About:
phpSecurePages is a PHP module to secure pages with a login name and password. It can handle multiple user groups (each with their own viewing rights), store data in a MySQL database or a configuration file, and be used to identify your Web site viewers. It also has multiple language support as well as session support for both PHP3 and PHP4.

Release focus: N/A

Changes:
This release fixes an error which removed the session during login on some PHP3 servers. (PHP3 users should upgrade!) A Polish language file has also been added.

Author:
dyna18 [contact developer]

Rating:	reset 1 2 3 4 5 6 7 8 9 10
8.52/10.00 (30 votes)

Homepage:
http://www.phpSecurePages.com/
Zip:
http://www.phpsecurepages.com/phpSecurePages.zip
Changelog:
http://www.phpSecurePages.com/changelog.php
Purchase:
http://www.phpSecurePages.com/
Demo site:
http://www.phpSecurePages.com/test/

Trove categories: [change]

[Development Status]		4 - Beta
[Environment]		Web Environment
[Intended Audience]		Developers, End Users/Desktop
[License]		Free for non-commercial use
[Operating System]		OS Independent
[Programming Language]		PHP
[Topic]		Internet, Internet :: WWW/HTTP, Internet :: WWW/HTTP :: Dynamic Content, Internet :: WWW/HTTP :: HTTP Servers, Internet :: WWW/HTTP :: Site Management, Office/Business, Security, Software Development

Dependencies: [change]
No dependencies filed

 Branches

Branch	Version	Last release	License	URLs
Default	0.29b	15-Jul-2005	Free for non-commercial use

 Releases

Version	Focus	Date
0.29b	Major security fixes	15-Jul-2005 18:17
0.28b	Major bugfixes	10-Aug-2002 02:44
0.27b	Minor bugfixes	12-Feb-2002 15:12
0.26b	Minor feature enhancements	02-Oct-2001 17:32
0.25b	Major security fixes	22-Apr-2001 04:06
0.24b	Minor bugfixes	08-Apr-2001 02:44
0.23b	Minor feature enhancements	13-Mar-2001 07:00
0.22b	Major security fixes	06-Mar-2001 05:20
0.21b	Minor feature enhancements	04-Feb-2001 16:50
0.20b	N/A	25-Oct-2000 01:19

 Comments

[»] Same page- I want it to go to something different after login
by Mike F - Jan 25th 2008 16:11:02

Hello, I was searching the internet and found this. I like it, except when I go to test.php (renamed to login.php) it says access denied. I type the right password out. I found out, it uses my MD5 password. Also, After users login I want them to go to a page like index.php . How can I make this happen? I want the login.php (formerly test.php) to be for logging in only. After a successful login, they go to index.php . On my site I would like to use a directory like http://schoolwatch.mradio105fm.com/login.php for logging in. Then after a successful login it goes to: http://schoolwatch.mradio105fm.com/closenet/index.php . How can I make this happen? Also, can you make a change password feature for users so they can change their passwords. Also, I want to have an Admin level (e.g. Level 10) and I want the admin level to be able to add and delete accounts and change levels. How do I do this? Thanks so much!

--
Mike F I really need help with this!

[reply] [top]

[»] Dropping Sessions
by steve mock - Sep 4th 2007 05:31:31

Where is Paul? Paul... we *did* cough up 20 bucks for a
commercial license. Could you not offer even a small bit of
support?

We are experiencing consistently dropped sessions when
reloading a secure page after a query. Can you help us
figure out what is happening?

We have installed the latest version. We are running PHP 4.

Sessions are being dropped and it is a pain.

See it all here:

http://www.mercycollege.edu/course_downloads.php

user: JohnDoe
pass: whatever

Get in there and do a couple of sort/searches. Drops every
single time.

[reply] [top]

[»] I like this project, but...
by Gene - Jun 23rd 2007 13:32:13

I really do like the way this script secures web pages with flexable group level access. What the project lacks is support. I've tried several times to get questions answered with no luck. Maybe someone could start a Forum for phpSP??

[reply] [top]

[»] add function to change password
by kocaweb - May 4th 2007 14:58:48

is it possible to add the function to change the password for usernames in mysql data base i created a mysql database using default settings all I need is to change a password for one username I need to change it frequently so i am trying to add that function into php page. any help would be appreciated

database:phpSecurePages


CREATE TABLE phpSP_users (
primary_key MEDIUMINT UNSIGNED NOT NULL AUTO_INCREMENT,
user VARCHAR(50) NOT NULL,
password VARCHAR(32) NOT NULL,
userlevel TINYINT(3),
PRIMARY KEY (primary_key),
KEY (user)
);

[reply] [top]

[»] Can we auto_prepend ??
by Tom151 - Aug 23rd 2006 11:13:36

I have been tryinig to use .htaccess to get PHP's auto_prepend function to do the include for phpSecurePages --so that I do not have to add code to every page on my site.
I can get the secure.php file included --but the login screen never displays :(
Has anyone got a trick for this???

[reply] [top]

[»] Fatal Error: Cannot redeclare admemail() in.....
by Eray - Feb 16th 2006 17:53:15

Hi,

I've installed phpSecurePages perfectly, it's working well when I click my secured pages one by one.

But when I want to use it in my control panel it gives this error:

Fatal error: Cannot redeclare admemail() in /mnt/home2/public_html/eyasyerli/phpSecurePages/secure.php on line 128


I'am calling all my secured pages from index.php with include function. I think that causes the error but I didn't get any solution.

Does anybody know how to fix this problem?

Thanx..

[reply] [top]

[»] Re: Fatal Error: Cannot redeclare admemail() in.....
by Zerli - Feb 22nd 2006 02:39:40

From my experience, redeclare errors happen when there is a nested include directive. Please check the nesting order of your includes to make sure none of the phpSecurePages codes is included twice. Granted, if you haven't kept a tight control over your include directives, this can end up being very messy, as I've learned to my sorrow. Always, always minimize the number of layers calling include. Preferably have only one. If this doesn't help, the function being found redeclared might actually in fact be declared twice in your code, grep can help you here. Zerli

[reply] [top]

---

[»] Re: Fatal Error: Cannot redeclare admemail() in.....
by dyna18 - Apr 9th 2006 14:36:12

This error happens when phpSecurePages is loaded more then once within a single page. This can happen when using frames or the include function. In phpSecurePages v0.30 there will be an extra saveguard build in to prevent this error from happening.

[reply] [top]

---

[»] Keeping Session Information For Non-Login pages
by Stephen - Jan 28th 2006 12:53:58

For my pages that do not require a login, how do I keep the session information. So it is kind of an optional login so they can still see the page if they arn't logged in but if they are logged in it will have their information on the page. If someone can help me with this it would be greatly appreciated and I can make it worth your while.

Thank you,
Stephen

[reply] [top]

[»] Re: Keeping Session Information For Non-Login pages
by Stephen - Jan 28th 2006 13:55:29

nevermind, i figured it out. thanks

[reply] [top]

---

[»] Re: Keeping Session Information For Non-Login pages
by Carbon Turtle - Mar 3rd 2006 12:34:57


> nevermind, i figured it out. thanks

Steven,
I'm trying to figure out the same thing. What did you end up
doing?
-CT

[reply] [top]

---

[»] md5 ???
by itsl-akbar - Jan 4th 2006 19:29:05

Hi,

I hv been trying your excellent project..works flawless.

I'hv been using mysql.

But when I try using md5...an error message shown..."incorrect password"..

I'hv added the following script to add users(as sugested by another user above)..,

<?php

$user = 'test';
$password = 'test';
$userlevel = '1';

//initial Vars
$dbase_host = "localhost";
$dbase_user = "sakbar";
$dbase_pass = "";
$dbase_base = "phpsecurepages";
$dbase_table = "phpsp_users";
$connect = @mysql_pconnect($dbase_host,$dbase_user, $dbase_pass);
mysql_select_db($dbase_base);
//save to mysql
$password = md5($password);
mysql_query("INSERT INTO `$dbase_table` ( `user` , `password` , `userlevel` ) VALUES ('$user', '$password', '$userlevel')");


echo ($password);

?>

---------------
If I leave out the md5 encryption...it works flawless...

can anyone help me and tell me what I'm doing wrong..

Note, enabled md5 = true in the 'secure.php'

akbar

[reply] [top]

[»] Re: md5 ???
by itsl-akbar - Jan 5th 2006 07:54:25

Nevermind..I hv figured out the problem with md5..I hv just changed a tiny bit and it's working with mysql and md5 encrypted passcodes..good job it's a great script.

I'hv also added a adduser.php for my protected site. It's a quick and small job. If anyone is interested for the code...I can be reached at itsl01@__gmail.com (remove "__") or at my site at http://itsl.uni.cc/ (Not a 24/7 site as yet)



> Hi,

>

> I hv been trying your excellent

> project..works flawless.

>

> I'hv been using mysql.

>

> But when I try using md5...an error

> message shown..."incorrect

> password"..

>

> I'hv added the following script to add

> users(as sugested by another user

> above)..,

>

> <?php

>

> $user = 'test';

> $password = 'test';

> $userlevel = '1';

>

> //initial Vars

> $dbase_host = "localhost";

> $dbase_user = "sakbar";

> $dbase_pass = "";

> $dbase_base =

> "phpsecurepages";

> $dbase_table = "phpsp_users";

> $connect =

> @mysql_pconnect($dbase_host,$dbase_user,

> $dbase_pass);

> mysql_select_db($dbase_base);

> //save to mysql

> $password = md5($password);

> mysql_query("INSERT INTO

> `$dbase_table` ( `user` , `password` ,

> `userlevel` ) VALUES ('$user',

> '$password', '$userlevel')");

>

>

> echo ($password);

>

> ?>

>

> ---------------

> If I leave out the md5 encryption...it

> works flawless...

>

> can anyone help me and tell me what I'm

> doing wrong..

>

> Note, enabled md5 = true in the

> 'secure.php'

>

> akbar

>



[reply] [top]

---

[»] new user question no-DB
by shlomo - Jan 3rd 2006 07:17:14

HELLO all
as a new user i found your product very nice and easy to use i have only one question.

i don't use db!! is it possible that i will sign
pages with single typping of my user name and pass
and not on every new page (after the first time
i accessed) .

thank you very much.

[reply] [top]

[»] SecurePages with PHP5
by Fiber - Sep 28th 2005 04:25:57

Hi !

It was working perfect in PHP4 but i have installed PHP5 and now it's impossible to log in... I put the login, the password, and i return to the same screen... It's very weird... Please, any help would be greatly apreciated !!! :-)

[reply] [top]

[»] Re: SecurePages with PHP5
by Rob - Nov 22nd 2005 07:47:53

Did anyone get an answer to this?


> Hi !

>

> It was working perfect in PHP4 but i

> have installed PHP5 and now it's

> impossible to log in... I put the login,

> the password, and i return to the same

> screen... It's very weird... Please, any

> help would be greatly apreciated !!! :-)



[reply] [top]

---

[»] Re: SecurePages with PHP5
by MedNez - Jan 14th 2006 15:52:22

I wonder if it has anything to do with the way that the sessions are made? That seems to be the bulk of the phpSP code, but I'm not sure what they might've changed that now renders the code inoperable. /me will look through the php 5 changelog this morning

[reply] [top]

---

[»] Re: SecurePages with PHP5
by kingrooroo - Jan 30th 2006 07:26:04

Has anyone had any luck with resolving this issue?

[reply] [top]

---

[»] Re: SecurePages with PHP5
by Scott Dylewski - Jan 31st 2006 23:52:07

yeah, I had the same problem. FINALLY, I figured out the problem. The variables in php > 4.1 changed. Mostly, it's things like $HTTP_GET_VARS changed to $_GET and so on. See this page for details: http://us3.php.net/reserved.variables

Then, grep for HTTP_ in all the php files, and change the ones that you need to... it worked for me!

[reply] [top]

---

[»] Re: SecurePages with PHP5
by mustafa - Mar 18th 2007 16:09:09

Yes, it solves the problem.

The variable names you must change are:

$HTTP_SERVER_VARS ==> $_SERVER
$HTTP_ENV_VARS ==> $_ENV
$HTTP_GET_VARS ==> $_GET
$HTTP_POST_VARS ==> $_POST
$HTTP_SESSION_VARS ==> $_SESSION




> yeah, I had the same problem. FINALLY,

> I figured out the problem. The

> variables in php > 4.1 changed. Mostly,

> it's things like $HTTP_GET_VARS changed

> to $_GET and so on. See this page for

> details:

> http://us3.php.net/reserved.variables

>

> Then, grep for HTTP_ in all the php

> files, and change the ones that you need

> to... it worked for me!



[reply] [top]

---

[»] Re: SecurePages with PHP5
by Alan - May 3rd 2008 13:08:25

Does any one know which file they had to change i went thorugh all of them and still its not working with PHP5 any ones help would be great i have an appl which is down at the min because of me portingthe app form php4 to php5

Alan


> Yes, it solves the problem.

>

> The variable names you must change are:

>

> $HTTP_SERVER_VARS ==> $_SERVER

> $HTTP_ENV_VARS ==> $_ENV

> $HTTP_GET_VARS ==> $_GET

> $HTTP_POST_VARS ==> $_POST

> $HTTP_SESSION_VARS ==> $_SESSION

>

>

>

>

> % yeah, I had the same problem.

> FINALLY,

> % I figured out the problem. The

> % variables in php > 4.1 changed.

> Mostly,

> % it's things like $HTTP_GET_VARS

> changed

> % to $_GET and so on. See this page

> for

> % details:

> % http://us3.php.net/reserved.variables

> %

> % Then, grep for HTTP_ in all the php

> % files, and change the ones that you

> need

> % to... it worked for me!

>

>

>



[reply] [top]

---

[»] Contacting Paul??
by Gene - Jun 22nd 2005 10:36:16

I think phpSP is a very useful project and I like how it works. But, I had a question and emailed it to the address given for Paul on 6/17/2005, and have not received a reply (5 days). I was wondering if anyone has had contact with him and/or knows if he is still active on this project?

[reply] [top]

[»] Implementation Help
by Kansas Bob - Feb 6th 2005 11:20:24

I have read the FAQ pages. I have installed version .28 on my server. When I run test.php I get more than just the login interface, I also get the actual html code displayed before I enter username and password. Is there some one that can help me?

[reply] [top]

[»] somebody has using Sessions Managment in php4 ?
by aldo - Dec 27th 2004 17:29:19

hi there, i know the developer doesnt response web-posts, but i know by first hand that he have a delay responding emails too, so:
In the readme file we have that:

_"If you use phpSecurePages on a server with PHP3, the following two tables MUST be created.
These two tables are not used with PHP4."_

I understand that session managment is only for php3 .... WHY???
And what if i have installed php4 and i nedd to use these features? for example kill-session if idle and that kind of useful functions...

some of you guys has implemented or found the way to get working that issue?

-- (my email is webmaster@crafta.com) --

Thanks in advance

[reply] [top]

[»] PostgreSQL support + MD5 support
by Zerli - Oct 5th 2004 08:40:46

Hmm. I am not sure of the legality of this, but I hope Mr. Kruyt won't mind. I made some minor fixes and improvements to phpSecurePages:

- added PostgreSQL support - just change a config file setting
- completed MD5 support - just change a config file setting (you still have to manually add initial MD5 passwords to your file or database)
- added Croatian language support

You can get this version at:

http://www.ecst.csuchico.edu/~ilulic/phpSecurePages-v0.29.tar.gz

I hope it works for you.

Igor Lulic

[reply] [top]

[»] Re: PostgreSQL support + MD5 support
by askhenry - Aug 31st 2005 10:27:47

Hi Igor. I am interested in doing a little work on the phpsecure scripts are you still interested in thi script? please advise. Cheers

[reply] [top]

---

[»] Unfriendly license
by Just Looking - Aug 18th 2004 05:54:56

How about GPLing this source? The license makes it rather icky to use. It's a great project and we've fixed several errors, made configuration a bit more friendly and added a couple nice features.

We'll contribute our fixes (under the BSD license) if the project is put under the GPL.

[reply] [top]

[»] Oracle and LDAP dictionary support
by Hugues - May 6th 2004 07:26:39

That's me again for last (and perhaps least) new features incoporated in phpSP.
For this one it's nothing less than Oracle database (using OCI extensions) and LDAP dictionary support (tested with OID ans Active Directory).

Creating a new branch is not allowed, so I send it to P. Kruyt to, and you can find all at http://www.ifrance.com/mercusot/phpSecurePages/readmeHM.txt and download it here

Enjoy, and hope you like it.

[reply] [top]

[»] PostGreSQL and SQLServer support
by Hugues - Apr 14th 2004 06:55:14

Hello,

I've just finished a adaptation of phpSP that support PostGreSQL (tested on 7.4) and SQLServer (but not tested) on PHP 4.
It can also log connections in a log file.

You can find all at http://www.ifrance.com/mercusot/phpSecurePages/readmeHM.txt and download it at http://www.ifrance.com/mercusot/download/phpSecurePagesHM.zip

I send it to P. Kruyt to.

Enjoy, and hope you like it.

[reply] [top]

[»] Documentation in French
by Hugues - Mar 17th 2004 07:57:23

Hello, If somebody is interested, besides the multi language concerning the errors, in an (unofficial) documentation in French, meeting here : http://www.ifrance.com/mercusot/phpSecurePages Si quelqu'un est intéressé, en plus du multi langue concernant les erreurs, par une documentation (non officielle) en français, rendez-vous ici : http://www.ifrance.com/mercusot/phpSecurePages

[reply] [top]

[»] using PHPSecurePages to redirect
by Christopher Scott - Dec 10th 2003 18:44:22

Great little script. Does anybody have any clever ideas
how I could modify it's implementation so that a user
goes to one page to login and, based on that login,
subsequently gets redirected to a custom page?

[reply] [top]

[»] Re: using PHPSecurePages to redirect
by dyna18 - Apr 9th 2006 14:40:16


> Great little script. Does anybody have

> any clever ideas

> how I could modify it's implementation

> so that a user

> goes to one page to login and, based on

> that login,

> subsequently gets redirected to a custom

> page?

After phpSecurePages has run, there are several variables available to identify the user. I suggest using $user in combination with a redirect script to redirect the user to his own custom location.

[reply] [top]

---

[»] Announcement (repeated)
by dyna18 - Jun 27th 2003 02:45:19

Please don't use the comment section for reports of bugs or questions.

If you got a question, you can e-mail me. All questions or bugs posted here will not be responded to!

Only use this comment section to give your opinion about phpSecurePages.

Paul Kruyt

[reply] [top]

[»] Re: Announcement (repeated)
by storm976 - Nov 25th 2003 19:05:21

Where has Paul gone???? No e-mail addy found thats a shame, I liked his app, but the setting tables up in sql needs some work in the documentation.. Later Storm976

[reply] [top]

---

[»] vulnerability in version 0.28 beta
by coldfront - Jun 25th 2003 19:19:52

I found a security hole in checklogin.php. Session variable $login is being set BEFORE the user is authenticated. How did you guys miss this one? $login should never be populated by the form handler. A temporary variable should be used instead, and $login should only be set in the session AFTER the user is successfully authenticated. In addition it should be explicity nulled for EACH failure case.

If your application code uses construct such as:
if( $login ) {
echo "<P> Logged in as '$login'.\n";
} else {
echo "<P> Not logged in.\n";
} then you may be vulnerable to this problem.

To test: access your login page and enter a fake username and password. phpSP denies access but has already set $login in the session. Use the Back button a few times until you hit the page you were at before clicking login. At that point your site may think there is a valid user logged in.

To fix: several methods, but I created a new session var called "authenicated" which is set at the proper time. Now I check for both $login && $authenicated.

Mr. Kruyt, your email address is nowhere to be found on the phpSP website. Thus I am posting here.

Regards,
Andrew Logue.

[reply] [top]

[»] Re: vulnerability in version 0.28 beta
by dyna18 - Jun 27th 2003 02:40:43


> I found a security hole in
> checklogin.php. Session variable $login
> is being set BEFORE the user is
> authenticated. How did you guys miss
> this one? $login should never be
> populated by the form handler. A
> temporary variable should be used
> instead, and $login should only be set
> in the session AFTER the user is
> successfully authenticated. In addition
> it should be explicity nulled for EACH
> failure case.

I want to express that there is no problem, such as described above. $login is always reset before being used, and as such it is not being populated by the form handler.
I also like to say that for each protected page, the autentication is always checked.


> If your application code uses construct
> such as:
> if( $login ) {
> echo "<P> Logged in as
> '$login'.\n";
> } else {
> echo "<P> Not logged
> in.\n";
> } then you may be vulnerable to this
> problem.

If you application used $login to check if the user is properly logged in, you have made a serious safty mistake on your webpage. The only thing $login does, is tell you the username the client logged in with.
Furthermore, if phpSecurePages is properly installed, there is a very strong check working to show if a user is logged in or not. Because a properly protected page, can NEVER be viewed by a not-logged in user.


>
> To test: access your login page and
> enter a fake username and password.
> phpSP denies access but has already set
> $login in the session. Use the Back
> button a few times until you hit the
> page you were at before clicking login.
> At that point your site may think there
> is a valid user logged in.
>
> To fix: several methods, but I created
> a new session var called
> "authenicated" which is set at
> the proper time. Now I check for both
> $login && $authenicated.

The above mentioned problem has nothing to do with the first described problem. This is a problem with the session not timing out properly. This only occurs if people fail to use the logout function, which is something that is highly recommended on public terminals for any situation and software.


> Mr. Kruyt, your email address is nowhere
> to be found on the phpSP website. Thus
> I am posting here.

It can be found in the readme.txt file
Futhermore I request to always use e-mail when having questions about phpSecurePages. Questions posted here will normally not be addressed.

Paul Kruyt
.

[reply] [top]

---

[»] PostGreSQL Support
by Igor Lulic - Jun 8th 2003 02:16:17

I've manually added PostGreSQL support into phpSecurePages, tested with PostGreSQL 7.1, 7.3, and with PHP4.

I've e-mailed Paul Kruyt with the code patch, using the e-mail address on the www.phpsecurepages.com, but I've gotten no response. Also, there seems to have been no activity on his site or on phpSecurePages in a while. Seems like the project is dead in the water.

Anyway, if anyone is interested in getting my code patch for PostGreSQL support, e-mail me at:
il11@mail.csuchico.edu

The way I've worked it into phpSecurePages makes it easy to switch, just add an option to configuration file to specify which database backend you want to use. The comments inside the file expain how that works.

I am also interested in getting md5 support working, so we can encrypt our communication using phpSecurePages, which should then make it much more secure. If anyone knows something about this subject, and want to help me out, contact me at the above e-mail address.

Word of caution: I am busy with moving and might take a while to respond to e-mails.

Igor Lulic

[reply] [top]

[»] md5 encryption
by twopeak - Mar 11th 2003 08:47:36

Is it possible to add encryption, so that the passwords are safer -> Several people do have acces to the database, but I don't want them to be able to see all passwords!

I've been looking around in the code, but I can't immediately find it.

And if you do so, it might be necessary to add an admin interface.

[reply] [top]

[»] Re: md5 encryption
by Taz Eat - Jun 19th 2003 16:29:46

True, The new version I have looked and tested it out personally! It looks great. It is very simple to use and to make scripts for. QUICK TUTORIAL ON ADDING USERS IN MD5 ENCRYPT!
1. Go to the security.php and change the setting to true.
--- If not using sign up script (EASIEST WAY) ---
2. Convert your pass into md5 hash. Simply go into any .php file that your server will parse and type this: (the space after the < and before the ? should be deleted but I left there simply because freshmeat deletes it :( but allwell you know it's not there)

< ?
echo md5('PASSWORD');
?>

Then open the page and see what it printed. This is your password encrypted!!! Any questions on this step ask someone with more knowledge then you (asking me is fine, my aim s/n is tazeat email address is taz_eat@hotmail.com).

3. Add it to your mysql database in my recomended way is using phpMYadmin. (Excellent software...)
Just paste the password as the encrypted password from step 2.
--- If using signup script ---
2. Before adding the password to mysql add this to it:
$password = md5($password);
and your pass is now encrypted!

To add to your mysql database
(assuming $user is their username and $password is there password)
//initial Vars
$dbase_host = "127.0.0.1";
$dbase_user = "root";
$dbase_pass = "PASS";
$dbase_base = "phpSecurePages";
$dbase_table = "phpsp_users";
$connect = @mysql_pconnect($dbase_host,$dbase_user, $dbase_pass);
mysql_select_db($dbase_base);
//save to mysql
mysql_query("INSERT INTO `$dbase_table` ( `user` , `password` ) VALUES ('$user', '$password')");


THAT SIMPLE, Thanx for your time and effort in reading this hope it helps!!! If any probs be my guest to correct or make this better!

Contact me on aim s/n "tazeat" or email "taz_eat@hotmail.com"!


> Is it possible to add encryption, so
> that the passwords are safer ->
> Several people do have acces to the
> database, but I don't want them to be
> able to see all passwords!
>
> I've been looking around in the code,
> but I can't immediately find it.
>
> And if you do so, it might be necessary
> to add an admin interface.
____________________________
Changing one noobie at a time....

[reply] [top]

---

[»] Re: md5 encryption
by Taz Eat - Jun 20th 2003 15:32:54

Another great way to get md5 hashes is to use this EXCELLENT program. http://www.damn.to/software/hashcalc.html Download this, it even shows many other hashes but md5 is the only one you need. ____________________________ Changing one noobie at a time...

[reply] [top]

---

[»] Can you help me, i wanna make other scripts use the same users data base
by Younes - Jan 14th 2003 09:58:38

Hi all,
It's really nice of to provide such a good script for free, and i'm really greedy and i want to ask you some questions :).
I want to use this great script with other two great scripts, and i want them all to use the same database of users, can i do this? how can i do it? do i need to make the users database with certain anything (table names, field names, specificatins, structure,... anything)?
Also can i make some changes in the great script to make it use cookies to remember users, and to make it recognize users that have already logged on while using the other two scripts? where do you suggest to make these changes?
It'd be really nice of you to answer, even to tell me that yo'll answer later, but i really wish that you answer me soon.
Thank you very much for everything, and goodbye with myu best wishes,

sincerely yours,
Younes

[reply] [top]

[»] dynamic table
by ericardo - Dec 19th 2002 18:58:31

i have a dynamic table that show a limted number of record per view. and i have a link for next, back, first and last page of the total records.

<table border="0">
<tr>
<td>IDCategoria</td>
<td>Codigo</td>
<td>Descripcion</td>
</tr>
<?php do { ?>
<tr>
<td><?php echo $row_Recordset1['IDCategoria']; ?></td>
<td><?php echo $row_Recordset1['Codigo']; ?></td>
<td><?php echo $row_Recordset1['Descripcion']; ?></td>
</tr>
<?php } while ($row_Recordset1 = mysql_fetch_assoc($Recordset1)); ?>
</table>

if the page are refresh is all rigth but when i link to the next 20 records then show me the logon page again.

There is the code to go next record:

<?php if ($pageNum_Recordset1 < $totalPages_Recordset1) { // Show if not last page ?>
<a href="<?php printf("%s?pageNum_Recordset1=%d%s", $currentPage, min($totalPages_Recordset1, $pageNum_Recordset1 + 1), $queryString_Recordset1); ?>">Siguiente</a>

any suggestion??

[reply] [top]

[»] Where to set a extra cookie?
by Tom - Sep 22nd 2002 14:18:31

Is it possible to set an extra cookie somewhere in the code?
I need such a cookie to use special functions in my own scripts.
e.g. to show admin-links in pages without the protection from phpSecurePages

Thanks in advance!!

Tom

[reply] [top]

[»] Announcement
by dyna18 - Aug 12th 2002 08:40:11

Please don't use the comment section for reports of bugs or questions.

If you got a question, you can e-mail me. All questions or bugs posted here will not be noted!

Only use this comment section to give your opinion about phpSecurePages.

[reply] [top]

[»] Re: Announcement
by ericardo - Dec 19th 2002 18:42:46

This is a very good project but how i can get your attention? I send you 6 mails and never i received a feedback form you

[reply] [top]

---

[»] Building a portal, but with problems
by Mikael Bjerkeland - Aug 12th 2002 05:33:32

I am building a portal. Every page which is included in the portal has got the include at the top and the minrequired userlevel thing.

The main-layout webpage has got some includes. Like: left-menu, right-menu and main.

So, I get this error....



Fatal error: Cannot redeclare admemail() in /mnt/home2/b/bl/blitzer9/public_html/enebakk/phpSecurePages/secure.php on line 128


Any suggestions??

[reply] [top]

[»] Re: Building a portal, but with problems
by Paradox - Aug 23rd 2002 19:21:26

I'm getting the same error. Did you ever find a solution for the problem? I went into the code and disabled the use of the admemail() function and now the program technically works, except it never actually display's the page that's protected, but I no longer get the error. I'm stuck as well and am trying to use this on a couple of sites. If I can get this thing running I will probably purchase it, but obviously I want it to work first.

--Paradox


> I am building a portal. Every page which
> is included in the portal has got the
> include at the top and the minrequired
> userlevel thing.
>
> The main-layout webpage has got some
> includes. Like: left-menu, right-menu
> and main.
>
> So, I get this error....
>
>
>
> Fatal error: Cannot redeclare admemail()
> in
> /mnt/home2/b/bl/blitzer9/public_html/enebakk/phpSecurePages/secure.php
> on line 128
>
>
> Any suggestions??
>


--
~~~~~~~~~~~ Paradox

[reply] [top]

---

[»] Re: Building a portal, but with problems
by mikeg - Aug 29th 2002 09:18:52

I had same problem, I fixed it, but can't remember exactly how
I think the problem is caused by directory paths:-
When you include a PHP file, the current directory stays the same.
So if that PHP file then includes another file
the directory path is relative to where you started.
I've got a vague idea that the problem i had was due to calling one of my pages logout.php
when i linked to my logout.php page it included secure.php on the first line
which is meant to include logout.php (from phpsecurepages directory)
but instead includes the file form the current directory.
this then comes up with an error because php is being asked to redeclare the functions it just declared
I got round this by adding following lines in secure.php

/****** Installation ******/
chdir('C:\inetpub\wwwroot\phpSecurePages');

$cfgProgDir = '../phpSecurePages/';
// location of phpSecurePages calculated from the root of the server
// Example: if you installed phpSecurePages on http://www.mydomain.com/phpSecurePages/
// the value would be $cfgProgDir = '/phpSecurePages/'

the first line is to change directory back to phpSecurePages directory,
so whenever you include secure.php it's looking in the right place.
the second line was from a previous version of phpSecurePages, it might not need it.
I hope this helps

[reply] [top]

---

[»] problem with super globals, pt2 and solution
by Michael Geier - Jul 30th 2002 01:36:53

I just examined the code (running PHP-SP 0.27b and PHP 4.2.2) and made modifications to checklogin.php and interface.php so that they work with "register_globals" == Off (which is the default in the current PHP installation and more secure).

If you need a copy of those two files, I could put the source up somewhere. Mainly it is just changing a number of variable naming conventions ($var => $_POST['var'] or $_SERVER['var']).

Feel free to contact me (see user information for email address) concerning these files. Hopefully the author can get these updated in the next release.

[reply] [top]

[»] Re: problem with super globals, pt2 and solution
by dyna18 - Aug 9th 2002 18:54:08

Both problems with super globals mentioned here in the comments are solved in version 0.28b It was caused by broken backward compatibility by php of version 4.2.0 and higher.

[reply] [top]

---

[»] problem with super globals
by Michael Geier - Jul 23rd 2002 01:57:26

currently, in version 0.27 beta, if "register_globals" is off (ie. 1), the package will not function.

adding "ini_set('register_globals',1);" to top of secure.php temporarily solves problem.

[reply] [top]

[»] Re: problem with super globals
by mike - Jul 27th 2002 04:58:39

hey, ive been workin on my website alot lately and ive been getting more and more into php, it seems amazing to me. but i have a problem on my side using phpsecurepages, i dont know how to login, everything is setup but i've tried to figure out where i find my username and password so i can change it, the mysql tables are setup correctly i believe but i'm new to mysql, so i'm not sure if i enter the userlogin and password into the table itself or its in the secure.php, please please respond to this, im so stuck! my email is xcrazymike@cilabs.com, could u please email me or respond on here if you know where ive gone wrong, my aol name is killaCracka6969, thanx alot guys

--
hi

[reply] [top]

---