I'm just getting started with php and i'm having some issues

[cmicky68]

Hey people of the internet
I don't know if this place is the right place to post the question - if it isn't please forgive me
I desided to start learning website development by myself
so I bough a server - installed ubunto , and apache2 , and php , and sql and so on - and I am renting a domain : www.fobos.co.il
but i'm having a problem
In the "PHP testing" link I put a password for the user to input and it is working fine , the problem is that if you're trying
to get access into the page ( if you know the URL ) you'll still see the page without the need to put any password
and I want the page to be able to check if the user is providing a password or getting into the page from another page
so people won't be able to gain access to the page without putting the correct password :



the url for the website : www.fobos.co.il
the url for the user to put a password : http://fobos.co.il/testingpage.php
the url for the landing page after providing the pass : www.fobos.co.il/testwelcome.php

the code to check the password in the password page is :


<?php

$pass = ("123456789");
$data = filter_input(INPUT_POST, 'yourpass', FILTER_SANITIZE_STRING);

if ($data === $pass) {
header("location: ../testwelcome.php");
}
else {
echo("<br/>Incorrect password - please try again");
echo("<br/><br/>");
echo "<button type='button' onclick=\"location.href='testingpage.php'\">Take Me Back! </button><br/>";
}
?>

---------------------
And i've created this code on the landing page to check it the user come from the password verification page

<?php
session_start();

if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] == 'http://www.fobos.co.il/testingpageverification.php') {
$pagerefer = ("referingpage");
}
else {
$pagerefer = NULL;
}
if ($pagerefer === "referingpage") {
}
else {
header("location: ../testingpage.php");
exit();
}
?>
With the currect code above it rejects the user to the page the user need to put a password no matter if the pass is correct or not

the password is : 123456789 - if you wanna check yourself

I got to say - that chatGPT is not so helpful while trying to provide me with a code and after couple of minutes telling you that the code isn't correct
and I just don't get it

i'm guessing it is easy for you - so i'm asking

 

[Danishhafeez]

Firstly, for a more secure way of handling passwords, you should consider using PHP's password hashing functions. Storing passwords in plaintext is not recommended due to security risks.

Here's how you can modify your code to achieve the desired behavior:

1. Password Verification Page (testingpage.php):This page should collect the password from the user and verify it.

<?php

// Check if form is submitted
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $pass = "123456789"; // This should ideally be stored securely, perhaps in a database or environment variable
    $entered_pass = $_POST['yourpass'];

    // Verify password
    if (password_verify($entered_pass, password_hash($pass, PASSWORD_DEFAULT))) {
        header("Location: testwelcome.php");
        exit;
    } else {
        echo "<br/>Incorrect password - please try again";
        echo "<br/><br/>";
        echo "<button type='button' onclick=\"location.href='testingpage.php'\">Take Me Back! </button><br/>";
        exit; // Exit script if password is incorrect
    }
}
?>

<!-- HTML form to collect password -->
<form method="post">
    Enter Password: <input type="password" name="yourpass">
    <input type="submit" value="Submit">
</form>

1. Welcome Page (testwelcome.php):This page will be accessible only if the user has provided the correct password.

<?php
session_start();

// Check if user came from password verification page
if (!isset($_SERVER['HTTP_REFERER']) || $_SERVER['HTTP_REFERER'] !== 'http://www.fobos.co.il/testingpage.php') {
header("Location: testingpage.php");
exit;
}
?>

<!-- Your welcome page content here -->

This setup ensures that the user can only access testwelcome.php if they've provided the correct password through testingpage.php