Posted By

stephcode on 05/17/11


Tagged

password protect


Versions (?)

Password Protect with PHP


 / Published in: PHP
 

URL: http://www.zubrag.com/scripts/password-protect.php

  1. password_protect.php:
  2.  
  3. <?php //header( 'Cache-Control: no-store' ); ?>
  4.  
  5. <?php
  6.  
  7. ###############################################################
  8. # Page Password Protect 2.13
  9. ###############################################################
  10. # Visit http://www.zubrag.com/scripts/ for updates
  11. ###############################################################
  12. #
  13. # Usage:
  14. # Set usernames / passwords below between SETTINGS START and SETTINGS END.
  15. # Open it in browser with "help" parameter to get the code
  16. # to add to all files being protected.
  17. # Example: password_protect.php?help
  18. # Include protection string which it gave you into every file that needs to be protected
  19. #
  20. # Add following HTML code to your page where you want to have logout link
  21. # <a href="http://www.example.com/path/to/protected/page.php?logout=1">Logout</a>
  22. #
  23. ###############################################################
  24.  
  25. /*
  26. -------------------------------------------------------------------
  27. SAMPLE if you only want to request login and password on login form.
  28. Each row represents different user.
  29.  
  30. $LOGIN_INFORMATION = array(
  31.   'zubrag' => 'root',
  32.   'test' => 'testpass',
  33.   'admin' => 'passwd'
  34. );
  35.  
  36. --------------------------------------------------------------------
  37. SAMPLE if you only want to request only password on login form.
  38. Note: only passwords are listed
  39.  
  40. $LOGIN_INFORMATION = array(
  41.   'root',
  42.   'testpass',
  43.   'passwd'
  44. );
  45.  
  46. --------------------------------------------------------------------
  47. */
  48.  
  49. ##################################################################
  50. # SETTINGS START
  51. ##################################################################
  52.  
  53. // Add login/password pairs below, like described above
  54. // NOTE: all rows except last must have comma "," at the end of line
  55. $LOGIN_INFORMATION = array(
  56. 'admin' => 'password1',
  57. 'password2',
  58. 'password3'
  59. );
  60.  
  61. // request login? true - show login and password boxes, false - password box only
  62. define('USE_USERNAME', false);
  63.  
  64. // User will be redirected to this page after logout
  65. define('LOGOUT_URL', 'http://site.com/');
  66.  
  67. // time out after NN minutes of inactivity. Set to 0 to not timeout
  68. define('TIMEOUT_MINUTES', 0);
  69.  
  70. // This parameter is only useful when TIMEOUT_MINUTES is not zero
  71. // true - timeout time from last activity, false - timeout time from login
  72. define('TIMEOUT_CHECK_ACTIVITY', true);
  73.  
  74. ##################################################################
  75. # SETTINGS END
  76. ##################################################################
  77.  
  78.  
  79. ///////////////////////////////////////////////////////
  80. // do not change code below
  81. ///////////////////////////////////////////////////////
  82.  
  83. // show usage example
  84. if(isset($_GET['help'])) {
  85. die('Include following code into every page you would like to protect, at the very beginning (first line):<br>&lt;?php include("' . str_replace('\\','\\\\',__FILE__) . '"); ?&gt;');
  86. }
  87.  
  88. // timeout in seconds
  89. $timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60);
  90.  
  91. // logout?
  92. if(isset($_GET['logout'])) {
  93. setcookie("verify", '', $timeout, '/'); // clear password;
  94. header('Location: ' . LOGOUT_URL);
  95. exit();
  96. }
  97.  
  98. if(!function_exists('showLoginPasswordProtect')) {
  99.  
  100. // show login form
  101. function showLoginPasswordProtect($error_msg) {
  102. ?>
  103.  
  104. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  105. "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  106.  
  107. <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
  108. <head>
  109. <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
  110. <title>Title</title>
  111.  
  112. <link rel="stylesheet" href="style.css" type="text/css" media="screen" title="no title" charset="utf-8"/>
  113.  
  114. </head>
  115. <body>
  116. <div id="wrapper">
  117.  
  118. <!--FORM STARTS HERE-->
  119. <form method="post">
  120. <font color="red"><?php echo $error_msg; ?></font><br />
  121. <?php if (USE_USERNAME) echo 'Login:<br /><input type="input" name="access_login" /><br />Password:<br />'; ?>
  122. <p style="margin: 10px 0 0 0; padding: 0; display: block;"></p>
  123. <input type="password" name="access_password" style="padding: 7px; height: 16px; width: 134px; border: 0;" />
  124. <p style="margin: 10px 0 0 0; padding: 0; display: block;"></p>
  125. <input type="submit" name="Submit" value="Sign In" style="background-color:#cc0001; color: #fff; height: 30px; float: right; border: 0; font-weight: bold;" />
  126. </form>
  127. <!--FORM ENDS HERE-->
  128.  
  129. </div>
  130. </body>
  131. </html>
  132.  
  133. <?php
  134. // stop at this point
  135. die();
  136. }
  137. }
  138.  
  139. // user provided password
  140. if (isset($_POST['access_password'])) {
  141.  
  142. $login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
  143. $pass = $_POST['access_password'];
  144. if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION)
  145. || (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass ) )
  146. ) {
  147. showLoginPasswordProtect("Incorrect password.");
  148. }
  149. else {
  150. // set cookie if password was validated
  151. setcookie("verify", md5($login.'%'.$pass), $timeout, '/');
  152.  
  153. // Some programs (like Form1 Bilder) check $_POST array to see if parameters passed
  154. // So need to clear password protector variables
  155. unset($_POST['access_login']);
  156. unset($_POST['access_password']);
  157. unset($_POST['Submit']);
  158. }
  159.  
  160. }
  161.  
  162. else {
  163.  
  164. // check if password cookie is set
  165. if (!isset($_COOKIE['verify'])) {
  166. showLoginPasswordProtect("");
  167. }
  168.  
  169. // check if cookie is good
  170. $found = false;
  171. foreach($LOGIN_INFORMATION as $key=>$val) {
  172. $lp = (USE_USERNAME ? $key : '') .'%'.$val;
  173. if ($_COOKIE['verify'] == md5($lp)) {
  174. $found = true;
  175. // prolong timeout
  176. if (TIMEOUT_CHECK_ACTIVITY) {
  177. setcookie("verify", md5($lp), $timeout, '/');
  178. }
  179. break;
  180. }
  181. }
  182. if (!$found) {
  183. showLoginPasswordProtect("");
  184. }
  185.  
  186. }
  187. ?>
  188.  
  189. Add to top of every page you'd like to password protect:
  190.  
  191. <?php include("/path/to/password_protect.php"); ?>
  192.  
  193. logout.php
  194.  
  195. <?php include("password_protect.php"); ?>

Report this snippet  

You need to login to post a comment.