Simple Password protection using PHP
Overview: Use this simple script to password protect your pages, Ideal for password protecting Administrative parts or sensitive parts of your web site.
The logic behind the script is very simple when ever your password protected page is called the script is first called it checks for the username and password if not found, presents you with a login page and when you submit info (username, password) it checks if the info is correct if correct allows you to access the protected page, else denies access.
 |
Don't get afraid by the size of the PHP script, its is really simple it simply looks big coz, to make the login pages look better I had added a lot of HTML tags and tables. I have used this same script with a little variation (added database support) in many commerical applications ;-)
UPDATE:I have updated this script and now it works with all versions of PHP 4.x
|
|
Installation: To protect a particular page use the include directive to include this script in your page.
Example: <?php include 'password_protect_page.php'; ?>
DEMO: Click here to see a demo of this script.
Username: admin
Password: pass
password_protect_page.php
<?php
# Simple password protection
#
# (c) http://www.phpbuddy.com
# Author: Ranjit Kumar
# Feel free to use this script but keep this message intact!
#
# To protect a page include this file in your PHP pages!
session_start();
$admin_user_name = "admin";
$admin_password = "pass";
//you can change the username and password by changing the above two strings
if (!isset($HTTP_SESSION_VARS['user'])) {
if(isset($HTTP_POST_VARS['u_name']))
$u_name = $HTTP_POST_VARS['u_name'];
if(isset($HTTP_POST_VARS['u_password']))
$u_password = $HTTP_POST_VARS['u_password'];
if(!isset($u_name)) {
?>
<HTML>
<HEAD>
<TITLE><?php echo $HTTP_SERVER_VARS['HTTP_HOST']; ?> : Authentication Required</TITLE>
</HEAD>
<BODY bgcolor=#ffffff>
<table border=0 cellspacing=0 cellpadding=0 width=100%>
<TR><TD>
<font face=verdana size=2><B>(Access Restricted to Authorized Personnel)</b> </font></td>
</tr></table>
<P></P>
<font face=verdana size=2>
<center>
<?php
$form_to = "http://$HTTP_SERVER_VARS[HTTP_HOST]$HTTP_SERVER_VARS[PHP_SELF]";
if(isset($HTTP_SERVER_VARS["QUERY_STRING"]))
$form_to = $form_to ."?". $HTTP_SERVER_VARS["QUERY_STRING"];
?>
<form method=post action=<?php echo $form_to; ?>>
<table border=0 width=350>
<TR>
<TD><font face=verdana size=2><B>User Name</B></font></TD>
<TD><font face=verdana size=2><input type=text name=u_name size=20></font></TD></TR>
<TR>
<TD><font face=verdana size=2><B>Password</B></font></TD>
<TD><font face=verdana size=2><input type=password name=u_password size=20></font></TD>
</TR>
</table>
<input type=submit value=Login></form>
</center>
</font>
</BODY>
</HTML>
<?php
exit;
}
else {
function login_error($host,$php_self) {
echo "<HTML><HEAD>
<TITLE>$host : Administration</TITLE>
</HEAD><BODY bgcolor=#ffffff>
<table border=0 cellspacing=0 cellpadding=0 width=100%>
<TR><TD align=left>
<font face=verdana size=2><B> You Need to log on to access this part of the site! </b> </font></td>
</tr></table>
<P></P>
<font face=verdana size=2>
<center>";
echo "Error: You are not authorized to access this part of the site!
<B><a href=$php_self>Click here</a></b> to login again.<P>
</center>
</font>
</BODY>
</HTML>";
session_unregister("adb_password");
session_unregister("user");
exit;
}
$user_checked_passed = false;
if(isset($HTTP_SESSION_VARS['adb_password'])) {
$adb_session_password = $HTTP_SESSION_VARS['adb_password'];
$adb_session_user = $HTTP_SESSION_VARS['user'];
if($admin_password != $adb_session_password)
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
else {
$user_checked_passed = true;
}
}
if($user_checked_passed == false) {
if(strlen($u_name)< 2)
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
if(isset($admin_password)) {
if($admin_password == $u_password) {
session_register("adb_password");
session_register("user");
$adb_password = $admin_password;
$user = $u_name;
}
else { //password in-correct
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
}
}
else {
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
}
$page_location = $HTTP_SERVER_VARS['PHP_SELF'];
if(isset($HTTP_SERVER_VARS["QUERY_STRING"]))
$page_location = $page_location ."?". $HTTP_SERVER_VARS["QUERY_STRING"];
header ("Location: ". $page_location);
}
}
}
?>
|
To logout simply close the browser, your username and password is stored in a session which is active until you close your browser. You can easily upgrade this script to include the username and password authentication from a database so that multiple users can log on to your protected area. |
|
Home | Privacy Policy | Contact Us | Terms of Service
(c) 2002 - 2018 www.PHPbuddy.com Unauthorized reproduction/replication of any part of this site is prohibited.
|
