bahattab
28-01-2008, 04:13 PM
Simple Password protection using PHP
http://www.phpbuddy.com/images/dot.gif
Overview: Use this simple script to protect your pages through password. Ideal for protecting Administrative parts or sensitive parts of your web site.
The logic behind the script is very simple, when ever your password protected page is called the script is first called and it checks for the username and password if not found, presents you with a login page and when you submit info (username, password) it checks if the info is correct if it is correct it allows you to access the protected page, else denies the access.
http://www.phpbuddy.com/icon/exclaim.gifDon't get afraid by the size of the PHP script, this is really simple and it simply looks big coz, to make the login pages look better so I added a lot of HTML tags and tables. I have used this same script with a little variation (added database support) in many commerical applications ;-)
UPDATE: I have updated this script and now it works with all versions of PHP 4.x and the username bug is fixed.
Installation: To protect a particular page use the include directive to include this script in your page, and Make sure that there is nothing before the include line.
Example:
<?php
include "password_protect_page.php";
?>
.
.
.
Your Normal page
DEMO: Click here (http://www.phpbuddy.com/sample/password_pg.php) to see a demo of this script.
Username: admin
Password: pass
You can also download the code via this link. (http://www.phpbuddy.com/sample/password_protect_page.txt)
password_protect_page.php
<?php
# Simple password protection
#
# (c) http://www.phpbuddy.com
# Author: Ranjit Kumar
# Feel free to use this script but keep this message intact!
#
# To protect a page include this file in your PHP pages!
session_start();
$admin_user_name = "admin";
$admin_password = "pass";
//you can change the username and password by changing the above two strings
if (!isset($HTTP_SESSION_VARS['user'])) {
if(isset($HTTP_POST_VARS['u_name']))
$u_name = $HTTP_POST_VARS['u_name'];
if(isset($HTTP_POST_VARS['u_password']))
$u_password = $HTTP_POST_VARS['u_password'];
if(!isset($u_name)) {
?>
<HTML>
<BODY bgcolor=#ffffff>
(Access Restricted to Authorized Personnel)
<?php
$form_to = "http://$HTTP_SERVER_VARS[HTTP_HOST]$HTTP_SERVER_VARS[PHP_SELF]";
if(isset($HTTP_SERVER_VARS["QUERY_STRING"]))
$form_to = $form_to ."?". $HTTP_SERVER_VARS["QUERY_STRING"];
?>
<form method=post action=<?php echo $form_to; ?>>
User Name
<input type=text name=u_name size=20>
Password
<input type=password name=u_password size=20>
<input type=submit value=Login></form>
</BODY>
</HTML>
<?php
exit;
}
else {
function login_error($host,$php_self) {
echo "<HTML>
<BODY bgcolor=#ffffff>
You Need to log on to access this part of the site!
";
echo "Error: You are not authorized to access this part of the site!
Click here to login again.
</BODY>
</HTML>";
session_unregister("adb_password");
session_unregister("user");
exit;
}
$user_checked_passed = false;
if(isset($HTTP_SESSION_VARS['adb_password'])) {
$adb_session_password = $HTTP_SESSION_VARS['adb_password'];
$adb_session_user = $HTTP_SESSION_VARS['user'];
if($admin_password != $adb_session_password)
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
else {
$user_checked_passed = true;
}
}
if($user_checked_passed == false) {
if(strlen($u_name)< 2)
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
if($admin_user_name != $u_name) //if username not correct
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
if(isset($admin_password)) {
if($admin_password == $u_password) {
session_register("adb_password");
session_register("user");
$adb_password = $admin_password;
$user = $u_name;
}
else { //password in-correct
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
}
}
else {
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
}
$page_location = $HTTP_SERVER_VARS['PHP_SELF'];
if(isset($HTTP_SERVER_VARS["QUERY_STRING"]))
$page_location = $page_location ."?". $HTTP_SERVER_VARS["QUERY_STRING"];
header ("Location: ". $page_location);
}
}
}
?>
http://www.phpbuddy.com/icon/exclaim.gifTo logout simply close the browser, your username and password is stored in a session which is active until you close your browser. You can easily upgrade this script to include the username and password authentication from a database so that multiple users can log on to your protected area.
http://www.phpbuddy.com/images/dot.gif
Overview: Use this simple script to protect your pages through password. Ideal for protecting Administrative parts or sensitive parts of your web site.
The logic behind the script is very simple, when ever your password protected page is called the script is first called and it checks for the username and password if not found, presents you with a login page and when you submit info (username, password) it checks if the info is correct if it is correct it allows you to access the protected page, else denies the access.
http://www.phpbuddy.com/icon/exclaim.gifDon't get afraid by the size of the PHP script, this is really simple and it simply looks big coz, to make the login pages look better so I added a lot of HTML tags and tables. I have used this same script with a little variation (added database support) in many commerical applications ;-)
UPDATE: I have updated this script and now it works with all versions of PHP 4.x and the username bug is fixed.
Installation: To protect a particular page use the include directive to include this script in your page, and Make sure that there is nothing before the include line.
Example:
<?php
include "password_protect_page.php";
?>
.
.
.
Your Normal page
DEMO: Click here (http://www.phpbuddy.com/sample/password_pg.php) to see a demo of this script.
Username: admin
Password: pass
You can also download the code via this link. (http://www.phpbuddy.com/sample/password_protect_page.txt)
password_protect_page.php
<?php
# Simple password protection
#
# (c) http://www.phpbuddy.com
# Author: Ranjit Kumar
# Feel free to use this script but keep this message intact!
#
# To protect a page include this file in your PHP pages!
session_start();
$admin_user_name = "admin";
$admin_password = "pass";
//you can change the username and password by changing the above two strings
if (!isset($HTTP_SESSION_VARS['user'])) {
if(isset($HTTP_POST_VARS['u_name']))
$u_name = $HTTP_POST_VARS['u_name'];
if(isset($HTTP_POST_VARS['u_password']))
$u_password = $HTTP_POST_VARS['u_password'];
if(!isset($u_name)) {
?>
<HTML>
<BODY bgcolor=#ffffff>
(Access Restricted to Authorized Personnel)
<?php
$form_to = "http://$HTTP_SERVER_VARS[HTTP_HOST]$HTTP_SERVER_VARS[PHP_SELF]";
if(isset($HTTP_SERVER_VARS["QUERY_STRING"]))
$form_to = $form_to ."?". $HTTP_SERVER_VARS["QUERY_STRING"];
?>
<form method=post action=<?php echo $form_to; ?>>
User Name
<input type=text name=u_name size=20>
Password
<input type=password name=u_password size=20>
<input type=submit value=Login></form>
</BODY>
</HTML>
<?php
exit;
}
else {
function login_error($host,$php_self) {
echo "<HTML>
<BODY bgcolor=#ffffff>
You Need to log on to access this part of the site!
";
echo "Error: You are not authorized to access this part of the site!
Click here to login again.
</BODY>
</HTML>";
session_unregister("adb_password");
session_unregister("user");
exit;
}
$user_checked_passed = false;
if(isset($HTTP_SESSION_VARS['adb_password'])) {
$adb_session_password = $HTTP_SESSION_VARS['adb_password'];
$adb_session_user = $HTTP_SESSION_VARS['user'];
if($admin_password != $adb_session_password)
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
else {
$user_checked_passed = true;
}
}
if($user_checked_passed == false) {
if(strlen($u_name)< 2)
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
if($admin_user_name != $u_name) //if username not correct
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
if(isset($admin_password)) {
if($admin_password == $u_password) {
session_register("adb_password");
session_register("user");
$adb_password = $admin_password;
$user = $u_name;
}
else { //password in-correct
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
}
}
else {
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
}
$page_location = $HTTP_SERVER_VARS['PHP_SELF'];
if(isset($HTTP_SERVER_VARS["QUERY_STRING"]))
$page_location = $page_location ."?". $HTTP_SERVER_VARS["QUERY_STRING"];
header ("Location: ". $page_location);
}
}
}
?>
http://www.phpbuddy.com/icon/exclaim.gifTo logout simply close the browser, your username and password is stored in a session which is active until you close your browser. You can easily upgrade this script to include the username and password authentication from a database so that multiple users can log on to your protected area.