PHPBuddy.com
 PHP Function Lookup:
 
Categories
PHP Quick Start
PHP Installation
PHP Articles
PHP Scripts

Top Rated Articles 
  • Simple Ad Rotator
  • PHP and Cookies
  • Getting Screen resolution using JavaScripts & PHP
  • Using Functions in PHP
  • PHP Sessions

  • Site Related
    Submit Articles/Code
    Contact Us
    Home

       Home                   Article Added on: May 8, 2002
    Simple Password protection using PHP

    Overview: Use this simple script to password protect your pages, Ideal for password protecting Administrative parts or sensitive parts of your web site.

    The logic behind the script is very simple when ever your password protected page is called the script is first called it checks for the username and password if not found, presents you with a login page and when you submit info (username, password) it checks if the info is correct if correct allows you to access the protected page, else denies access.



    Don't get afraid by the size of the PHP script, its is really simple it simply looks big coz, to make the login pages look better I had added a lot of HTML tags and tables. I have used this same script with a little variation (added database support) in many commerical applications ;-)

    UPDATE:I have updated this script and now it works with all versions of PHP 4.x



    Installation: To protect a particular page use the include directive to include this script in your page.

    Example: <?php include 'password_protect_page.php'; ?>

    DEMO: Click here to see a demo of this script.
    Username: admin
    Password: pass

    password_protect_page.php
    <?php
    

    # Simple password protection
    #
    # (c) http://www.phpbuddy.com
    # Author: Ranjit Kumar
    # Feel free to use this script but keep this message intact!
    #
    # To protect a page include this file in your PHP pages!

    session_start();

    $admin_user_name = "admin";
    $admin_password = "pass";
    //you can change the username and password by changing the above two strings

    if (!isset($HTTP_SESSION_VARS['user'])) {

    if(isset($HTTP_POST_VARS['u_name']))
    $u_name = $HTTP_POST_VARS['u_name'];

    if(isset($HTTP_POST_VARS['u_password']))
    $u_password = $HTTP_POST_VARS['u_password'];

    if(!isset($u_name)) {
    ?>
    <HTML>
    <HEAD>
    <TITLE><?php echo $HTTP_SERVER_VARS['HTTP_HOST']; ?> : Authentication Required</TITLE>
    </HEAD>
    <BODY bgcolor=#ffffff>
    <table border=0 cellspacing=0 cellpadding=0 width=100%>
    <TR><TD>
    <font face=verdana size=2><B>(Access Restricted to Authorized Personnel)</b> </font></td>
    </tr></table>
    <P></P>
    <font face=verdana size=2>
    <center>
    <?php
    $form_to = "http://$HTTP_SERVER_VARS[HTTP_HOST]$HTTP_SERVER_VARS[PHP_SELF]";

    if(isset($HTTP_SERVER_VARS["QUERY_STRING"]))
    $form_to = $form_to ."?". $HTTP_SERVER_VARS["QUERY_STRING"];

    ?>
    <form method=post action=<?php echo $form_to; ?>>
    <table border=0 width=350>
    <TR>
    <TD><font face=verdana size=2><B>User Name</B></font></TD>
    <TD><font face=verdana size=2><input type=text name=u_name size=20></font></TD></TR>
    <TR>
    <TD><font face=verdana size=2><B>Password</B></font></TD>
    <TD><font face=verdana size=2><input type=password name=u_password size=20></font></TD>
    </TR>
    </table>
    <input type=submit value=Login></form>
    </center>
    </font>
    </BODY>
    </HTML>

    <?php
    exit;
    }
    else {

    function login_error($host,$php_self) {
    echo "<HTML><HEAD>
    <TITLE>$host : Administration</TITLE>
    </HEAD><BODY bgcolor=#ffffff>
    <table border=0 cellspacing=0 cellpadding=0 width=100%>
    <TR><TD align=left>
    <font face=verdana size=2><B> You Need to log on to access this part of the site! </b> </font></td>
    </tr></table>
    <P></P>
    <font face=verdana size=2>
    <center>";

    echo "Error: You are not authorized to access this part of the site!
    <B><a href=$php_self>Click here</a></b> to login again.<P>
    </center>
    </font>
    </BODY>
    </HTML>";
    session_unregister("adb_password");
    session_unregister("user");
    exit;
    }

    $user_checked_passed = false;


    if(isset($HTTP_SESSION_VARS['adb_password'])) {

    $adb_session_password = $HTTP_SESSION_VARS['adb_password'];
    $adb_session_user = $HTTP_SESSION_VARS['user'];


    if($admin_password != $adb_session_password)
    login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
    else {
    $user_checked_passed = true;
    }
    }


    if($user_checked_passed == false) {

    if(strlen($u_name)< 2)
    login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);

    if(isset($admin_password)) {

    if($admin_password == $u_password) {

    session_register("adb_password");
    session_register("user");

    $adb_password = $admin_password;
    $user = $u_name;
    }
    else { //password in-correct
    login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
    }
    }
    else {
    login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
    }

    $page_location = $HTTP_SERVER_VARS['PHP_SELF'];
    if(isset($HTTP_SERVER_VARS["QUERY_STRING"]))
    $page_location = $page_location ."?". $HTTP_SERVER_VARS["QUERY_STRING"];

    header ("Location: ". $page_location);
    }
    }
    }
    ?>




    To logout simply close the browser, your username and password is stored in a session which is active until you close your browser. You can easily upgrade this script to include the username and password authentication from a database so that multiple users can log on to your protected area.

     
    Rate this article:  Current Rating: 3.49
      Poor    Excellent     
              1     2    3    4    5

     

    Home | Privacy Policy | Contact Us | Terms of Service
    (c) 2002 - 2017 PHPbuddy.com Unauthorized reproduction/replication of any part of this site is prohibited.