issues with me website ( i am a php beginner )

cmicky68

New member
Hey people of the internet
I don't know if this place is the right place to post the question - if it isn't please forgive me
I desided to start learning website development by myself
so I bough a server - installed ubunto , and apache2 , and php , and sql and so on - and I am renting a domain : www.fobos.co.il
but i'm having a problem
In the "PHP testing" link I put a password for the user to input and it is working fine , the problem is that if you're trying
to get access into the page ( if you know the URL ) you'll still see the page without the need to put any password
and I want the page to be able to check if the user is providing a password or getting into the page from another page
so people won't be able to gain access to the page without putting the correct password :



the url for the website : www.fobos.co.il
the url for the user to put a password : http://fobos.co.il/testingpage.php
the url for the landing page after providing the pass : www.fobos.co.il/testwelcome.php

the code to check the password in the password page is :


<?php

$pass = ("123456789");
$data = filter_input(INPUT_POST, 'yourpass', FILTER_SANITIZE_STRING);

if ($data === $pass) {
header("location: ../testwelcome.php");
}
else {
echo("<br/>Incorrect password - please try again");
echo("<br/><br/>");
echo "<button type='button' onclick=\"location.href='testingpage.php'\">Take Me Back! </button><br/>";
}
?>

---------------------
And i've created this code on the landing page to check it the user come from the password verification page

<?php
session_start();

if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] == 'http://www.fobos.co.il/testingpageverification.php') {
$pagerefer = ("referingpage");
}
else {
$pagerefer = NULL;
}
if ($pagerefer === "referingpage") {
}
else {
header("location: ../testingpage.php");
exit();
}
?>
With the currect code above it rejects the user to the page the user need to put a password no matter if the pass is correct or not

the password is : 123456789 - if you wanna check yourself

I got to say - that chatGPT is not so helpful while trying to provide me with a code and after couple of minutes telling you that the code isn't correct
and I just don't get it

i'm guessing it is easy for you - so i'm asking
 
To achieve the behavior you want, where users cannot access the page without providing the correct password, you can use sessions to keep track of whether the user has entered the correct password.

Here's the modified code:
On testingpage.php:

<?php
session_start();

$pass = "123456789";
if(isset($_POST['submit'])) {
$data = filter_input(INPUT_POST, 'yourpass', FILTER_SANITIZE_STRING);
if ($data === $pass) {
$_SESSION['authenticated'] = true;
header("Location: testwelcome.php");
exit();
} else {
$error = "Incorrect password - please try again";
}
}
?>

<!DOCTYPE html>
<html>
<head>
<title>Enter Password</title>
</head>
<body>
<?php if(isset($error)) echo $error; ?>
<form method="post" action="">
<label for="yourpass">Enter Password:</label>
<input type="password" name="yourpass" id="yourpass" required>
<input type="submit" name="submit" value="Submit">
</form>
</body>
</html>

On testwelcome.php:


<?php
session_start();

if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true) {
header("Location: testingpage.php");
exit();
}
?>

<!DOCTYPE html>
<html>
<head>
<title>Welcome</title>
</head>
<body>
<h1>Welcome to the protected page!</h1>
<!-- Your content here -->
</body>
</html>

This code ensures that users cannot access testwelcome.php without providing the correct password through testingpage.php. If they try to access testwelcome.php directly without providing the password, they will be redirected back to the password page.
 
Back
Top