- Posts: 16
- Thank you received: 0
Welcome to the LimeSurvey Community Forum
Ask the community, share ideas, and connect with other LimeSurvey users!
Home page password protect
- Andrewsss
- Topic Author
- Offline
- New Member
Less
More
3 years 11 months ago - 3 years 11 months ago #196180
by Andrewsss
Home page password protect was created by Andrewsss
Hi, I need protect my home page with a password, and I try use this code
Code works fine, I entered credentials but then I get error from limesurvey "400:Error The CSRF can't be verified". and when I reloaded the page with this error only then I see the content in page.
How can I fix that?
Thanks.
Code:
<?php ############################################################### # Page Password Protect 2.13 ############################################################### # Visit http://www.zubrag.com/scripts/ for updates ############################################################### # # Usage: # Set usernames / passwords below between SETTINGS START and SETTINGS END. # Open it in browser with "help" parameter to get the code # to add to all files being protected. # Example: password_protect.php?help # Include protection string which it gave you into every file that needs to be protected # # Add following HTML code to your page where you want to have logout link # <a href="http://www.example.com/path/to/protected/page.php?logout=1">Logout</a> # ############################################################### /* ------------------------------------------------------------------- SAMPLE if you only want to request login and password on login form. Each row represents different user. $LOGIN_INFORMATION = array( 'zubrag' => 'root', 'test' => 'testpass', 'admin' => 'passwd' ); -------------------------------------------------------------------- SAMPLE if you only want to request only password on login form. Note: only passwords are listed $LOGIN_INFORMATION = array( 'root', 'testpass', 'passwd' ); -------------------------------------------------------------------- */ ################################################################## # SETTINGS START ################################################################## // Add login/password pairs below, like described above // NOTE: all rows except last must have comma "," at the end of line $LOGIN_INFORMATION = array( 'zubrag' => 'root', 'admin' => 'adminpass' ); // request login? true - show login and password boxes, false - password box only define('USE_USERNAME', true); // User will be redirected to this page after logout define('LOGOUT_URL', 'http://www.example.com/'); // time out after NN minutes of inactivity. Set to 0 to not timeout define('TIMEOUT_MINUTES', 0); // This parameter is only useful when TIMEOUT_MINUTES is not zero // true - timeout time from last activity, false - timeout time from login define('TIMEOUT_CHECK_ACTIVITY', true); ################################################################## # SETTINGS END ################################################################## /////////////////////////////////////////////////////// // do not change code below /////////////////////////////////////////////////////// // show usage example if(isset($_GET['help'])) { die('Include following code into every page you would like to protect, at the very beginning (first line):<br>&lt;?php include("' . str_replace('\\','\\\\',__FILE__) . '"); ?&gt;'); } // timeout in seconds $timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60); // logout? if(isset($_GET['logout'])) { setcookie("verify", '', $timeout, '/'); // clear password; header('Location: ' . LOGOUT_URL); exit(); } if(!function_exists('showLoginPasswordProtect')) { // show login form function showLoginPasswordProtect($error_msg) { ?> <html> <head> <title>Please enter password to access this page</title> <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE"> <META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE"> </head> <body> <style> input { border: 1px solid black; } </style> <div style="width:500px; margin-left:auto; margin-right:auto; text-align:center"> <form method="post"> <h3>Please enter password to access this page</h3> <font color="red"><?php echo $error_msg; ?></font><br /> <?php if (USE_USERNAME) echo 'Login:<br /><input type="input" name="access_login" /><br />Password:<br />'; ?> <input type="password" name="access_password" /><p></p><input type="submit" name="Submit" value="Submit" /> </form> <br /> <a style="font-size:9px; color: #B0B0B0; font-family: Verdana, Arial;" href="http://www.zubrag.com/scripts/password-protect.php" title="Download Password Protector">Powered by Password Protect</a> </div> </body> </html> <?php // stop at this point die(); } } // user provided password if (isset($_POST['access_password'])) { $login = isset($_POST['access_login']) ? $_POST['access_login'] : ''; $pass = $_POST['access_password']; if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION) || (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass ) ) ) { showLoginPasswordProtect("Incorrect password."); } else { // set cookie if password was validated setcookie("verify", md5($login.'%'.$pass), $timeout, '/'); // Some programs (like Form1 Bilder) check $_POST array to see if parameters passed // So need to clear password protector variables unset($_POST['access_login']); unset($_POST['access_password']); unset($_POST['Submit']); } } else { // check if password cookie is set if (!isset($_COOKIE['verify'])) { showLoginPasswordProtect(""); } // check if cookie is good $found = false; foreach($LOGIN_INFORMATION as $key=>$val) { $lp = (USE_USERNAME ? $key : '') .'%'.$val; if ($_COOKIE['verify'] == md5($lp)) { $found = true; // prolong timeout if (TIMEOUT_CHECK_ACTIVITY) { setcookie("verify", md5($lp), $timeout, '/'); } break; } } if (!$found) { showLoginPasswordProtect(""); } } ?>
Code works fine, I entered credentials but then I get error from limesurvey "400:Error The CSRF can't be verified". and when I reloaded the page with this error only then I see the content in page.
How can I fix that?
Thanks.
Last edit: 3 years 11 months ago by Andrewsss.
The topic has been locked.
- bismark
- Offline
- Senior Member
Less
More
- Posts: 70
- Thank you received: 15
3 years 11 months ago - 3 years 11 months ago #196211
by bismark
Replied by bismark on topic Home page password protect
that doesnt make sense to me. What homepage do you want to protect?
Limesurveys backend is password protected.
Where you want to include this script?
All you need to do is to replace the opening form tag with
and the closing form tag with
then require your script in index.php before $app->run();
Limesurveys backend is password protected.
Where you want to include this script?
All you need to do is to replace the opening form tag with
Code:
<?php echo CHtml::beginForm(); ?>
and the closing form tag with
Code:
<?php echo CHtml::endForm(); ?>
then require your script in index.php before $app->run();
Last edit: 3 years 11 months ago by bismark.
The following user(s) said Thank You: Andrewsss
The topic has been locked.
- Andrewsss
- Topic Author
- Offline
- New Member
Less
More
- Posts: 16
- Thank you received: 0
3 years 11 months ago #196225
by Andrewsss
Replied by Andrewsss on topic Home page password protect
I want protect front end home page with survey list.
The topic has been locked.
- Joffm
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 12785
- Thank you received: 3940
3 years 11 months ago #196229
by Joffm
Volunteers are not paid.
Not because they are worthless, but because they are priceless
Replied by Joffm on topic Home page password protect
Why not use the .htaccess and .htpasswd?
Joffm
Joffm
Volunteers are not paid.
Not because they are worthless, but because they are priceless
The following user(s) said Thank You: Andrewsss
The topic has been locked.
- gabrieljenik
- Offline
- Official LimeSurvey Partner
Less
More
- Posts: 272
- Thank you received: 45
3 years 11 months ago #196239
by gabrieljenik
Solutions, code and workarounds presented in these forums are given without any warranty, implied or otherwise.
Checkout our Reporting Solutions and our plugin shop at www.encuesta.biz .
Replied by gabrieljenik on topic Home page password protect
On config settings, there is a place where you can setup path for insecure posts.
Solutions, code and workarounds presented in these forums are given without any warranty, implied or otherwise.
Checkout our Reporting Solutions and our plugin shop at www.encuesta.biz .
The following user(s) said Thank You: Andrewsss
The topic has been locked.
- Andrewsss
- Topic Author
- Offline
- New Member
Less
More
- Posts: 16
- Thank you received: 0
3 years 11 months ago #196251
by Andrewsss
Replied by Andrewsss on topic Home page password protect
I try .htaccess and .htpasswd but when I try to log in I get "Internal Server Error"
The topic has been locked.
- Andrewsss
- Topic Author
- Offline
- New Member
Less
More
- Posts: 16
- Thank you received: 0
3 years 11 months ago - 3 years 11 months ago #196252
by Andrewsss
Replied by Andrewsss on topic Home page password protect
Maybe you can tell me more, I can't find...
The best option it was when simple user (not administrator) try to open home page with survey list he must enter hes surveys token and if token valid only then he can see survey list.
The best option it was when simple user (not administrator) try to open home page with survey list he must enter hes surveys token and if token valid only then he can see survey list.
Last edit: 3 years 11 months ago by Andrewsss.
The topic has been locked.