Two headers, on password protected categories

[lindsayanng]

WOAH!!! two headers on my site, but i looked in my index, did a search for 'header.php' and there is only ONE call for it!!

 

It is only happening on my password protected galleries.. I have this in the password page:

 

<?php
require(DIR_WS_INCLUDES . 'header.php'); 
###############################################################
# Page Password Protect 2.13
###############################################################
# Visit http://www.zubrag.com/scripts/ for updates
############################################################### 
#
# Usage:
# Set usernames / passwords below between SETTINGS START and SETTINGS END.
# Open it in browser with "help" parameter to get the code
# to add to all files being protected. 
#	Example: password_protect.php?help
# Include protection string which it gave you into every file that needs to be protected
#
# Add following HTML code to your page where you want to have logout link
# <a href="http://www.example.com/path/to/protected/page.php?logout=1">Logout</a>
#
###############################################################

/*
-------------------------------------------------------------------
SAMPLE if you only want to request login and password on login form.
Each row represents different user.

$LOGIN_INFORMATION = array(
 'zubrag' => 'root',
 'test' => 'testpass',
 'admin' => 'passwd'
);

--------------------------------------------------------------------
SAMPLE if you only want to request only password on login form.
Note: only passwords are listed

$LOGIN_INFORMATION = array(
 'root',
 'testpass',
 'passwd'
);

--------------------------------------------------------------------
*/

##################################################################
#  SETTINGS START
##################################################################

// Add login/password pairs below, like described above
// NOTE: all rows except last must have comma "," at the end of line
$LOGIN_INFORMATION = array(
  'heather',
 'adminpass'
);

// request login? true - show login and password boxes, false - password box only
define('USE_USERNAME', false);

// User will be redirected to this page after logout
define('LOGOUT_URL', 'http://www.bscphoto.com/');

// time out after NN minutes of inactivity. Set to 0 to not timeout
define('TIMEOUT_MINUTES', 0);

// This parameter is only useful when TIMEOUT_MINUTES is not zero
// true - timeout time from last activity, false - timeout time from login
define('TIMEOUT_CHECK_ACTIVITY', true);

##################################################################
#  SETTINGS END
##################################################################


///////////////////////////////////////////////////////
// do not change code below
///////////////////////////////////////////////////////

// show usage example
if(isset($_GET['help'])) {
 die('Include following code into every page you would like to protect, at the very beginning (first line):<br><?php include("' . str_replace('\\','\\\\',__FILE__) . '"); ?>');
}

// timeout in seconds
$timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60);

// logout?
if(isset($_GET['logout'])) {
 setcookie("verify", '', $timeout, '/'); // clear password;
 header('Location: ' . LOGOUT_URL);
 exit();
}

if(!function_exists('showLoginPasswordProtect')) {

// show login form
function showLoginPasswordProtect($error_msg) {
?>
<html>
<head>
 <title>Please enter password to access this page</title>
 <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
 <META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
 <link rel="stylesheet" type="text/css" href="stylesheet.css">
</head>
<body>
 <style>
input { border: 1px solid black; }
 </style>
 <div style="width:500px; margin-left:auto; margin-right:auto; text-align:center">
 <form method="post">
 <h2>For your security, all private photo shoots and events are password protected.</h2>
<h3>Please enter password to access this page</h3>
<h3><u><font color=B22222 >The password for this gallery is the first name of the Bride</font></u></h3>
<h6>If you attended this event, but do not have a password, you can contact matt b via email by<A HREF="mailto:[email protected]"> clicking here</A><br>
<br>
You can also contact the person who comissioned the shoot. No passwords are handed out without expressed permission from the comissioner of the photo shoot.</h6>
<font color="red"><?php echo $error_msg; ?></font><br />
<?php if (USE_USERNAME) echo 'Login:<br /><input type="input" name="access_login" /><br />Password:<br />'; ?>
<input type="password" name="access_password" /><p></p><input type="submit" name="Submit" value="Submit" />
 </form>
<br><h4>to go back to the Print Shop, <a href="http://bscphoto.com/catalog">CLICK HERE</a></h4>
 <a style="font-size:9px; color: #B0B0B0; font-family: Verdana, Arial;" href="http://www.zubrag.com/scripts/password-protect.php" title="Download Password Protector">Powered by Password Protect</a>
 </div>
</body>
</html>

<?php
 // stop at this point
 die();
}
}

// user provided password
if (isset($_POST['access_password'])) {

 $login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
 $pass = $_POST['access_password'];
 if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION)
 || (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass ) ) 
 ) {
showLoginPasswordProtect("Incorrect password.");
 }
 else {
// set cookie if password was validated
setcookie("verify", md5($login.'%'.$pass), $timeout, '/');

// Some programs (like Form1 Bilder) check $_POST array to see if parameters passed
// So need to clear password protector variables
unset($_POST['access_login']);
unset($_POST['access_password']);
unset($_POST['Submit']);
 }

}

else {

 // check if password cookie is set
 if (!isset($_COOKIE['verify'])) {
showLoginPasswordProtect("");
 }

 // check if cookie is good
 $found = false;
 foreach($LOGIN_INFORMATION as $key=>$val) {
$lp = (USE_USERNAME ? $key : '') .'%'.$val;
if ($_COOKIE['verify'] == md5($lp)) {
  $found = true;
  // prolong timeout
  if (TIMEOUT_CHECK_ACTIVITY) {
	setcookie("verify", md5($lp), $timeout, '/');
  }
  break;
}
 }
 if (!$found) {
showLoginPasswordProtect("");
 }

}

?>

 

I'm not sure why this is happening. The password puts a cookie in the browser.. could that be causing it??

[lindsayanng]

Taking the header out of the password pages makes the double header go away.. but i WANTED the header to be in the password page.. I guess i dont NEED it..

[arietis]

the <head> tag is output within the function called showLoginPasswordProtect().

 

the showLoginPasswordProtect() function is called in multiple places. three of them to be exact. you need to figure out a way to make it so the function is called only once.

[lindsayanng]

ok.. THANK YOU.. i will look into that more.