Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 528
  • Last Modified:

Password protect link & webpage

Hello Experts,

How I can protect a link on a webpage from non registered users ? Actually if users click on "video 3", then he's redirected to the login / signup page. The problem is that once he's logged in, he's not redirected back to where he was (access to video 3 granted).

The whole website is in HTML/CSS and only the signup, customer profile and cart are in PHP.

How I can do that?

Thanks
0
currentdb
Asked:
currentdb
  • 9
  • 6
  • 2
3 Solutions
 
ingriTCommented:
With the use of your .htaccess file? If you're not using Server Side Scripting (PHP) on these pages, you need to use webserver security.
0
 
currentdbAuthor Commented:
Hi ingriT,

I Googled a lot on the internet on how to use the .htaccess file and I'm still lost in how to use it this way.

How to use webserver security? is it hard to configure ?

Thanks for your patience.
0
 
ingriTCommented:
It's not hard to configure, but your users need an account on your webserver, and not in your application code. So usually this is not the easiest solution.

Why can't you use PHP on the video page?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
currentdbAuthor Commented:
Users do have an account on the webserver. These users are stored in a mysql database. If a new user signs up with a new account, he's automatically added to this database

I tried to use PHP on the video page,but it ended in a nightmare as most of the page coding depends on CSS styles :(

If you wish, I can post the html/css code of this webpage so you can take a look.
0
 
ingriTCommented:
If users have an account in your mysql database, they do not have an account "in" your webserver (they are not present in your .htaccess file I mean), so this is not really the same.

Don't you have a function in your PHP code that just checks if the user is logged in? And if not logged in -> redirect to login/signup page?

Then you don't need to mess around in your video page html/css.
0
 
currentdbAuthor Commented:
>>Don't you have a function in your PHP code that just checks if the user is logged in? And if not logged in -> redirect to login/signup page?

Usually when the user enters the website, he can log in to check its profile, address and so on. On the video page, the only link I added was to redirect user to the login page first, but from there, I was not able to figure a way how to redirect him back...and to answer your question, there is no function in the PHP code for this.
0
 
ingriTCommented:
You can redirect the user to the login page with something like this:
http_redirect("login.php", array("redirurl" => "video.php"));

Open in new window


Then on the login.php page, there will be a querystring parameter called "redirurl" with the value "video.php".
After a succesful login, you can redirect the user to the normal profile page that you described, or redirect them to the page that is in the querystring (being "video.php").
0
 
currentdbAuthor Commented:
Ok but where in the login page I can add your code? Because the login.phtml is not a short page
0
 
ingriTCommented:
You should add it after the login check I think. I don't know your code, you should know best where to put it.
0
 
currentdbAuthor Commented:
I don't know where either as it is not my code.

If you can help me locate where I should add this line, it would be great.Here's the entire code so far:

<!-- login box on signup page widget -->
<?php if (!Am_Di::getInstance()->auth->getUserId()) : ?>
<div class="am-login-text"><?php __e("If you already have an account on our website, please %slogin%s to continue",
        '<a href="javascript:" id="show-login-box-on-signup">', '</a>') ?></div>
<div class="am-signup-login-form-container" style="display:none">
    <div style="font-size: xx-small; text-align: right; width: 100%;">
        <a href="javascript:" id="hide-login-box-on-signup">
            <img src="<?php echo $this->_scriptImg('modal-close.png') ?>" alt="<?php __e('Close') ?>" title="<?php __e('Close') ?>"/>
        </a>
    </div>
    <br />
    <div class="am-layout-two-coll">
        <div class="am-layout-two-coll-top"></div>
        <div class="am-coll-left">
            <div class="am-coll-content">

                <div class="am-form am-login-form am-signup-login-form">
                    <form name="login" method="post" action="<?php echo REL_ROOT_URL?>/login">
                        <fieldset>
                            <legend>&nbsp;&nbsp;<?php __e('Member Login') ?></legend>
                            <div class="row">
                                <div class="element-title">
                                    <label class="element-title" for="login"><?php __e('E-Mail Address or Username') ?></label>
                                </div>
                                <div class="element">
                                    <input type="text" id="login" name="amember_login" size="15" value="<?php p(@$_REQUEST['amember_login']) ?>" />
                                </div>
                            </div>
                            <div class="row">
                                <div class="element-title">
                                    <label class="element-title" for="pass"><?php __e('Password') ?></label>
                                </div>
                                <div class="element">
                                    <input type="password" id="pass" name="amember_pass" size="15" />
                                </div>
                            </div>
                            <div class="row">
                                <div class="element-title"></div>
                                <div class="element" style="vertical-align: baseline">
                                    <input type="submit" value="&nbsp;&nbsp;&nbsp;<?php __e('Login') ?>&nbsp;&nbsp;&nbsp;" />
                                </div>
                            </div>
                        </fieldset>
                        <input type="hidden" name="login_attempt_id" value="<?php print time()?>" />
                        <input type="hidden" name="amember_redirect_url" value="<?php p($_SERVER['REQUEST_URI']) ?>" />
                    </form>
                </div>
            </div>
        </div>
        <div class="am-coll-right">
            <div class="am-coll-content">
                <div class="am-form am-sendpass-form">
                    <form name="sendpass" method="post" action="<?php echo REL_ROOT_URL ?>/sendpass">
                        <fieldset>
                            <legend>&nbsp;&nbsp;<?php __e('Lost password') ?></legend>
                            <div class="row">
                                <div class="element-title">
                                    <label class="element-title" for="sendpass"><?php __e('Enter your <b>E-Mail Address</b> or <b>Username</b>') ?></label>
                                </div>
                                <div class="element"><input type="text" name="login" id="sendpass" size="15" /></div>
                            </div>
                            <div class="row">
                                <div class="element-title"></div>
                                <div class="element">
                                    <input type="submit" value="<?php __e('Get Password') ?>" />
                                </div>
                            </div>
                        </fieldset>
                    </form>
                </div>
            </div>
        </div>
        <div class="am-layout-two-coll-bottom"></div>
    </div>
</div>

<script type="text/javascript">
    jQuery(document).ready(function($) {
        $("#show-login-box-on-signup").click(function(){
            $("body").append("<div id='mask'></div>");
            $(".am-signup-login-form-container").show(100);
        });
        $("#hide-login-box-on-signup").click(function(){
            $("#mask").remove();
            $(".am-signup-login-form-container").hide(100);
        });
        $(".am-signup-login-form form").amAjaxLoginForm({
            success: function() { window.location.reload(true); }
        });// from user.js
    });
</script>
<?php else: // if logged-in ?>
<div class="am-login-text">
        <?php __e("You are logged-in as %s. %sLogout%s to signup as new user.",
                "<strong>". Am_Di::getInstance()->auth->getUsername() . "</strong>",
                "<a href='".REL_ROOT_URL."/logout?amember_redirect_url=".urlencode($_SERVER['REQUEST_URI'])."'>",
                "</a>"
        ); ?>
</div>
<?php endif // if not logged-in ?>
<!-- login box on signup page widget end -->

Open in new window

0
 
ingriTCommented:
Something like this;

<?php else: // if logged-in ?>
<?php
if ($_GET["redirurl"] == "video.php")
{
http_redirect("video.php");
}
?>
<div class="am-login-text">
        <?php __e("You are logged-in as %s. %sLogout%s to signup as new user.",
                "<strong>". Am_Di::getInstance()->auth->getUsername() . "</strong>",
                "<a href='".REL_ROOT_URL."/logout?amember_redirect_url=".urlencode($_SERVER['REQUEST_URI'])."'>",
                "</a>"
        ); ?>
</div>
<?php endif // if not logged-in ?>

Open in new window

0
 
currentdbAuthor Commented:
Looks like it does not work. I signed in, but I was redirected to the member's area, not to the page where I wanted to go. I re-checked the entire code and there is no reference of any redirection to a different url. I'm puzzled here :(
0
 
Ray PaseurCommented:
This article shows the design pattern you want to use.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391.html

If you read that over you will see that the initial entry point is stored in the PHP session.  See the code snippet for RAY_EE_config at line 44.  

After authentication, this information in the session is used to redirect the client browser back to the entry page.  See the code snippet for RAY_EE_login at line 34-44.

Please read the article and code snippets, then post back here if you still have questions about how it works.  Best, ~Ray
0
 
currentdbAuthor Commented:
Hi Ray_Paseur,

Your article was very interesting to read and all explanations are very clear too.

What I did was to add the line
access_control();

Open in new window

to the page I wanted to protect. I added this line to the very top of the page. After updating the page on the server, I was hoping that it would work, but I am still back to my problem.

What I don't understand is that the client bought the aMember software which uses an already set-up database with everything. This client was not able to modify what he wanted, so I came in. It's just been a week and I struggled back and forth to understand how this software worked. I also contacted technical support to get some answers, but these answers were not really clear.

So on this webpage, I wanted to access a restricted page, and the link worked because it directed me to the log in page. Once I was logged in, instead of being redirected to the page I wanted, I was redirected to some "Member area". I had to review the entire code, but still I don't understand what does not work here. Your code seems easy, but something clearly is not working here.

If you have an idea how I can solve this, it would be grateful.

Thanks.
0
 
Ray PaseurCommented:
I don't know what more I can tell you.  This is drop-dead simple in a correctly designed authentication system.  The initial point of entry is found inside the access_control() function on this line (line 44) and it is stored in the session array.
$_SESSION["entry_uri"] = $_SERVER["REQUEST_URI"];

Open in new window

After authentication, the client browser is redirected to the initial point of entry by the login.php script here (lines 34-44)
// REDIRECT TO THE ENTRY PAGE OR TO THE HOME PAGE
if (isset($_SESSION["entry_uri"]))
{
    header("Location: {$_SESSION["entry_uri"]}");
    exit;
}
else
{
    header("Location: /");
    exit;
}

Open in new window

Here is what I would probably do if I were facing your challenge.  Get a code scanner and look for every instance of the word "header" since that can be one way to redirect the browser.  Look also for the word "refresh" because that can be used in the HTML stream, something like <meta http-equiv="refresh" content="0; url=http://example.com/">.  You will probably find one or the other of those pointing to the member area.  Change it to point to the location of the initial entry.
0
 
currentdbAuthor Commented:
Hi Ray_Paseur,

Your explanation makes sense. While I was scanning the entire code, I had an idea, so I made some smaller changes to the redirection link.

Before it was like this:
http://yoursite.com/amember/login?_amember_redirect_url=http://yoursite.com/fable4.html

And changed it to:
http://yoursite.com/amember/login?amember_redirect_url=http://yoursite.com/fable4.html

Now when the user want to access this page (fable4.html) he's directed to the login page where he logs in and then he's re-directed to the proper page (fable4.html).

One small problem here: If an user is not logged in and know what the link to this page looks like, he can access the page without being logged in first.

I have to award points on this question and open a new one, then post a link back here if you still want to help.

Thanks so much for your understanding.
0
 
currentdbAuthor Commented:
Here's the link to a new question: Protect page from non authorized use
0

Featured Post

Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

  • 9
  • 6
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now