Welcome to the LimeSurvey Community Forum

Ask the community, share ideas, and connect with other LimeSurvey users!

Home page password protect

  • Andrewsss
  • Andrewsss's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
3 years 11 months ago - 3 years 11 months ago #196180 by Andrewsss
Home page password protect was created by Andrewsss
Hi, I need protect my home page with a password, and I try use this code
Code:
<?php
 
###############################################################
# Page Password Protect 2.13
###############################################################
# Visit http://www.zubrag.com/scripts/ for updates
############################################################### 
#
# Usage:
# Set usernames / passwords below between SETTINGS START and SETTINGS END.
# Open it in browser with "help" parameter to get the code
# to add to all files being protected. 
#    Example: password_protect.php?help
# Include protection string which it gave you into every file that needs to be protected
#
# Add following HTML code to your page where you want to have logout link
# <a href="http://www.example.com/path/to/protected/page.php?logout=1">Logout</a>
#
###############################################################

/*
-------------------------------------------------------------------
SAMPLE if you only want to request login and password on login form.
Each row represents different user.
 
$LOGIN_INFORMATION = array(
  'zubrag' => 'root',
  'test' => 'testpass',
  'admin' => 'passwd'
);
 
--------------------------------------------------------------------
SAMPLE if you only want to request only password on login form.
Note: only passwords are listed
 
$LOGIN_INFORMATION = array(
  'root',
  'testpass',
  'passwd'
);
 
--------------------------------------------------------------------
*/
 
##################################################################
#  SETTINGS START
##################################################################

// Add login/password pairs below, like described above
// NOTE: all rows except last must have comma "," at the end of line
$LOGIN_INFORMATION = array(
  'zubrag' => 'root',
  'admin' => 'adminpass'
);
 
// request login? true - show login and password boxes, false - password box only
define('USE_USERNAME', true);
 
// User will be redirected to this page after logout
define('LOGOUT_URL', 'http://www.example.com/');
 
// time out after NN minutes of inactivity. Set to 0 to not timeout
define('TIMEOUT_MINUTES', 0);
 
// This parameter is only useful when TIMEOUT_MINUTES is not zero
// true - timeout time from last activity, false - timeout time from login
define('TIMEOUT_CHECK_ACTIVITY', true);
 
##################################################################
#  SETTINGS END
##################################################################

 
///////////////////////////////////////////////////////
// do not change code below
///////////////////////////////////////////////////////
 
// show usage example
if(isset($_GET['help'])) {
  die('Include following code into every page you would like to protect, at the very beginning (first line):<br>&amp;lt;?php include("' . str_replace('\\','\\\\',__FILE__) . '"); ?&amp;gt;');
}
 
// timeout in seconds
$timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60);
 
// logout?
if(isset($_GET['logout'])) {
  setcookie("verify", '', $timeout, '/'); // clear password;
  header('Location: ' . LOGOUT_URL);
  exit();
}
 
if(!function_exists('showLoginPasswordProtect')) {
 
// show login form
function showLoginPasswordProtect($error_msg) {
?>
<html>
<head>
  <title>Please enter password to access this page</title>
  <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
  <META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
</head>
<body>
  <style>
    input { border: 1px solid black; }
  </style>
  <div style="width:500px; margin-left:auto; margin-right:auto; text-align:center">
  <form method="post">
    <h3>Please enter password to access this page</h3>
    <font color="red"><?php echo $error_msg; ?></font><br />
<?php if (USE_USERNAME) echo 'Login:<br /><input type="input" name="access_login" /><br />Password:<br />'; ?>
    <input type="password" name="access_password" /><p></p><input type="submit" name="Submit" value="Submit" />
  </form>
  <br />
  <a style="font-size:9px; color: #B0B0B0; font-family: Verdana, Arial;" href="http://www.zubrag.com/scripts/password-protect.php" title="Download Password Protector">Powered by Password Protect</a>
  </div>
</body>
</html>
 
<?php
  // stop at this point
  die();
}
}
 
// user provided password
if (isset($_POST['access_password'])) {
 
  $login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
  $pass = $_POST['access_password'];
  if (!USE_USERNAME &amp;&amp; !in_array($pass, $LOGIN_INFORMATION)
  || (USE_USERNAME &amp;&amp; ( !array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass ) ) 
  ) {
    showLoginPasswordProtect("Incorrect password.");
  }
  else {
    // set cookie if password was validated
    setcookie("verify", md5($login.'%'.$pass), $timeout, '/');
 
    // Some programs (like Form1 Bilder) check $_POST array to see if parameters passed
    // So need to clear password protector variables
    unset($_POST['access_login']);
    unset($_POST['access_password']);
    unset($_POST['Submit']);
  }
 
}
 
else {
 
  // check if password cookie is set
  if (!isset($_COOKIE['verify'])) {
    showLoginPasswordProtect("");
  }
 
  // check if cookie is good
  $found = false;
  foreach($LOGIN_INFORMATION as $key=>$val) {
    $lp = (USE_USERNAME ? $key : '') .'%'.$val;
    if ($_COOKIE['verify'] == md5($lp)) {
      $found = true;
      // prolong timeout
      if (TIMEOUT_CHECK_ACTIVITY) {
        setcookie("verify", md5($lp), $timeout, '/');
      }
      break;
    }
  }
  if (!$found) {
    showLoginPasswordProtect("");
  }
 
}
 
?>

Code works fine, I entered credentials but then I get error from limesurvey "400:Error The CSRF can't be verified". and when I reloaded the page with this error only then I see the content in page.

How can I fix that?

Thanks.
Last edit: 3 years 11 months ago by Andrewsss.
The topic has been locked.
More
3 years 11 months ago - 3 years 11 months ago #196211 by bismark
Replied by bismark on topic Home page password protect
that doesnt make sense to me. What homepage do you want to protect?
Limesurveys backend is password protected.

Where you want to include this script?
All you need to do is to replace the opening form tag with
Code:
<?php echo CHtml::beginForm(); ?>



and the closing form tag with
Code:
<?php echo CHtml::endForm(); ?>



then require your script in index.php before $app->run();
Last edit: 3 years 11 months ago by bismark.
The following user(s) said Thank You: Andrewsss
The topic has been locked.
  • Andrewsss
  • Andrewsss's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
3 years 11 months ago #196225 by Andrewsss
Replied by Andrewsss on topic Home page password protect
I want protect front end home page with survey list.
The topic has been locked.
  • Joffm
  • Joffm's Avatar
  • Offline
  • LimeSurvey Community Team
  • LimeSurvey Community Team
More
3 years 11 months ago #196229 by Joffm
Replied by Joffm on topic Home page password protect
Why not use the .htaccess and .htpasswd?

Joffm

Volunteers are not paid.
Not because they are worthless, but because they are priceless
The following user(s) said Thank You: Andrewsss
The topic has been locked.
  • gabrieljenik
  • gabrieljenik's Avatar
  • Offline
  • Official LimeSurvey Partner
  • Official LimeSurvey Partner
More
3 years 11 months ago #196239 by gabrieljenik
Replied by gabrieljenik on topic Home page password protect
On config settings, there is a place where you can setup path for insecure posts.

Solutions, code and workarounds presented in these forums are given without any warranty, implied or otherwise.

Checkout our Reporting Solutions and our plugin shop at www.encuesta.biz .

The following user(s) said Thank You: Andrewsss
The topic has been locked.
  • Andrewsss
  • Andrewsss's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
3 years 11 months ago #196251 by Andrewsss
Replied by Andrewsss on topic Home page password protect
I try .htaccess and .htpasswd but when I try to log in I get "Internal Server Error"
The topic has been locked.
  • Andrewsss
  • Andrewsss's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
3 years 11 months ago - 3 years 11 months ago #196252 by Andrewsss
Replied by Andrewsss on topic Home page password protect
Maybe you can tell me more, I can't find...
The best option it was when simple user (not administrator) try to open home page with survey list he must enter hes surveys token and if token valid only then he can see survey list.
Last edit: 3 years 11 months ago by Andrewsss.
The topic has been locked.

Lime-years ahead

Online-surveys for every purse and purpose