I've come up with something (very early stages), but it's by no means secure and I'm having problems with it. Anyone with a tiny bit of coding skills should be able to fix this.
It's just a PHP powered user/pass script that I've copied, pasted and edited (I cannot code for toffee)
First off, I've given the index.php (frameset) a new name (mfpindex.php) and the script redirects to it. It does not secure access because mediafrontpage.php is still accessible bypassing it and also, leaving the fields blank automatically logs in.
If you enter the wrong details in it denies access.
I'm using a .htaccess file to redirect to the login page.
I think the CSS file should also be linked if possible.
Here's a JPG of it -
and here is the basic code.
Code:
<?php
# Create as many usernames and passwords as you wish below.
# Format : $u['username'] = 'password';
# If possible do not associate the same password with more than one username.
# If you wish to remove authentication from the system simply remove any user details below.
$u['Username'] = 'password';
# This can be any value. It is recommended that this value is a variable to ensure maximum security.
# The default is todays date as this value is variable.
$secretkey = date("m.d.y");
##
## No need to edit below.
##
if (@$_GET['do'] == 'logout') {
setcookie ("user", '', time() - 12200);
setcookie ("token", '', time() - 12200);
$ref = $_SERVER['HTTP_REFERER'];
header("Location: $ref");
}
if (!empty($u)) {
if(@$_GET['do'] == 'login') {
$username = $_POST['username'];
$password = $_POST['password'];
if( array_search($password, $u) == $username && $u[$username] == $password ) {
setcookie ("user", $username, time() + 12200);
setcookie ("token", sha1($username.$secretkey), time() + 12200);
header('Location: mfpindex.php');
} else {
show_login("Username & Password Do Not Match.");
die();
}
}
if (!$_COOKIE['token'] || !$_COOKIE['user'])
{
show_login("MediaFrontPage Login");
die();
} else {
if ( sha1($_COOKIE['user'].$secretkey) !== $_COOKIE['token'] ) {
setcookie ("user", "", time() - 3600);
setcookie ("token", "", time() - 3600);
show_login("MediaFrontPage Login");
die();
}
}
}
function show_login($message) {
?>
<style type="text/css">
body {
background:url(../media/background.png) #222528;
font-family: 'Helvetica Neue','HelveticaNeue',Helvetica, Arial, sans-serif;
font-size:12px;
line-height:140%;
color: #FF9522;
height: 100%;
margin: 5px 5px;
}
input {
background-color: #EEE;
padding: 5px;
border: 1px solid #CCC;
}
#logintable {
font-family: Arial, Helvetica, sans-serif;
background:url(../media/background.png) #222528;
border: 1px solid #ccc;
color: #FF9522;
box-shadow:0px 0px 8px #FF9522;
-moz-box-shadow:0px 0px 8px #FF9522;
-webkit-box-shadow:0px 0px 8px #FF9522;
-webkit-border-radius: 5px;
-moz-border-radius: 5px;
border-radius: 5px;
padding:10px;
}
.message {
text-align: center;
padding: 20px;
font-size: 24px;
text-shadow: 1px 1px 0px #666666;
filter: dropshadow(color=#666666, offx=2, offy=2);
}
</style>
<form action="index.php?do=login" method="post">
<div class="message"><?php echo $message; ?></div>
<table width="258" border="0" align="center" cellpadding="05" cellspacing="0" id="logintable"> <tr>
<td width="80"> </td>
<td width="192"> </td>
</tr>
<tr>
<td>Username</td>
<td><label for="username"></label>
<input name="username" type="text" id="username" value="User"></td>
</tr>
<tr>
<td>Password</td>
<td><label for="password"></label>
<input name="password" type="password" id="password" value="Pass"></td>
</tr>
<tr>
<td> </td>
<td> </td>
</tr>
<tr>
<td> </td>
<td align="right"><input type="submit" name="button" id="button" value="Submit"></td>
</tr>
</table>
</form>
<?php
}
?>
Like I said, leaving the fields blank allows the user to load the frameset file.