Posted By

Tamedo on 12/13/07


Tagged

password


Versions (?)

Who likes this?

15 people have marked this snippet as a favorite

sbbath
vali29
luman
heinz1959
benrasmusen
rhyno
skywalker
oriolfb
nb109
Hollow
tapdrup
bobbym245
adth
voove
ringo380


password protect


 / Published in: PHP
 

  1. <?php
  2. ##################################################################
  3. # SETTINGS START
  4. ##################################################################
  5.  
  6. // Add login/password pairs below, like described above
  7. // NOTE: all rows except last must have comma "," at the end of line
  8. $LOGIN_INFORMATION = array(
  9. 'admin' => 'admin'
  10. );
  11.  
  12. // request login? true - show login and password boxes, false - password box only
  13. define('USE_USERNAME', true);
  14.  
  15. // User will be redirected to this page after logout
  16. define('LOGOUT_URL', 'http://www.example.com/');
  17.  
  18. // time out after NN minutes of inactivity. Set to 0 to not timeout
  19. define('TIMEOUT_MINUTES', 0);
  20.  
  21. // This parameter is only useful when TIMEOUT_MINUTES is not zero
  22. // true - timeout time from last activity, false - timeout time from login
  23. define('TIMEOUT_CHECK_ACTIVITY', true);
  24.  
  25. ##################################################################
  26. # SETTINGS END
  27. ##################################################################
  28.  
  29.  
  30. ///////////////////////////////////////////////////////
  31. // do not change code below
  32. ///////////////////////////////////////////////////////
  33.  
  34. // timeout in seconds
  35. $timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60);
  36.  
  37. // logout?
  38. if(isset($_GET['logout'])) {
  39. setcookie("verify", '', $timeout, '/'); // clear password;
  40. header('Location: ' . LOGOUT_URL);
  41. exit();
  42. }
  43.  
  44. if(!function_exists('showLoginPasswordProtect')) {
  45.  
  46. // show login form
  47. function showLoginPasswordProtect($error_msg) {
  48. ?>
  49. <html>
  50. <head>
  51. <title>Admin Control Panel</title>
  52. <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
  53. <META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
  54. <link href="style.css" rel="stylesheet" type="text/css" media="screen" />
  55. </head>
  56. <body style="text-align:center">
  57.  
  58. <style>
  59. input { border: 1px solid black; }
  60. </style>
  61. <form method="post">
  62. <h1>Please enter password to access this page</h1>
  63. <font color="red"><?php echo $error_msg; ?></font><br />
  64. <?php if (USE_USERNAME) echo 'Login:<br /><input type="input" name="access_login" /><br />Password:<br />'; ?>
  65. <input type="password" name="access_password" /><p></p><input type="submit" name="Submit" value="Submit" />
  66. </form>
  67.  
  68. </body>
  69. </html>
  70.  
  71. <?php
  72. // stop at this point
  73. die();
  74. }
  75. }
  76.  
  77. // user provided password
  78. if (isset($_POST['access_password'])) {
  79.  
  80. $login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
  81. $pass = $_POST['access_password'];
  82. if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION)
  83. || (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass ) )
  84. ) {
  85. showLoginPasswordProtect("Incorrect password.");
  86. }
  87. else {
  88. // set cookie if password was validated
  89. setcookie("verify", md5($login.'%'.$pass), $timeout, '/');
  90.  
  91. // Some programs (like Form1 Bilder) check $_POST array to see if parameters passed
  92. // So need to clear password protector variables
  93. unset($_POST['access_login']);
  94. unset($_POST['access_password']);
  95. unset($_POST['Submit']);
  96. }
  97.  
  98. }
  99.  
  100. else {
  101.  
  102. // check if password cookie is set
  103. if (!isset($_COOKIE['verify'])) {
  104. showLoginPasswordProtect("");
  105. }
  106.  
  107. // check if cookie is good
  108. $found = false;
  109. foreach($LOGIN_INFORMATION as $key=>$val) {
  110. $lp = (USE_USERNAME ? $key : '') .'%'.$val;
  111. if ($_COOKIE['verify'] == md5($lp)) {
  112. $found = true;
  113. // prolong timeout
  114. if (TIMEOUT_CHECK_ACTIVITY) {
  115. setcookie("verify", md5($lp), $timeout, '/');
  116. }
  117. break;
  118. }
  119. }
  120. if (!$found) {
  121. showLoginPasswordProtect("");
  122. }
  123.  
  124. }
  125.  
  126. ?>

Report this snippet  

You need to login to post a comment.