I don't understand number 4 of the installation instructions. Add the following line to the page you wish to password protect. This line should be included as the first line in php.

* require('sas.php');
Where exactly does this line go and do I need to have the .php extension for my home page? I'm pretty good with html but I have no idea how to make this line the "first line in php."

Where exactly does this line go

The line require('sas.php'); needs to be placed as the first line of your file would look something like this:

<?php require('sas.php'); ?>

do I need to have the .php extension for my home page?

You need the .php extension for any page that uses the SAS script.

It is possible to use SAS (or any PHP code) also on files with the .html ending, but
this depends on your server setup. Unless you know how to make your .html pages parsed by php, you can only place this script on .php pages. I've added an article in the Developer Blog on how to get your .html page to parse PHP.

Hi,
would it break your script if I used an image for submitting the form?

would it break your script if I used an image for submitting the form?

Using an image to submit the form won't break the script. To do this, simple replace the submit input with an image input.

Step by step:

1) Find <input type="submit" value="Login"> in the file sas.php

2) Replace with <input type="image" src="your_image_here.gif">

3) Save and upload

If you find your button doesn't vertically align with the password input field, add the following code to the style section in sas.php (under input {border:1px solid #606060; background: #DDDDDD} is fine).

input[type="image"] {vertical-align:middle}

Hi, just downloaded your script - looks great and seems to do the job - however, when run under (windows IIS) localhost it returns the error message: "PHP Notice: Undefined index: sub in c:\Inetpub\wwwroot\scripts\php\users\SAS\sas.php on line 63 PHP Notice: Undefined index: sascookie in c:\Inetpub\wwwroot\scripts\php\users\SAS\sas.php on line 72" but runs fine with no errors on my website server - what's the reason for this?

It works but I am getting two errors.

Notice: Undefined index: sub in C:\Program Files\Apache Group\Apache2\htdocs\sas.php on line 63

Notice: Undefined index: sascookie in C:\Program Files\Apache Group\Apache2\htdocs\sas.php on line 72

I am running PHP 5. I am a PHP newbie.

[...] when run under (windows IIS) localhost it returns the error message [...] but runs fine with no errors on my website server - what's the reason for this?

The reason you're getting an error on your local machine and not your website server is because the error reporting level for PHP is set differently on your local machine and on your web site server.

Admittedly, I did introduced the "Undefined variable" error by not checking that the variables, $_POST['sub'] and $_COOKIE[$cookiename], existed before trying to access them.

There are a couple of solutions to this problem:

1. Change the error reporting for this script
3. Download the script again

To change the error reporting for this script, add the following code to line 2 of the file sas.php. This will change the error reporting (of this script only) to report all errors, except php notices. This level of reporting is the default value set in php.ini. You will still see all PHP errors and warnings with this reporting level.

error_reporting(E_ALL ^ E_NOTICE);

The easiest solution to this undefined variable error is to download the script again. The updated version of Simple Authorization Script is available from the SAS download page.

Thanks to Will and Roy for reporting this error.

How do you log out?

How do you log out?

There was no manual logout feature for SAS. There's an "automatic" logout when the password expires for the visitor. The expiry time is set at 1 hour as a default ($expirytime).

I've now added a manual logout feature for SAS. The new script is available at the download page. Instructions on how to use it can be found on the installation page.

Excellent
this doc is really helpfull

Hi,

I installed this script to use it as a kind of spam filter.

I have a phpbb forum running, with a guestbook mod ( Advanced Guestbook: http://www.phpbbhacks.com/download.php?id=966 ) installed. Problem is some days I have about 10-20 spam entrys. So I thought I install SAS to force the user to enter "accept" before he is able to make a new entry.

It is working, but only on Firefox, not on Internet Explorer.

In IE the user enters "accept", he gets to the entry form (addentry.php), but if he wants to post that entry, he gets back to the SAS form...

Now I know this is not a bug of your script, but I was hoping you may know a solution...

I don't know php really, but I tried changing require in require_once, but then the SAS stops working.

Thx for any help!

Did have a question but i figured it out. sorry

How do i change the logout button to an image?
Thankyou

In IE the user enters "accept", he gets to the entry form (addentry.php), but if he wants to post that entry, he gets back to the SAS form...

I had a quick look at the form on addentry.php and it doesn't look as if it would conflict with Simple Authorization Script's form. The fact that the script worked on Firefox but not Internet Explorer suggests that it's a browser preference problem. Does your IE browser have cookies enabled?

To enable cookies on Internet Explorer 6, follow these instructions:

1. Open up Internet Explorer
2. In the menu, select "Tools" then "Internet Options"
3. Select the "Privacy" tab
4. Drag the vertical slider down until you see the description "Accept all cookies"
5. Click on the "Apply" button

Unfortunately, SAS won't work without cookies enabled on the browser. That's the trade off when you don't want to use a database to store passwords. The problem with redirection to the SAS form is typical when cookies aren't accepted.

Interesting use for SAS by the way, very creative.

Hope that solves the problem.

Hi,
Firstly, thx for these scripts!
I'm not very savy in .php or html.
I'm not succeeding in placing the " require('sas.php'); " line to my pages. It ends up showing up as text on the browser. I've yet to try if it actually triggers the password process. Where exactly should I put it?....Before or after the lead or what?
Thx in advance for your help.
Richard

[...] I'm not succeeding in placing the " require('sas.php'); " line to my pages. It ends up showing up as text on the browser. [...] Where exactly should I put it?....Before or after the lead or what?

Firstly, let me say that debugging is hard enough as it is. I'll do my best without actually seeing the code you're using. Here goes:

Question 1: Do your web pages configured to parse PHP?

If yes, continue reading.

If no, there's nothing I can do until your web pages are able to parse PHP.

Question 2: What page extensions are you using? .php? .html? .htm?

Not all page extensions will parse PHP, it depends on how your PHP configuration file is setup on the server. You can, however, configure your web site by using your .htaccess to instruct requests with the page extension .html (or .htm) to parse PHP. See this page on parsing PHP on .html pages for instructions.

Question 3: Did you put the line " require('sas.php'); " within PHP?

The line require('sas.php'); needs to be the first line in PHP. This line should be within PHP brackets and should look like:

<?php require('sas.php'); ?>

Try putting the " require('sas.php'); " line (with the brackets as above) as line 1 of your file, before any HTML.

I'm not sure what of the meaning of this question: "Before or after the lead or what?" What is the lead?

Dead easy, even for a PHP numb-nuts like me. Thanks for the script.

Hi , the script worked at first .
But after 5-6 hours , without making any changes to sas.php , only to some files i need to be protected ( i added some background pictures ) it stopped working , giving me the following error :
Fatal error: Cannot redeclare setmycookie() in c:\apache\htdocs\admin\adauga\sas.php on line 31

[...] after 5-6 hours , without making any changes to sas.php , only to some files i need to be protected ( i added some background pictures ) it stopped working , giving me the following error :
Fatal error: Cannot redeclare setmycookie() in c:\apache\htdocs\admin\adauga\sas.php on line 31

Unfortunately, there's no such thing as a time-limited script. If the script stopped working, no matter how much time has passed, it means something was changed. This particular error, "Fatal error: Cannot redeclare setmycookie() in c:\apache\htdocs\admin\adauga\sas.php on line 31", means that the function called setmycookie(), which is in sas.php starting on line 31, is duplicated.

Check to make sure that you only use <?php require('sas.php'); ?> once.

If this isn't the problem, then my question would be: Have you installed any other scripts that use cookies? There may be a conflict in function names, that is, two scripts might have the same function name, setmycookie().

To resolve the conflict in function names, follow these steps:

1. Open up sas.php

2. Search for "setmycookie" and replace with "sas_setmycookie"

3. Save and upload sas.php

If it's not either of these two possibilities, then I'll need to take a look at the source code before giving further advice.

Back Button -

Once I log out, I can view all the protected pages just by using the back button. How can I truly secure these pages - ie force sas.php to be included even when page is navigated to using the back button?

Back Button -

Once I log out, I can view all the protected pages just by using the back button. How can I truly secure these pages - ie force sas.php to be included even when page is navigated to using the back button?

It's not possible to force sas.php on pages when a visitor clicks the back button. It's a function of your browser to cache visited pages to reduce load time and bandwidth, and unfortunately, this is not a function that SAS can control.

Essentially, you'll need to tell the browser to "forget" that it has already visited the password protected page. To do this, you can include a meta tag to disallow caching on each of your password protected pages, that is, on each page where you've added require('sas.php');

Be warned: by adding this meta tag (Pragma:No-Cache), each page is fully reloaded by the browser ALL the time, which can slow down load time and increase bandwidth of both your visitor and your server.

See this article on how to add the Pragma:No-Cache meta tag.

Perfect program, exactly what I was looking for.
Very simple to use.

Just some suggestions.
For begginners like me, should add a sample sas.php page with no styles (except .error) so users wont get mixed up. Somes of the styles wont work dont know why.

I think that's all in fact !

Many Thanks I'll rate it.

Is there a way to have multiple users/passwords?

Is there a way to have multiple users/passwords?

SAS doesn't require usernames, only a password for login.

A multiple password SAS is in the works and almost done. I had hoped to have it released much sooner but other commitments are taking up much of my time.

If you wish to be notified of the release of the multiple password SAS, please send me your email via the contact form.

Thanks! This is so amazing, and I mean amazing! The scripts are fully modifiable and customizable, and easy to use as well. Plus it's php based, and since my webhost supports php not asp, I find it compatible not only for me, but also for most other users! The only glitch is that the password can be found not through "view source" (since it's php), but through saving the whole "sas.php" to a PC, and open with notepad. Anyway, you guys gave me the best script I found after lots of googling. Well done!

The prevoius comment mentioned "multiple user accounts", please do so, but just make the original one available as well!

downloaded the file; installed to server page. put in the require sas.php etc. and nothing happened. i assume the script is a 4 or 5 but the instructions are a minus 1.

The only glitch is that the password can be found not through "view source" (since it's php), but through saving the whole "sas.php" to a PC, and open with notepad.

Did you save the whole sas.php file to a PC from a internet browser? Doing so should only show the HTML source of the page, the password is not visible. As far as I know, it's not possible for a visitor to be able to "discover" the password by saving the sas.php file from the internet. At any rate, as most people would know, the safest way to password protect pages is through the use of .htaccess and .htpasswd.

The prevoius comment mentioned "multiple user accounts", please do so, but just make the original one available as well!

Both versions of SAS will be available once I find the time to complete the multiple password SAS.

downloaded the file; installed to server page. put in the require sas.php etc. and nothing happened. i assume the script is a 4 or 5 but the instructions are a minus 1.

Could you elaborate on the problem? Firstly, does your server support PHP? Which page did you added <? require('sas.php'); ?>? Which page did you open in your internet browser?

Perhaps by working together we can get the script working on your web page.

Doesn't work. directions were followed exactly, using latest version of php and apache software.

sas.php suffers from a parsing error that is impossible to correct.

Attempted to run it without editing anything, still got parsing error.

Doesn't work. directions were followed exactly, using latest version of php and apache software.

sas.php suffers from a parsing error that is impossible to correct.

Attempted to run it without editing anything, still got parsing error.

What's the parse error exactly? All parse errors are possible to correct. If you are able to supply more details, perhaps I could help you solve the problem.

Hi,
Excellent script. But there is something weird happening.
I installed on a test directory and worked fine (under site/test), but when I added sas to the page which I need to make secure the script stoped working (under site, no subdirectory). Basically nothing happens, when I call the page the authorization screen shows up, but doesn't matter what I input on the password field it keep coming back to the same sas page, no error message for wrong password.
But when I go back to the test site is still working.

... when I added sas to the page which I need to make secure the script stoped working

Where did you upload sas.php? In site/test or site/ ?

The file, sas.php, should be in the same directory as the web pages you want to password protect.

Althernatively, you can change the path of the require statement depending on the location of sas.php on your server.

If sas.php is in the same directory as the pages you want to password protect, use this require statement:

require('sas.php');

If sas.php is in your test directory, you'll need to use this require statement:

require('test/sas.php');

This is my guess of the solution to this problem, there really isn't enough information supplied for me to determine exactly what's going wrong.

Perhaps try uploading sas.php and demo.php directly from the zip file to your web accessible directory (e.g. httpdocs) of your web site. Try to load the page, demo.php from your web browser and test the unmodified script using the password "demo". Let me know if this generates the same problem. You can use the contact form to reply if you want to keep details private.

Hello there!

My Problem is following:

Using your Problems I integrated SAS into my site - but if I enter the correct login I receive following error message:

Warning: Cannot modify header information - headers already sent by (output started at /var/www/wimacon-html/intern.php:13) in /var/www/wimacon-html/intern/sas.php on line 36

Unfortunately I have absolutely no idea what it means.

Thinking I must have made a mistake somewhere along the line, I uploaded your original sas package - but if I use the correct login there (demo) - all I see next is a blank page, with following source code:

 followed by the head, body etc tags of an empty html page

I haven't got a clue what went wrong in both instances ...

Would be very grateful for an answer!

cheerio,
anna

Is there any way to add a line to the script that will add a checkbox where the user can chose to save the password they enter in? I am having trouble finding a php script to save a password

Also- The script works great except when I navigate back to the home page- it simply takes me to a blank screen- the address it the index.php address I am wanting to go to, but nothing is on the page. When I delete the cookies for that page I can refresh it and it is fine, but that is kind of annoying- is there any way to avoid this- the site address where I am using the script is http://www.thebirminghamathleticclub.com
--thanks in advance

Hi, have uploaded demo.php and sas.php to my site: www.kayes.be/chanvrier

In both Safari and IE, demo.php loads directly (without requesting the password), in Firefox, demo.php also loads directly but as source code. Is this a mac problem or a server problem?

Thanks for any help.

Up, running and working in a few minutes. Easy to use, easy to configure and works as intended.

Can't praise it enough.

I am trying to use sas.php on a page php page with a mysql database...when the user puts in the correct password they are able to view the page (this is good) however when they try to add a new record to the database they are asked to login again...any thought?

Bye the way...awsome script...when will the multiple passwords be ready?

I have used this on a site I have created. Your script was WONDERFUL, easy to install and well-coded. The instructions were also very straight forward and neat.

I slightly modified it so after one submits the password, the page goes to an "Authorization Accepted" page then redirects to the members only pages. Then if user logs off, it shows "Logout Successful" page then redirects back to home page.

MUCH thanks for providing your script.

-- PCGamre

Does teh link to your script at the bottom have to be there?

The login was working perfectly when I had created a page strictly using HTML and the was the very first line. I have changed the page using dreamweaver, but I am no longer able to use the login until I know the exact location for entering it. Thank you.

I got the script up and running in minutes. Well done. :) Everything logs in fine and the incorrect login page displays correctly as well. But on the page that I'm protecting I'm getting this error message when I log in:

Warning: Cannot modify header information - headers already sent by (output started at (...)/index.php:8) in (...)/sas.php on line 34

Since I haven't seen others with questions about this, I assume it's a problem with my html or something. Any input?

I would like to add a 'remember me' checkbox in the form and set the $expirytime to whatever (i.e.3600) if it is checked if not checked the $expirytime=time(). Can you help me add this feature? Thanks

Am using on localhost under apache/php 4, other cookie tests appear to work ok.Any comments on this error: "Cannot modify header information - headers already sent by (output started at C:\webbsa\new\bsafwdc\pass\page2.php:12) in C:\webbsa\new\bsafwdc\pass\sas.php on line 34", password opens up protected pages ok, but each time accessed needs to be re-entered.
Otherwise I like the script!!.

I have installed the sas.php and have add the required line to the php
page to be protected (created in dreamweaver), however, when you get
sas.php coming up and you put in the password, it's not directing to
the php page, all you get is a plank screen with no website direction. (only these 2 phps are in the file)

Can you please advise what I need to do to get this working please.

Thank you!

Firstly, there have been many questions about this warning:

Warning: Cannot modify header information

Please see the troubleshooting page.

Secondly, apologies for the delayed response... here's my best effort at answering your questions (it's long):

Is there any way to add a line to the script that will add a checkbox where the user can chose to save the password they enter in?

Not 100% sure what you mean. I'm assuming you want the password to show up in the input field when a visitor returns to the page? If so, that is a browser issue. A user can enable their browser (depending on the browser of course) to save their login information. SAS passwords should be able to be saved in this manner.

The script works great except when I navigate back to the home page- it simply takes me to a blank screen- the address it the index.php address I am wanting to go to, but nothing is on the page. When I delete the cookies for that page I can refresh it and it is fine

That's pretty weird. Try renaming $cookiename. The default name should be sascookie, but you can change this to whatever you want. Just make sure that the cookie name you choose is unique, ie no other cookie on your site has the same name.

It could also be a browser issue.

In both Safari and IE, demo.php loads directly (without requesting the password), in Firefox, demo.php also loads directly but as source code. Is this a mac problem or a server problem?

Sounds like a server problem. It's possible your server is not php enabled. The script was developed on a Macintosh and it's been tested on Mac Safari, IE and Firefox and works on all 3 browers.

I am trying to use sas.php on a page php page with a mysql database...when the user puts in the correct password they are able to view the page (this is good) however when they try to add a new record to the database they are asked to login again...any thought?

sas.php doesn't involve the database at all. The only reason it would ask for a password again is if the visitor does not have cookies enabled. Or if the script that inserts a new record into the database clears all cookies from your site (I can't imagine why).

Does teh link to your script at the bottom have to be there?

Yes. I would greatly appreciate if the link was left in. I've provided the script free-of-charge and it doesn't cost anything to link back to SAS.

The login was working perfectly when I had created a page strictly using HTML and the was the very first line. I have changed the page using dreamweaver, but I am no longer able to use the login until I know the exact location for entering it.

Unfortunately I'm not sure what you're talking about with regards of the "unitl I know the exact location for entering it", but I can only assume that Dreamweaver has possibly removed the php require('sas.php'); line.

I would like to add a 'remember me' checkbox in the form and set the $expirytime to whatever (i.e.3600) if it is checked if not checked the $expirytime=time(). Can you help me add this feature?

Sorry Ken, I would love to help but I haven't got so much time in the day to be able to customize the script for everyone that asks. After all, this script is provided as is, free-of-charge. Quite frankly, I can't see any advantage of having a "remember me" checkbox like you've mentioned.

have installed the sas.php and have add the required line to the php page to be protected (created in dreamweaver), however, when you get sas.php coming up and you put in the password, it's not directing to the php page, all you get is a plank screen with no website direction. (only these 2 phps are in the file)

Can you please advise what I need to do to get this working please.

In your browser, did you request the page sas.php? or demo.php? If you requested sas.php, it's no wonder that you got a blank page after entering the correct password.

I've now made a minor change to sas.php to address this issue which I believe many are experiencing. Now, if you try to request sas.php, you're going to get a message "Try requesting demo.php". If you see this message, it means you've put the wrong URL in your browser address bar. Do as the message tells you to and request demo.php.

Just need help in changing the URL once logged out. Currently once a user clicks the logout button it takes them back to the password input screen. How can i change this?

Regards.

I don't actually have a problem, but I was wondering wether it's possible to input the password only once for multiple pages instead of inputing it for each page.
I tryed to make a pass.php page that requires sas.php and require it from all protected pages, thinking that if the requiring page is always the same, it will do the trick but... it didn't.
Any ideas?

Apreciate it.

Hi. I use SAS for admin section of a site. Works fine except it requires the password everytime I refresh protected pages.
Don't think it's a browser problem: both Firefox and IE behave similar and are allowed to set cookies.
I've also made sure that the site is allowed to set cookies in my A-V/A-H/A-Spy/FW protection programs.
Could it be cause the site is frame-based and the content is set by functions?

The admin page (just like all others) is iframe.php case 24: get_admin_page($lang). This function contains require('sas.php'); and it all happens in /includes/site_functions.php

I've also tryed to extend cookie validation to the entire domain by adding in sas.php:
$domain = '.mysite.com' ,

$domain added in global() tag ,

setcookie($cookiename,$encrypt_pass,$expirytime,"/",$domain);

Didn't do the trick. I still have to input password everytime, every page.

What did I miss?

hi...i just found out about yr lonin script..nice work!! and thank you very much for sharing it. I tried to use it for my personal pages but i am trying to make multipassword which assigns to different pages. If u know the script already, plz reply me ASAP. or better send it on ankurx at gmail.com. Also, i am a newbie in php...if anyone has a contact form plz i need it. Thank you very much for your time. Appreciate it!!

My have have recently switched from PHP 4 to 5 and have turned off register_globals. And now the script is giving Cannot modify header error.
What could be causing that?

Thanks

Your newby to php readers should know that it is easy to incorporate php into 'html' page without .htaccess or .conf file.

Take original index.html:
put normal open and close symbols around terms
html
head
/head
body
Hello world!
/body
/html


change the name to index.php and enter:

the required sas.php wording:

the left bracket
question mark
require('sas.php')
a semi colon
question mark
the right bracket

Then your regular html:
html
head
/head
body
Hello World... I'm an .php file now.
/body
/html


Sorry, I had to type message without the brackets, etc. as it was automatically being turned into real html and you couldn't read what was entered.

Presto... php at the top and then regular html below.. and the script works GREAT!


Thanks.

Downloaded your script. Took me about 10 minutes to get it up and working perfectly - thank you!!

I am getting that annoying "Cannot modify header..." error. I have tried your suggested solution.

Before removing the optionl logout the error was on line 34

after removing the optional logout the error was on line 17

maybe this will help on cornering this annoying bug.

Thanks in advance for a quick reply!

Great script.

I have a problem. My script after successful entry goes to phpMyedit script. http://platon.sk/forum/projects/?c=5

My problem is when i click on edit/add/change im then required to login again, and still cant edit.

Any ideas?

hi,
I recently tried your s.a.s login script and its wonderful. I love it. Thank you for sharing with us. The script is working fine but I want to changed the name of demo.php to something else. I tried doing it but it doesnt redirect when i enter the password. I have only basic knowledge of php. Please help me. Send me an answer to this email address if possible: ankurx [at] gmail.com

Nice script. It works on my site. Just wondering when the script with multiple passwords is out?

Thanks

Is there a way to log user sessions? i.e. can i track down which user logs in and the userid that logged in?

I'm impressed, very easy. I know it a "simple" script, but I was also wondering how to add multiple passwords / redirect pages option to this script.

is this script work with one user? how to make it to check passwords from a .txt file when someone login?

I am very impressed. I think your SAS script is clear, efficient, thoughtful, elegantly designed, and nicely written. Even I may be able to understand it all someday. You guys are brilliant. Thanks.

In Dreamweaver the "Require" function kills the view of my webpage so I can't edit it. All it brings up is the login page... any thoughts? Love the script. Finally got what I want it to do, and I go to open a page after I have the "Require" code and I can no longer edit the page graphics.

I'm ahving trouble implementing this in the way i want to, Basically i want to make the "$pass = 'password'" point to a file which i can update with a form somewhere else, this is so that the password can be changed without editing the script every time

Is it true that people can see the credits on that page and after reading about SAS can access my sas.php file to get the password? I have accessed your sas.php file to read "Try demo ...".
Looks so easy to get the pass.
Is is so important to leave the credits there? I can put it in another page saying that I use code from you (and link).
Or can I change the name of sas.php file to disguised.php or something else?

Thank you very much for the script anyway.