issues with me website ( i am a php beginner )

[cmicky68]

Hey people of the internet
I don't know if this place is the right place to post the question - if it isn't please forgive me
I desided to start learning website development by myself
so I bough a server - installed ubunto , and apache2 , and php , and sql and so on - and I am renting a domain : www.fobos.co.il
but i'm having a problem
In the "PHP testing" link I put a password for the user to input and it is working fine , the problem is that if you're trying
to get access into the page ( if you know the URL ) you'll still see the page without the need to put any password
and I want the page to be able to check if the user is providing a password or getting into the page from another page
so people won't be able to gain access to the page without putting the correct password :



the url for the website : www.fobos.co.il
the url for the user to put a password : http://fobos.co.il/testingpage.php
the url for the landing page after providing the pass : www.fobos.co.il/testwelcome.php

the code to check the password in the password page is :


<?php

$pass = ("123456789");
$data = filter_input(INPUT_POST, 'yourpass', FILTER_SANITIZE_STRING);

if ($data === $pass) {
header("location: ../testwelcome.php");
}
else {
echo("<br/>Incorrect password - please try again");
echo("<br/><br/>");
echo "<button type='button' onclick=\"location.href='testingpage.php'\">Take Me Back! </button><br/>";
}
?>

---------------------
And i've created this code on the landing page to check it the user come from the password verification page

<?php
session_start();

if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] == 'http://www.fobos.co.il/testingpageverification.php') {
$pagerefer = ("referingpage");
}
else {
$pagerefer = NULL;
}
if ($pagerefer === "referingpage") {
}
else {
header("location: ../testingpage.php");
exit();
}
?>
With the currect code above it rejects the user to the page the user need to put a password no matter if the pass is correct or not

the password is : 123456789 - if you wanna check yourself

I got to say - that chatGPT is not so helpful while trying to provide me with a code and after couple of minutes telling you that the code isn't correct
and I just don't get it

i'm guessing it is easy for you - so i'm asking

 

[Danishhafeez]

To achieve the behavior you want, where users cannot access the page without providing the correct password, you can use sessions to keep track of whether the user has entered the correct password.

Here's the modified code:
On testingpage.php:

<?php
session_start();

$pass = "123456789";
if(isset($_POST['submit'])) {
$data = filter_input(INPUT_POST, 'yourpass', FILTER_SANITIZE_STRING);
if ($data === $pass) {
$_SESSION['authenticated'] = true;
header("Location: testwelcome.php");
exit();
} else {
$error = "Incorrect password - please try again";
}
}
?>

<!DOCTYPE html>
<html>
<head>
<title>Enter Password</title>
</head>
<body>
<?php if(isset($error)) echo $error; ?>
<form method="post" action="">
<label for="yourpass">Enter Password:</label>
<input type="password" name="yourpass" id="yourpass" required>
<input type="submit" name="submit" value="Submit">
</form>
</body>
</html>

On testwelcome.php:


<?php
session_start();

if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true) {
header("Location: testingpage.php");
exit();
}
?>

<!DOCTYPE html>
<html>
<head>
<title>Welcome</title>
</head>
<body>
<h1>Welcome to the protected page!</h1>
<!-- Your content here -->
</body>
</html>

This code ensures that users cannot access testwelcome.php without providing the correct password through testingpage.php. If they try to access testwelcome.php directly without providing the password, they will be redirected back to the password page.

 

[asadali]

It appears you are working on a website development project which you are aiming to establish a password protection system, however you are faced with problems related to page redirection. This problem is most likely due to the way you are validating the password input and the way you are checking the referring page. The detail that captures your eye is during the checking of the code of your landing page, you confirm that the user is coming from the password verification page using $_SERVER['HTTP_REFERER']. Nevertheless, soon there will be bottlenecks to this approach as it might happen that from time to time such headers are not sent, mainly because the user can access the page by direct link or maybe that there are some additional configurations besides them. Another option is to use a session variable to check the password verification status after the user submits the correct password instead of that method.

Here is your more efficient resolution: When a user enters the password correctly, such as by $_SESSION['logged_in'] = true;, you can store a session variable. On your landing page, check whether the session variable actually exists before you allow access. If it's not, then return the user to the password page.

When it comes to website development, one of the methods to secure and have a good user authentication experience is by using sessions for the management of user authentication.Consider adjusting your session management logic for better control of user access and flow between your pages.

 

[Moorcam]

It appears you are working on a website development project which you are aiming to establish a password protection system, however you are faced with problems related to page redirection. This problem is most likely due to the way you are validating the password input and the way you are checking the referring page. The detail that captures your eye is during the checking of the code of your landing page, you confirm that the user is coming from the password verification page using $_SERVER['HTTP_REFERER']. Nevertheless, soon there will be bottlenecks to this approach as it might happen that from time to time such headers are not sent, mainly because the user can access the page by direct link or maybe that there are some additional configurations besides them. Another option is to use a session variable to check the password verification status after the user submits the correct password instead of that method.

Here is your more efficient resolution: When a user enters the password correctly, such as by $_SESSION['logged_in'] = true;, you can store a session variable. On your landing page, check whether the session variable actually exists before you allow access. If it's not, then return the user to the password page.

When it comes to website development, one of the methods to secure and have a good user authentication experience is by using sessions for the management of user authentication.Consider adjusting your session management logic for better control of user access and flow between your pages.

It's almost a year old.

 

[asadali]

It's almost a year old.

This will help in future ,if anyone facing the same issue.