Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 Programming Discussions
FAQ Community Calendar Today's Posts Search

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 12-31-2012, 05:40 PM
invitezone invitezone is offline
 
Join Date: Mar 2008
Posts: 171
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Passing a variable into header()function.

This is not a VB question exactly its a php question, but im using it in a weird way on my forum, so im hoping someone will help me out

First let me explain what im trying to do.

I want to hide my forum so it looks like there is no forum. The way I want to do this is to make a fake shopping site, with a search box. The search box will be fully functioning, but if the secret passwphrase is entered into the search box, the user will be redirected to the forum and a cookie set so that they don't see the fake shop instead.
The way I am thinking to do this is to use a simple password script to replace the shops search function.


this is the login script I am thinking of using

sas.php
Code:
<?php

/* Config Section */

$pass		= 'demo';				// Set the password.
$cookiename	= 'sascookie';				// Optional change: Give the cookie a name. Default is sascookie
$expirytime	= time()+3600;				// Optional change: Set an expiry time for the password (in seconds). Default is 1 hour.
$msg		= 'Password incorrect.';	// Optional change: Error message displayed when password is incorrect. Default is "Password incorrect".

/* End Config */

/* Logout Stuff - Sept 5, 2005 */

if (isset($_REQUEST['logout'])) {
	setcookie($cookiename,'',time() - 3600);							// remove cookie/password
	if (substr($_SERVER['REQUEST_URI'],-12)=='?logout=true') {			// if there is '?logout=true' in the URL
		$url=str_replace('?logout=true','',$_SERVER['REQUEST_URI']);	// remove the string '?logout=true' from the URL
		header('Location: '.$url);										// redirect the browser to original URL
	}
	show_login_page('');
	exit();
}

$logout_button='<form action="'.$_SERVER['REQUEST_URI'].'" method="post"><input type="submit" name="logout" value="Logout" /></form>';
$logout_text='<a href="'.$_SERVER['REQUEST_URI'].'?logout=true">Logout</a>';

/* End Logout Stuff */

/* FUNCTIONS */
$encrypt_pass=md5($pass);	// encrypt password

function setmycookie() {
global $cookiename,$encrypt_pass,$expirytime;
	setcookie($cookiename,$encrypt_pass,$expirytime);
}	

function show_login_page($msg) {
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Authorization Required</title>
<style type="text/css">
<!--
.error {color:#A80000}
body {font:90% Verdana, Arial, sans-serif;color:#404040}
#wrapper {width:800px;margin:0 auto;border:1px solid #606060}
#main {text-align:center;padding:15px}
#header {font:bold 130% Verdana, Arial, sans-serif;color:#DDDDDD;width:100%;height:5em;text-align:center;background:#A80000;line-height:5em}
#mid {margin:5em 0 5em 0}
#footer {font-size:75%;text-align:center;width:100%}
input {border:1px solid #606060; background: #DDDDDD}
-->
</style>
</head>
<body>
<div id="wrapper">
	<div id="header">Authorization Required</div>
<div id="main">
	<div id="mid">
		<p>Please enter the password below <em>Use "demo" to login. Use a wrong password to see the error message</em>.</p>

		<p>Once logged in, you won't need to re-enter the password for one hour, the expiry time can be customized to your liking by altering the variable $expirytime in the Config Section of sas.php.</p>

		<p>You will need to enable cookies for SAS to work as expected.</p>
		
		<form action="" method="POST">
			Password:&nbsp;<input type="password" name="password" size="20">&nbsp;
			<input type="submit" value="Login">
			<input type="hidden" name="sub" value="sub">
		</form>
		<div class=error><?=$msg?></div>
	</div>
</div>
</div>
<div id="footer">Authentication by <a href="http://www.zann-marketing.com/sas/">Simple Authorization Script</a> Copyright &copy; 2005.</div>
</body>
</html>
<? }

/* END FUNCTIONS */

$errormsg='';
if (isset($_POST['sub'])) {						// if form has been submitted
	$submitted_pass=md5($_POST['password']);	// encrypt submitted password
	if ($submitted_pass<>$encrypt_pass) {		// if password is incorrect
		$errormsg=$msg;
		show_login_page($errormsg);
		exit();
	} else {									// if password is correct
		setmycookie();
	}
} else {
	if (isset($_COOKIE[$cookiename])) {			// if cookie isset
        if ($_COOKIE[$cookiename]==$encrypt_pass) {	// if cookie is correct
		   // do nothing
		} else {								// if cookie is incorrect
			show_login_page($errormsg);
			exit();
		}
	} else {									// if cookie is not set
		show_login_page($errormsg);
		exit();
	}
}
?>

This script also comes with a demo page incase anyone wishes to run this to see it working, which is as follows.

demo.php
Code:
<? require('sas.php'); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Authorization Successful</title>
<style type="text/css">
<!--
.error {color:#A80000}
body {font:90% Verdana, Arial, sans-serif;color:#404040}
#wrapper {width:800px;margin:0 auto;border:1px solid #606060}
#main {text-align:left;padding:15px}
#header {font:bold 130% Verdana, Arial, sans-serif;color:#DDDDDD;width:100%;height:5em;text-align:center;background:#A80000;line-height:5em}
#footer {font-size:75%;text-align:center;width:100%}
input {border:1px solid #606060; background: #DDDDDD}
p {line-height:130%}
-->
</style>
</head>
<body>
<div id="wrapper">
	<div id="header">Authorization Successful</div>

	<div id="main">
		<p>
		If you can see this page, then you have successfully entered in the correct password for the Simple Autorization Script demo. We hope this example of the use of SAS meets your expectations.
		</p>
		
		<p>
		You will be able to access this page without entering in the password for the next hour. After which, you will be required to enter the password again.
		</p>
		
		<p>
		<strong>** New ** Optional logout feature.</strong> The logout button is an optional feature which you may like to include in your installation of SAS. To see the logout feature at work, please click on the logout button below. The logout button will expire the password (and cookie) and the login page should show up. 
		</p>
		
		<p>Logout Button:</p> <?=$logout_button?>
		
		<p>Logout Text:</p> <?=$logout_text?>
		
		<p>
		For installation instructions, see the <strong>readme.txt</strong> file located in the Simple Authorization Script folder, or view the <a href="http://www.zann-marketing.com/sas/installation.php">online version here</a>.
		</p>
		
		<p>
		If you found Simple Authorization Script useful, please make a small donation through PayPal.
		</p>
		
		<div style="text-align:center">
			<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
			<input type="hidden" name="cmd" value="_s-xclick" />
			<input type="image" src="https://www.paypal.com/en_US/i/btn/x-click-but04.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!" />
			<input type="hidden" name="encrypted" value="-----BEGIN PKCS7-----MIIHPwYJKoZIhvcNAQcEoIIHMDCCBywCAQExggEwMIIBLAIBADCBlDCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20CAQAwDQYJKoZIhvcNAQEBBQAEgYAOD1uTKjRp2+r51aImKlBZ6kz1BmprsfzYboHSEwHurMRQCPq1T3YoztKpUL3Axrb26blKhYMfHWNsg9NPgmjd+NI38ZhzgPnTO8Le325iyZmg5uNZ17G+333JQcOrP0qDSPdNxIyTFlN00R0OGovB06S0t5rnbZj19WHDrrTb+DELMAkGBSsOAwIaBQAwgbwGCSqGSIb3DQEHATAUBggqhkiG9w0DBwQIZL04RLFI+WiAgZh6TEP+w4+L8xsuYcvxNWaISWMGNB1u5o6D0cdHt67atrgfdzdEc9AS1XsSOUwcdC+AWL6j21e+O2eJYtqSYwTgw5JvcfZ5gIKE+bt2YQAOCFSftCiQxKjs+wUUoE3DoFdhmWeFhOWpnAnTiNjNICqCBy3ZiJct5fcKxDs/kYnbCE4URaKC5zUo1MM5Zph/pDhTspQssPunPaCCA4cwggODMIIC7KADAgECAgEAMA0GCSqGSIb3DQEBBQUAMIGOMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC1BheVBhbCBJbmMuMRMwEQYDVQQLFApsaXZlX2NlcnRzMREwDwYDVQQDFAhsaXZlX2FwaTEcMBoGCSqGSIb3DQEJARYNcmVAcGF5cGFsLmNvbTAeFw0wNDAyMTMxMDEzMTVaFw0zNTAyMTMxMDEzMTVaMIGOMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC1BheVBhbCBJbmMuMRMwEQYDVQQLFApsaXZlX2NlcnRzMREwDwYDVQQDFAhsaXZlX2FwaTEcMBoGCSqGSIb3DQEJARYNcmVAcGF5cGFsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwUdO3fxEzEtcnI7ZKZL412XvZPugoni7i7D7prCe0AtaHTc97CYgm7NsAtJyxNLixmhLV8pyIEaiHXWAh8fPKW+R017+EmXrr9EaquPmsVvTywAAE1PMNOKqo2kl4Gxiz9zZqIajOm1fZGWcGS0f5JQ2kBqNbvbg2/Za+GJ/qwUCAwEAAaOB7jCB6zAdBgNVHQ4EFgQUlp98u8ZvF71ZP1LXChvsENZklGswgbsGA1UdIwSBszCBsIAUlp98u8ZvF71ZP1LXChvsENZklGuhgZSkgZEwgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLUGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBgNVBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAgV86VpqAWuXvX6Oro4qJ1tYVIT5DgWpE692Ag422H7yRIr/9j/iKG4Thia/Oflx4TdL+IFJBAyPK9v6zZNZtBgPBynXb048hsP16l2vi0k5Q2JKiPDsEfBhGI+HnxLXEaUWAcVfCsQFvd2A1sxRr67ip5y2wwBelUecP3AjJ+YcxggGaMIIBlgIBATCBlDCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20CAQAwCQYFKw4DAhoFAKBdMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA1MDYxNTEwMTYwOFowIwYJKoZIhvcNAQkEMRYEFHhlmkIf0/x2XFyjUH0x4rgfTmDWMA0GCSqGSIb3DQEBAQUABIGAu7m74eh3WzSL7E9xPENb9ZVQkCUMHOCG6gjx+8Mfvcwbd9MXzkZKLIlDWYHkE/jDeJvCx+DiObS+lbddhzFkE9gOMrO7Y40eijhHSQjATGP845ZRx05d8kk18wtqVDKYMJ7/HGd3A+a7TfGXUIYbKTQ0BL2iCx7DucnnC4LCjto=-----END PKCS7-----" />
			</form>
		</div>
	
		<p>
		Support SAS by linking to us. You can use this information:
		</p>
		
		<textarea rows="2" cols="75">&lt;a href="http://www.zann-marketing.com/sas/"&gt;Simple Authorization Script&lt;/a&gt;&lt;br&gt;A simple php script which password protects web pages without a database.</textarea>
	
	</div>
</div>
<div id="footer">Authentication by <a href="http://www.zann-marketing.com/sas/">Simple Authorization Script</a> Copyright &copy; 2005.</div>
</body>
</html>



Now what I am trying to do is replace what happens when an incorrect password is entered into the script. So within sas.php we have the following code...

Code:
if ($submitted_pass<>$encrypt_pass) {		// if password is incorrect
		$errormsg=$msg;
		show_login_page($errormsg);
		exit();
I am hoping to modify this to use the header redirect() function
something like...
header("Location: http://FakeShopPage.com/search?=$submitted_pass");

This way if someone who didn't know about the forum tried to used the fake shop search function they would enter a search string into the search/password field, hit submit, and the script would see the password was incorrect and pass the submitted password variable into the search string, which would fool the user into thinking they have just searched for something and be none the wiser.

Another issue is that the password encryption in the script uses md5 hash. Being as old as it is now I would like to use something else. I have read that pbkdf2 is a good thing to use. is it possible to use that in this script?

I can use any other login script that you may be able to suggest, I am open to ideas. I want to have only 1 password for all users for this and be able to pass the submitted_pass variable into the search function. My main issue is Iobviously cant have a username involved, so this is the only script I could find.

I am not a coder, I am just trying to piece together info I have found. I did something very similar to this in the past, but cant remember how I did it, and now can't seem to get it to work. I know I am asking for a lot of help here, so I am greatful to anyone who can help me out.

Thanks everyone, reallyt appreciate it
Reply With Quote
 


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 08:44 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03861 seconds
  • Memory Usage 2,362KB
  • Queries Executed 12 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (4)bbcode_code
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (3)post_thanks_box
  • (3)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (3)post_thanks_postbit_info
  • (3)postbit
  • (3)postbit_onlinestatus
  • (3)postbit_wrapper
  • (1)showthread_list
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_threadedmode.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids_threaded
  • showthread_threaded_construct_link
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete