www.PHPBuddy.com
 PHP Function Lookup:
 
Categories
PHP Quick Start
PHP Installation
PHP Articles
PHP Scripts

Top Rated Articles 

Site Related
Submit Articles/Code
Contact Us
Home

   Home                   Article Added on: May 8, 2002
Simple Password protection using PHP

Overview: Use this simple script to password protect your pages, Ideal for password protecting Administrative parts or sensitive parts of your web site.

The logic behind the script is very simple when ever your password protected page is called the script is first called it checks for the username and password if not found, presents you with a login page and when you submit info (username, password) it checks if the info is correct if correct allows you to access the protected page, else denies access.



Don't get afraid by the size of the PHP script, its is really simple it simply looks big coz, to make the login pages look better I had added a lot of HTML tags and tables. I have used this same script with a little variation (added database support) in many commerical applications ;-)

UPDATE:I have updated this script and now it works with all versions of PHP 4.x



Installation: To protect a particular page use the include directive to include this script in your page.

Example: <?php include 'password_protect_page.php'; ?>

DEMO: Click here to see a demo of this script.
Username: admin
Password: pass

password_protect_page.php
<?php


# Simple password protection
#
# (c) http://www.phpbuddy.com
# Author: Ranjit Kumar
# Feel free to use this script but keep this message intact!
#
# To protect a page include this file in your PHP pages!

session_start();

$admin_user_name = "admin";
$admin_password = "pass";
//you can change the username and password by changing the above two strings

if (!isset($HTTP_SESSION_VARS['user'])) {

if(isset($HTTP_POST_VARS['u_name']))
$u_name = $HTTP_POST_VARS['u_name'];

if(isset($HTTP_POST_VARS['u_password']))
$u_password = $HTTP_POST_VARS['u_password'];

if(!isset($u_name)) {
?>
<HTML>
<HEAD>
<TITLE><?php echo $HTTP_SERVER_VARS['HTTP_HOST']; ?> : Authentication Required</TITLE>
</HEAD>
<BODY bgcolor=#ffffff>
<table border=0 cellspacing=0 cellpadding=0 width=100%>
<TR><TD>
<font face=verdana size=2><B>(Access Restricted to Authorized Personnel)</b> </font></td>
</tr></table>
<P></P>
<font face=verdana size=2>
<center>
<?php
$form_to = "http://$HTTP_SERVER_VARS[HTTP_HOST]$HTTP_SERVER_VARS[PHP_SELF]";

if(isset($HTTP_SERVER_VARS["QUERY_STRING"]))
$form_to = $form_to ."?". $HTTP_SERVER_VARS["QUERY_STRING"];

?>
<form method=post action=<?php echo $form_to; ?>>
<table border=0 width=350>
<TR>
<TD><font face=verdana size=2><B>User Name</B></font></TD>
<TD><font face=verdana size=2><input type=text name=u_name size=20></font></TD></TR>
<TR>
<TD><font face=verdana size=2><B>Password</B></font></TD>
<TD><font face=verdana size=2><input type=password name=u_password size=20></font></TD>
</TR>
</table>
<input type=submit value=Login></form>
</center>
</font>
</BODY>
</HTML>

<?php
exit;
}
else {

function login_error($host,$php_self) {
echo "<HTML><HEAD>
<TITLE>$host : Administration</TITLE>
</HEAD><BODY bgcolor=#ffffff>
<table border=0 cellspacing=0 cellpadding=0 width=100%>
<TR><TD align=left>
<font face=verdana size=2><B> You Need to log on to access this part of the site! </b> </font></td>
</tr></table>
<P></P>
<font face=verdana size=2>
<center>";

echo "Error: You are not authorized to access this part of the site!
<B><a href=$php_self>Click here</a></b> to login again.<P>
</center>
</font>
</BODY>
</HTML>";
session_unregister("adb_password");
session_unregister("user");
exit;
}

$user_checked_passed = false;


if(isset($HTTP_SESSION_VARS['adb_password'])) {

$adb_session_password = $HTTP_SESSION_VARS['adb_password'];
$adb_session_user = $HTTP_SESSION_VARS['user'];


if($admin_password != $adb_session_password)
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
else {
$user_checked_passed = true;
}
}


if($user_checked_passed == false) {

if(strlen($u_name)< 2)
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);

if(isset($admin_password)) {

if($admin_password == $u_password) {

session_register("adb_password");
session_register("user");

$adb_password = $admin_password;
$user = $u_name;
}
else { //password in-correct
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
}
}
else {
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
}

$page_location = $HTTP_SERVER_VARS['PHP_SELF'];
if(isset($HTTP_SERVER_VARS["QUERY_STRING"]))
$page_location = $page_location ."?". $HTTP_SERVER_VARS["QUERY_STRING"];

header ("Location: ". $page_location);
}
}
}
?>




To logout simply close the browser, your username and password is stored in a session which is active until you close your browser. You can easily upgrade this script to include the username and password authentication from a database so that multiple users can log on to your protected area.

 
Rate this article:  Current Rating: 3.49
  Poor    Excellent     
          1     2    3    4    5

 

Home | Privacy Policy | Contact Us | Terms of Service
(c) 2002 - 2018 www.PHPbuddy.com Unauthorized reproduction/replication of any part of this site is prohibited.