Password protecting a file with a dynamic URL

How do you password protect a file with a dynamic url. I need

www.own-designs.com/jess_events/calendar/plans.cgi?active_page=0

to not be password protected, but I need these:

www.own-designs.com/jess_events/calendar/plans.cgi?active_page=1
www.own-designs.com/jess_events/calendar/plans.cgi?active_page=2

to be password protected. I'm using PHP.

Thanks!
LVL 7
weikelbobAsked:
Who is Participating?
 
f_o_o_k_yCommented:
You can for example use something like this:

on each page include password_check.php

in that file you just check if some session variable isset
if not you can redirect to login form
header('Location: login_page.php');

in password_check you can also check if password for this site is required
0
 
weikelbobAuthor Commented:
I don't see how to do that because my example used the same file for all 3 links.
0
 
f_o_o_k_yCommented:
ok
here is example code

<?php

$page_id = $_GET['active_page'];

if($page_id == 1 || $page_id ==2){
    if($_SESSION['some_variable']==''){
            header('Location: login.php');
    }
}

?>

This should put you on wright track.
Best Regards
FooKy
0
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

 
weikelbobAuthor Commented:
That looks great!

Let me apply it.

Thanks!
0
 
weikelbobAuthor Commented:
I just noticed that we're talking about a CGI file.

How do I do this?
0
 
f_o_o_k_yCommented:
And what's the difference ?
I've never used cgi.
But if you can change code of plans.cgi and its written in php so there should be no difference??
0
 
ahoffmannCommented:
why does your plans.cgi not do the authentication?
0
 
weikelbobAuthor Commented:
I can't have the public view all of the tabs in plans.cgi.

There is authentification, but if you have access to all tabs in plans.cgi, then you can create calandars.

Here's the link:

http://own-designs.com/jess_events/calendar/plans.cgi?active_tab=0
0
 
ahoffmannCommented:
> There is authentification, ..
if you thill have authentication there (in plans.cgi), it should be simple to check if the (authenticated) user is allowed for that tab
0
 
weikelbobAuthor Commented:
I misunderstood.

It only checks for a password if you add an event.

I need it to check for a password when they click on a tab.
0
 
f_o_o_k_yCommented:
OK. I see what you want to do.

Now I have a question for you.
Can you change the code of plans.cgi?

If yes you must find the function which is responsible for adding new event (not displaying but this which is adding everything to database.
Then you must find function which is responsible for password checking
(tip try looking for $_SESSION['cal_password'] or $_REQUEST['cal_password'] or $cal_password)

after that you can create a page login.php with form and one password input box. after submit you must check entered password with founded function and if its correct you can set $_SESSION['authenticated'] = true;

then on palns.cgi on the top of source page do as I showed in previous post to check if the session variable is set.
remember to use session_start :)

Best Regards
FooKy

Ps. Hope this can help you
0
 
weikelbobAuthor Commented:
Thanks guys,

Bob
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.