename]==$encrypt_pass) { // if cookie is correct
// do nothing
} else { // if cookie is incorrect
show_login_page($errormsg);
exit();
}
} else { // if cookie is not set
show_login_page($errormsg);
exit();
}
}
?>
This script also comes with a demo page incase anyone wishes to run this to see it working, which is as follows.
demo.php
<? require('sas.php'); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Authorization Successful</title>
<style type="text/css">
<!--
.error {color:#A80000}
body {font:90% Verdana, Arial, sans-serif;color:#404040}
#wrapper {width:800px;margin:0 auto;border:1px solid #606060}
#main {text-align:left;padding:15px}
#header {font:bold 130% Verdana, Arial, sans-serif;color:#DDDDDD;width:100%;height:5em;text-align:center;background:#A80000;line-height:5em}
#footer {font-size:75%;text-align:center;width:100%}
input {border:1px solid #606060; background: #DDDDDD}
p {line-height:130%}
-->
</style>
</head>
<body>
<div id="wrapper">
<div id="header">Authorization Successful</div>
<div id="main">
<p>
If you can see this page, then you have successfully entered in the correct password for the Simple Autorization Script demo. We hope this example of the use of SAS meets your expectations.
</p>
<p>
You will be able to access this page without entering in the password for the next hour. After which, you will be required to enter the password again.
</p>
<p>
<strong>** New ** Optional logout feature.</strong> The logout button is an optional feature which you may like to include in your installation of SAS. To see the logout feature at work, please click on the logout button below. The logout button will expire the password (and cookie) and the login page should show up.
</p>
<p>Logout Button:</p> <?=$logout_button?>
<p>Logout Text:</p> <?=$logout_text?>
<p>
For installation instructions, see the <strong>readme.txt</strong> file located in the Simple Authorization Script folder, or view the <a href="http://www.zann-marketing.com/sas/installation.php">online version here</a>.
</p>
<p>
If you found Simple Authorization Script useful, please make a small donation through PayPal.
</p>
<div style="text-align:center">
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_s-xclick" />
<input type="image" src="https://www.paypal.com/en_US/i/btn/x-click-but04.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!" />
<input type="hidden" name="encrypted" value="-----BEGIN PKCS7-----MIIHPwYJKoZIhvcNAQcEoIIHMDCCBywCAQExggEwMIIBLAIBAD CBlDCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYD VQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW 5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2 ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20CAQ AwDQYJKoZIhvcNAQEBBQAEgYAOD1uTKjRp2+r51aImKlBZ6kz1 BmprsfzYboHSEwHurMRQCPq1T3YoztKpUL3Axrb26blKhYMfHW Nsg9NPgmjd+NI38ZhzgPnTO8Le325iyZmg5uNZ17G+333JQcOr P0qDSPdNxIyTFlN00R0OGovB06S0t5rnbZj19WHDrrTb+DELMA kGBSsOAwIaBQAwgbwGCSqGSIb3DQEHATAUBggqhkiG9w0DBwQI ZL04RLFI+WiAgZh6TEP+w4+L8xsuYcvxNWaISWMGNB1u5o6D0c dHt67atrgfdzdEc9AS1XsSOUwcdC+AWL6j21e+O2eJYtqSYwTg w5JvcfZ5gIKE+bt2YQAOCFSftCiQxKjs+wUUoE3DoFdhmWeFhO WpnAnTiNjNICqCBy3ZiJct5fcKxDs/kYnbCE4URaKC5zUo1MM5Zph/pDhTspQssPunPaCCA4cwggODMIIC7KADAgECAgEAMA0GCSqGSI b3DQEBBQUAMIGOMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0Ex FjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC1BheV BhbCBJbmMuMRMwEQYDVQQLFApsaXZlX2NlcnRzMREwDwYDVQQD FAhsaXZlX2FwaTEcMBoGCSqGSIb3DQEJARYNcmVAcGF5cGFsLm NvbTAeFw0wNDAyMTMxMDEzMTVaFw0zNTAyMTMxMDEzMTVaMIGO MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU 1vdW50YWluIFZpZXcxFDASBgNVBAoTC1BheVBhbCBJbmMuMRMw EQYDVQQLFApsaXZlX2NlcnRzMREwDwYDVQQDFAhsaXZlX2FwaT EcMBoGCSqGSIb3DQEJARYNcmVAcGF5cGFsLmNvbTCBnzANBgkq hkiG9w0BAQEFAAOBjQAwgYkCgYEAwUdO3fxEzEtcnI7ZKZL412 XvZPugoni7i7D7prCe0AtaHTc97CYgm7NsAtJyxNLixmhLV8py IEaiHXWAh8fPKW+R017+EmXrr9EaquPmsVvTywAAE1PMNOKqo2 kl4Gxiz9zZqIajOm1fZGWcGS0f5JQ2kBqNbvbg2/Za+GJ/qwUCAwEAAaOB7jCB6zAdBgNVHQ4EFgQUlp98u8ZvF71ZP1LXCh vsENZklGswgbsGA1UdIwSBszCBsIAUlp98u8ZvF71ZP1LXChvs ENZklGuhgZSkgZEwgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEw JDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChML UGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBg NVBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlw YWwuY29tggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQ ADgYEAgV86VpqAWuXvX6Oro4qJ1tYVIT5DgWpE692Ag422H7yR Ir/9j/iKG4Thia/Oflx4TdL+IFJBAyPK9v6zZNZtBgPBynXb048hsP16l2vi0k5Q2 JKiPDsEfBhGI+HnxLXEaUWAcVfCsQFvd2A1sxRr67ip5y2wwBe lUecP3AjJ+YcxggGaMIIBlgIBATCBlDCBjjELMAkGA1UEBhMCV VMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV 3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2Z V9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0 BCQEWDXJlQHBheXBhbC5jb20CAQAwCQYFKw4DAhoFAKBdMBgGC SqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8 XDTA1MDYxNTEwMTYwOFowIwYJKoZIhvcNAQkEMRYEFHhlmkIf0/x2XFyjUH0x4rgfTmDWMA0GCSqGSIb3DQEBAQUABIGAu7m74eh3 WzSL7E9xPENb9ZVQkCUMHOCG6gjx+8Mfvcwbd9MXzkZKLIlDWY HkE/jDeJvCx+DiObS+lbddhzFkE9gOMrO7Y40eijhHSQjATGP845ZR x05d8kk18wtqVDKYMJ7/HGd3A+a7TfGXUIYbKTQ0BL2iCx7DucnnC4LCjto=-----END PKCS7-----" />
</form>
</div>
<p>
Support SAS by linking to us. You can use this information:
</p>
<textarea rows="2" cols="75"><a href="http://www.zann-marketing.com/sas/">Simple Authorization Script</a><br>A simple php script which password protects web pages without a database.</textarea>
</div>
</div>
<div id="footer">Authentication by <a href="http://www.zann-marketing.com/sas/">Simple Authorization Script</a> Copyright © 2005.</div>
</body>
</html>
Now what I am trying to do is replace what happens when an incorrect password is entered into the script. So within sas.php we have the following code...
if ($submitted_pass<>$encrypt_pass) { // if password is incorrect
$errormsg=$msg;
show_login_page($errormsg);
exit();
I am hoping to modify this to use the header redirect() function
something like...
header("Location: http://FakeShopPage.com/search?=$submitted_pass");
This way if someone who didn't know about the forum tried to used the fake shop search function they would enter a search string into the search/password field, hit submit, and the script would see the password was incorrect and pass the submitted password variable into the search string, which would fool the user into thinking they have just searched for something and be none the wiser.
Another issue is that the password encryption in the script uses md5 hash. Being as old as it is now I would like to use something else. I have read that pbkdf2 is a good thing to use. is it possible to use that in this script?
I can use any other login script that you may be able to suggest, I am open to ideas. I want to have only 1 password for all users for this and be able to pass the submitted_pass variable into the search function. My main issue is Iobviously cant have a username involved, so this is the only script I could find.
I am not a coder, I am just trying to piece together info I have found. I did something very similar to this in the past, but cant remember how I did it, and now can't seem to get it to work. I know I am asking for a lot of help here, so I am greatful to anyone who can help me out.
Thanks everyone, reallyt appreciate it :)