Password Protecting Xml With Php

THDL Toolbox > Developers' Zone > Using Password Protection > Password Protecting XML

Password Protecting XML with PHP

Contributor(s): Than Garson

Note: this procedure may be outdated and this documentation may need to be rewritten.

To do this, the URL call has to be to a PHP file that pipes the results from the SaxonServlet into the browser. In the case of JIATS, there is an index.php file at the root level of the jiats folder. All sub folders then need to have a redirect to the root folder so people can't view the contents on those folders. The index.php file should have at the top code that checks to see if a cookie for the password has been set. If the password is not set, then it redirects to a login.php script. There are 3 main components to this part of the PHP:

  1. $_SERVER["QUERY_STRING"]: This PHP global variable contains the query string for the URL call. This is everything after the question mark "?". "QUERY_STRING" is the constant key for this.
  2. $HTTP_COOKIE_VARS["pwd"]: This PHP global hash-array contains the values for all the cookies in the document. It returns the value of the cookie whose name is given in the quotes. In this case, it is "pwd". Another alternative way of retrieving a cookie is the global variable $_COOKIE['pwd']. This is used in the login script below to get the "query" cookie.
  3. setcookie(cookie_name,cookie_value,duration): This command sets a cookie for the page. It has to be called before any <html> header information is sent. The duration is the amount of time in seconds that the cookie will remain active, after which it will expire.

The code in the index.php for the journal is:

<?php
     $query = $_SERVER['QUERY_STRING'];       // Get the query string
     $pwd =  $HTTP_COOKIE_VARS["pwd"];        // get the "pwd" cookie value
     if($pwd != "let-me-in") {                                     // if the "pwd" value is not equal to the password, for instance, "let-me-in", then …
               setcookie("query",$query,time()+3600);    // set a cookie with the value of the query string to be used 
                                                                        // once one gets in then print out an html file that redirects one to the login page
     ?>                                                                            
     <html>
             <head>
                     <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
                    <!-- The redirect to the login page below //-->
                    <meta http-equiv="refresh" content="0;url=/collections/journal/jiats/login.php">
                     <title>Journal of the International Association of Tibetan Studies</title>
                     <link rel="stylesheet" type="text/css" href="/style/thdl-styles.css" />
             </head>
             <body><p>Need to login …</p>
             </body>
     </html>
     <?php
        exit;
     } 
     ?>
     <!-- the rest of the code (not given here) is the code for display the journal. 
          If the password is correctly set, then the script skips the if statement above and executes this code -->

The login page is also a PHP file that prints out a simple login form and calls itself using POST. If the correct password is given, "let-me-in", then it sets that as the cookie "pwd" and redirects to the original index.php page, which now lets the user into the journal. The code for this login page is:

<?php
     $pwd = $_POST['pwd'];
     if($pwd == ' ') { $pwd = $HTTP_COOKIE_VARS["pwd"];}
     if($pwd!='let-me-in') { 
             echo "<html><head><title>JIATS Not Yet Released for Public Viewing!</title>\n";
             echo "<script type=\"text/javascript\" src=\"/scripts/thdl_scripts.js\"></script>\n";
             echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"/style/thdl-styles.css\"/>\n";
             echo "</head><body><script type=\"text/javascript\" src=\"/scripts/banner.js\"></script>\n";
             echo "<div id=\"main\" class=\"text-heavy\"><h2>JIATS Validation</h2>\n";
             echo "<p style=\"width: 500px; text-align: justify;\">The <i>Journal of the International Association of Tibetan Studies</i> has not yet been officially released. ";
             echo "To view it, you must be an approved member of the board with the appropriate password. Otherwise, the first issue will be released shortly. ";
            echo "Thank you for your patience! </p>\n";
             if(strlen($pwd) > 0) {echo "<p>You entered " . $pwd . "!</p>";}
             echo "<form method=\"post\" action=\"external link: http://orion.lib.virginia.edu/thdl/collections/journal/jiats/login.php\">\n";
             echo "<table width=\"50%\"><tr><td>Enter password: <input type=\"password\" name=\"pwd\" /></td></tr>\n";
               echo "<tr><td><input type=\"submit\"/></td></tr></table></form></div></body></html>\n";
             exit;
     } else {
             setcookie("pwd",$pwd,time()+43200);
             setcookie("query","");
     ?>
     <html>
             <head>
                     <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
                     <?php
                             $query = $_COOKIE['query];
                             if ($query == "") {
                                     echo "<meta http-equiv=\"refresh\" content=\"0;url=index.php\">"; 
                             } else {
                                     echo "<meta http-equiv=\"refresh\" content=\"0;url=index.php?$query\">"; 
                             }
                                     ?>
                     <title>Journal of the International Association of Tibetan Studies</title>
                     <link rel="stylesheet" type="text/css" href="/style/thdl-styles.css" />
             </head>        
             <body></body>
     </html>
     <?php
     } ?>

Provided for unrestricted use by the Tibetan and Himalayan Digital Library